| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| | |
README.md: Mention security situation on Ubuntu and recommend PPA
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add the information posted by @reinerh on #4666 (related to
CVE-2021-26910 and Ubuntu's security policy) and also the instructions
from #4663 for installing from the PPA.
See also https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767
|
| | |
|
|\ \
| | |
| | | |
elinks.profile: Fix missing access to liblua
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
By including allow-lua.inc.
Error log:
$ firejail elinks
elinks: error while loading shared libraries: liblua.so.5.4: cannot open shared object file: Permission denied
Environment: firejail-git (a82c8e021) and elinks 0.14.3-2 on Artix
Linux.
Fixes #4707.
Reported-by: @jose1711
|
|\ \ \
| | | |
| | | | |
Skype profile tweaks
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Tested these settings and they work fine, including a test call. I can't
explain why, but if the `org.kde.StatusNotifierWatcher` entry is
removed, Skype will immediately log out the previous session when
started.
|
| |/ /
| | |
| | |
| | | |
Without this, Skype's session isn't retained.
|
|\ \ \
| | | |
| | | | |
Add CachyBrowser profile
|
| | | | |
|
| | | | |
|
|\ \ \ \
| |_|/ /
|/| | | |
Fix keeping certain groups with nogroups
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This amends commit b828a9047 ("Keep audio and video groups regardless of
nogroups", 2021-11-28) from PR #4725.
The commit above did not change the behavior (the groups are still not
kept). With this commit, it appears to work properly:
$ groups | grep audio >/dev/null && echo kept
kept
# with check_can_drop_all_groups == 0
$ firejail --quiet --noprofile --nogroups groups |
grep audio >/dev/null && echo kept
kept
# with check_can_drop_all_groups == 1
$ firejail --quiet --noprofile --nogroups groups |
grep audio >/dev/null && echo kept
$
Add a new check_can_drop_all_groups function to check whether the
supplementary groups can be safely dropped without potentially causing
issues with audio, 3D hardware acceleration or input (and maybe more).
It returns false if nvidia (and no `no3d`) is used or if (e)logind is
not running, as in either case the supplementary groups might be needed.
Note: With this, the behavior from before #4725 is restored on (e)logind
systems (when not using nvidia), as it makes the supplementary groups
always be dropped on such systems.
Note2: Even with the static variable, these checks still happen at least
twice. It seems that it happens once per translation unit (and I think
that it may happen more times if there are multiple processes involved).
This also amends (/kind of reverts) commit 6ddedeba0 ("Make nogroups
work on nvidia again", 2021-11-29) from PR #4725, as it restores the
nvidia check from it into the new check_can_drop_all_groups function.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This amends commit 11418a46c ("dns fixes", 2019-10-31).
fwarning already prints "Warning: " at the beginning.
Kind of relates to commit 6ddedeba0 ("Make nogroups work on nvidia
again", 2021-11-29) / PR #4725, which removed code affected by this.
Command used to find the duplicates:
git grep -i -F 'fwarning("Warning:' -- src
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To not be confused with arg_nogroups, as in the vast majority of cases
drop_privs is called with either 0 or 1 rather than arg_nogroups. The
rename makes it clearer that what the parameter does is to drop all
groups without exception, unlike arg_nogroups, which may have certain
groups be kept.
|
|\ \ \ \
| |_|_|/
|/| | | |
dino.profile: netlink protocol is required for audio/video calls.
|
|/ / / |
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This amends commit ebe4c93f2 ("profstats cleanup", 2021-12-01) / #4730.
This is the second paragraph verbatim of one of the GPL license notices
recommended by GNU[1]:
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
On all but one (external) file (and on src/profstats/main.c), the notice
uses the same spacing:
$ git grep -I -F 'FITNESS FOR A PARTICULAR PURPOSE. See' | wc -l
156
$ git grep -I -F 'FITNESS FOR A PARTICULAR PURPOSE. See'
m4/ax_check_compile_flag.m4:# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
src/profstats/main.c: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
[1] https://www.gnu.org/licenses/gpl-howto.en.html
|
|\ \
| | |
| | | |
Add a profile for Flatseal
|
|/ / |
|
|\ \
| | |
| | | |
etc/profile-a-l/display.profile: additions needed on Gentoo
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Various .so's are needed to allow execution, /etc/ImageMagick-7/ is
needed for various policy XML files, and /usr/$(libdir)/ImageMagick-x.y.z/
is needed in order to have access to decoders.
Tested on Gentoo; I don't know if other distros put the relevant bits
in different paths.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
|
|\ \
| | |
| | | |
profstats cleanup
|
| |/ |
|
|\ \
| |/
|/| |
goldendict: whitelist path to documentation and locales
|
|/ |
|
|\
| |
| | |
additional electron blacklists
|
| | |
|
| |
| |
| | |
As suggested in https://github.com/netblue30/firejail/pull/4727#discussion_r759402234.
|
| | |
|
|/ |
|
|\ |
|
| |\
| | |
| | | |
Keep some groups regardless of nogroups and restore nogroups on nvidia
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`nogroups` should not have been causing issues with rendering on nvidia
since commit 623e68216 ("temporary fix for nvidia/nogroups/noroot issue
(#3644, #841)", 2020-10-02) and commit cb460c32c ("more nvidia (#3644)",
2020-10-03), which had made it a no-op on nvidia. And the handling of
the "render" and "video" groups are independent to the handling of
`nogroups` now; see the previous 3 commits.
