| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/55d479fb1c5bcad5a4f9099a5d9f37c8857b2845...cba0d00b1fc9a034e1e642ea0f1103c282990604)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
| |
Relates to #5916 #5927.
|
|\
| |
| | |
build: fix some shellcheck issues & use config.sh in more scripts
|
| |
| |
| |
| |
| |
| |
| | |
This removes the need to manually pass variables such as `$(TARNAME)`
and `$(VERSION)` to shell scripts in the root Makefile.
Relates to #5140.
|
|/ |
|
|\ |
|
| |\
| | |
| | | |
build: dist and asc improvements
|
| | |
| | |
| | |
| | |
| | |
| | | |
Similarly to mkdeb.sh.
Relates to #5140.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The clean target is currently enough to remove all generated files other
than the ones directly in the root directory, so to simplify the dist
target, make it depend on clean instead of distclean.
See commit 5f2785290 ("build: remove unnecessary distclean targets",
2023-07-15) / PR #5911.
Relates to #5142 #5182.
|
| | |
| | |
| | |
| | |
| | | |
The only other svn-related code seems to have been removed on commit
7e1c057ae ("make testing", 2016-04-23).
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is breaking build-clang on CI[1]:
make -C src/fnetlock/
make[1]: Entering directory '/home/runner/work/firejail/firejail/src/fnetlock'
clang-14 [...] -c main.c -o main.o
main.c:97:11: error: variable 'bw' set but not used [-Werror,-Wunused-but-set-variable]
unsigned bw = 0; // bandwidth calculations
^
1 error generated.
make[1]: *** [../../src/prog.mk:16: main.o] Error 1
make: *** [Makefile:58: src/fnetlock/fnetlock] Error 2
Added on commit 8e4b847cd ("split nettrace executable ^Cto netrace and
netlock", 2023-07-25).
[1]: https://github.com/netblue30/firejail/actions/runs/5669072674/job/15361026508
Cc: @netblue30
|
|/ / |
|
|\ \ |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
* audacious: D-Bus hardening
* audacious: add noprinters
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* disable-programs.inc: add sniffnet support
* Create sniffnet.profile
* firecfg.config: add sniffnet support
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| | | |
|
| | | |
|
|/ / |
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/489225d82a57396c6f426a40e66d461b16b3461d...1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the `shell` command. Note that it's still being parsed in
profile.c, even if it's just to return an error.
Commands used to remake them:
rm contrib/syntax/lists/*
make syntax
Relates to #5627 #5894.
|
|
|
|
| |
Relates to #5894 #5911.
|
|\
| |
| | |
build: fix hardcoded make & remove unnecessary distclean targets
|
| |
| |
| |
| | |
This also fixes the duplicate execution of the "clean" targets.
|
| |
| |
| |
| |
| |
| |
| | |
Use the `$(MAKE)` macro to ensure that the same make program is used in
the recursive invocation.
Note: Most recursive calls already use `$(MAKE)`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Homepage: https://mullvad.net/en/download/browser/linux
mullvad-browser: don't use restrict-namespaces
mullvad-browser: cover both installation paths
Suggested in review by @kmk3.
|
| |
| |
| |
| |
| |
| |
| | |
torbrowser-launcher: more hardening as per review
torbrowser-launcher: revert enabling restrict-namespaces
Suggested in review by @rusty-snake.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Multiple profiles include firefox-common.profile, but not all of them
include whitelist-usr-share-common.inc.
Suggested by @glitsj16[1].
This amends commit 094892dfd ("profiles: remove /usr/share/vulkan
already whitelisted by wusc (#5910)", 2023-07-20).
[1] https://github.com/netblue30/firejail/pull/5910/files#r1269397348
|
| | |
|
|/
|
|
|
| |
* disable-programs.inc: add remote sqlitebrowser support
* sqlitebrowser: add support for remote functionality
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is breaking scan-build in CI[1]:
/usr/share/clang/scan-build-14/bin/../libexec/ccc-analyzer [...] -c hostnames.c -o hostnames.o
hostnames.c:59:10: warning: Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker]
return strdup(rv);
^~~~~~~~~~
1 warning generated.
Likely caused by commit d2802ce60 ("fnettrace cleanup", 2023-07-15).
This also fixes a memory leak of `cmd`.
[1] https://github.com/netblue30/firejail/actions/runs/5568460702/jobs/10171098449
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `shell` option has been removed. Remove stale references.
This does NOT remove `shell none`-related code comments in:
- src/firejail/fs_lib.c (L433-L441)
- src/firejail/join.c (L415-L417)
Relates to #5196.
Suggested by #5891.
|
|
|
|
|
|
|
|
|
|
|
| |
Note: It already works for bash and it's already present in the syntax
files:
$ grep '^tab' contrib/syntax/lists/profile_commands_arg0.list
tab
Added on commit e6c50240f ("--tab: enable shell tab completion",
2022-02-20) / #4936.
|
|
|
|
| |
Relates to #5871 #5899 #5900.
|
|
|
|
|
|
|
|
|
|
|
| |
See the following commits:
* 6fa19aab9 ("feature: use seccomp filters build at install time for
* --restrict-namespaces", 2023-07-12) and commit
* 80eb28483 ("build: restore seccomp filter targets", 2023-07-13)
* 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12)
Relates to #5898.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.3 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/46ed16ded91731b2df79a2893d3aea8e9f03b5c4...489225d82a57396c6f426a40e66d461b16b3461d)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | | |
feature: add doas support in firecfg and jailcheck
|
| | |
| | |
| | |
| | |
| | |
| | | |
Closes #5899.
Suggested-by: @shaggonit
|