| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
musl stdlib (Alpine Linux) doesn't know about canonicalize_file_name,
replace with equivalent realpath calls
|
| | |
|
| |\
| |
| | |
add PATH_FCOPY to private-lib automatically
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
restore 45304621a6c600d8e30e98bfbef05149caaf56c5, but now run
fldd as root user. This became necessary because in the meantime
read permission on helper executables was removed.
Puts infrastructure in place to add other helper binaries to
private-lib as well, should the need arise.
|
| |\ \
| | |
| | | |
Upstreaming a set of fixes from Sailfish's packaging
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Check that the directory exists before attempting to mount it.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Lacking linefeed chars cause messages to get concatenated.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Firejail uses file bind-mounts to filter /etc/passwd and /etc/group
content. If private-etc is used, these mounts are left underneath
the /etc directory mount and this seems to be causing problems in
devices with older kernels: attempts to modify passwd or group
data fails with EBUSY.
Make it possible to perform fs_private_dir_list() actions in two
separate phases.
Undo the file mounts in /etc before mounting private-etc content.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These have little consequences as the tool exits anyway,
but fs_copydir() leaks memory on success path and check()
on failure path.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When constructing sandbox fs, /etc/mtab which is symlink to
/proc/self/mounts gets resolved as /proc/PID/mounts. Where
PID is not the pid of the process that is going to get
executed in the firejail -> the result is broken/unaccessible
symlink from the application point of view.
Use /proc/self/xxx type symlink target if it resolves similarly
as the /proc/PID/xxx type would at the time of mapping.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| |\ \ \
| | | |
| | | | |
signal-desktop.profile: fix typo of disable-xdg.profile
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added on commit f4f676745 ("Refactor electron.profile and electron based
programs (#3807)").
This appears to be the only instance of that:
$ grep -Fnr 'include-xdg' etc
etc/profile-m-z/signal-desktop.profile:9:ignore include-xdg.inc
Simply fixing the typo would enable xdg dirs for the first time since
the aforementioned commit. But, as talked with @rusty-snake[1], since
there has been no negative feedback, and since it's a whitelisting
profile, just remove the affected line instead.
Credits go to syntax highlighting on vim.
[1]: https://github.com/netblue30/firejail/pull/4001
|
| |\ \ \ \
| | | | |
| | | | | |
Minor fixes for vmware
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
ipcalc: misc fixes
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
And add missing allow include comment.
See etc/templates/profile.template.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
And add missing redirect comment.
See etc/templates/redirect_alias-profile.template.
|
| | | | | | | |
|
| |\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | | |
new profile: lzop
|
| | | | | | | |
|
| | | | | | | |
|
| |/ / / / / |
|
| | |/ / /
|/| | | |
|
| |\ \ \ \ |
|
| | |/ / / |
|
| | | | | |
|
| |/ / / |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Fix patch-util not having access to libdl.so
* Update etc/profile-m-z/patch.profile
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | |
|
| |/ / |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |\
| |
| | |
contrib/firejail-welcome.sh: fix copyright year
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Append the current year rather than replace the previous one.
This amends commit 2609e5cf0 ("copyright update").
Commands that helped catch this:
$ git show --pretty='' 2609e5cf0 | sed -n 's/^-.*Copyright //p' |
LC_ALL=C sort | uniq
(C) 2014-2020 Firejail Authors
(C) 2014-2020 Firejail Authors (see README file for more details)
(C) 2020 Firejail Authors
(C) 2020 Firejail and systemd authors
(c) 2019,2020 rusty-snake
$ git show --pretty='' 2609e5cf0 | sed -n 's/^+.*Copyright //p' |
LC_ALL=C sort | uniq
(C) 2014-2021 Firejail Authors
(C) 2014-2021 Firejail Authors (see README file for more details)
(C) 2020-2021 Firejail Authors
(C) 2020-2021 Firejail and systemd authors
(C) 2021 Firejail Authors
(c) 2019-2021 rusty-snake
|
| |\ \
| | |
| | | |
fixes for profile.template
|
| | | |
| | |
| | | |
See https://github.com/netblue30/firejail/pull/3993/files/660bc3435b43e32d156d9bb5bee2dbad2f84cf36#r577366805.
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Sort.py updates
|
| | | | |
| | | |
| | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
smitsohu
netblue30
Tomi Leppänen
Simo Piiroinen
Kelvin M. Klann
Neo00001
glitsj16
zupatisc
Reiner Herrmann
rusty-snake