Commits which introduced the comments on each profile:
* kodi.profile: commit ce462b6b1 ("fix #3501", 2020-07-16)
* mpsyt.profile: commit e17b48fca ("new profile mpsyt.profile",
2018-11-28)
* mpv.profile: commit cc7c48983 ("Document #1945", 2018-07-25)
* steam.profile: commit d6f8169dd ("steam fixes; #841, #3267",
2020-03-15)
Commands used to find the comments:
git grep -i nvidia -- etc/profile-* | grep -v private-etc
Relates to #4632.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove workaround from commit 623e68216 ("temporary fix for
nvidia/nogroups/noroot issue (#3644, #841)", 2020-10-02) and from commit
cb460c32c ("more nvidia (#3644)", 2020-10-03).
The handling of the "render" and "video" groups is separate from
`nogroups` now, so disabling `nogroups` on nvidia shouldn't be necessary
anymore. See the previous 2 commits for details.
See also the discussion on PR #4632.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mappings of command -> group that this commit adds:
* no3d -> render
* noprinters -> lp
* nodvd -> cdrom (Debian[1] and Gentoo[2]), optical (Arch[3])
* noinput -> input
Mappings that were considered but that are not added:
* notv -> ? (unknown group)
* nou2f -> ? (devices are apparently owned by root; see #4603)
Based on @rusty-snake's suggestion:
https://github.com/netblue30/firejail/issues/4603#issuecomment-944046299
See the previous commit ("Keep audio and video groups regardless of
nogroups") for details.
Relates to #2042 and #4632.
[1] https://wiki.debian.org/SystemGroups
[2] https://api.gentoo.org/uid-gid.txt
[3] https://wiki.archlinux.org/title/Users_and_groups
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, on systems that use seat managers that do not implement
seat-based ACLs (such as seatd), sound is broken whenever `nogroups` is
used. This happens because without ACLs, access to the audio devices in
/dev is controlled by the standard group permissions and the "audio"
group is always dropped when `nogroups` is used. This patch makes the
"audio" and "video" groups be dropped if and only if `noaudio` and
`novideo` are in effect, respectively (and independently of `nogroups`).
See #4603 and the linked issues/discussions for details.
Note: This is a continuation of commit ea564eb74 ("Consider nosound and
novideo when keeping groups") / PR #4632.
Relates to #2042 and #4531.
|
| |\ \
| | | |
| | | | |
Add blacklist to disable-programs
|
| | | | |
|
|/ / / |
|
| | | |
|
|/ /
| |
| |
| | |
development
|
|\ \
| | |
| | | |
Configure improvements2
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added on commit 8d8686af2 ("Make installation of contrib scripts
configurable", 2017-04-13).
Remove redundant argument to AS_IF and make it look more like the other
nearby AS_IF calls.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
See commit 15d793838 ("Try to fix #2310 -- Can't create run directory
without suid-root", 2021-05-13) / PR #4273.
It is the only "HAVE_" option whose value is set by if/else on a
makefile. Also, it is set in different places to either "yes", "no",
blank or "-DHAVE_SUID". Set the value only on configure.ac and only to
either blank or to "-DHAVE_SUID".
Misc: The `ifeq ($(HAVE_SUID),-DHAVE_SUID)` comparison that this adds is
based on the existing `ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)`
comparison on Makefile.in.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
It only needs to be called once for each variable. See the configure
script diff and the previous commit ("configure*: Move AC_SUBST calls to
more obvious places").
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These macros should always be called regardless of the intended value of
each variable, as even if e.g.: no --enable-apparmor flag is given, the
configure script still has to substitute `@HAVE_APPARMOR@` with blank in
the relevant files.
Something similar is already being done for HAVE_OVERLAYFS since commit
fb9f2a5fb ("disabled overlayfs, fixes pending; added video channels to
README* files", 2021-02-06).
Note that each AC_SUBST is not immediately converted into search/replace
code when generating the configure script. It appears that the
variables are handled only after parsing all of configure.ac (or until a
specific command is found), as all arguments passed to every AC_SUBST
call are defined at once on the `ac_subst_vars` list. The actual
substitutions are also done all at once (while iterating through the
list) and that happens much later in the script (see both occurrences of
`ac_subs_vars` on the current script).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For increased safety and consistency. In addition, this should make it
clearer where each argument starts and ends.
See also the following item from autoconf NEWS[1]:
> * Noteworthy changes in release 2.70 (2020-12-08) [stable]
[...]
> *** Many macros have become pickier about argument quotation.
>
> If you get a shell syntax error from your generated configure
> script, or seemingly impossible misbehavior (e.g. entire blocks of
> the configure script not getting executed), check first that all
> macro arguments are properly quoted. The “M4 Quotation” section of
> the manual explains how to quote macro arguments properly.
>
> It is unfortunately not possible for autoupdate to correct
> quotation errors.
[1] https://git.savannah.gnu.org/gitweb/?p=autoconf.git;a=blob;f=NEWS;h=ba418d1af5da752de77a2c388f9af56f8f1bf6a4;hb=97fbc5c184acc6fa591ad094eae86917f03459fa
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Square brackets are used as quotes in autoconf.
From Section 8.1.1, Active Characters of the Autoconf manual[1]:
> To fully understand where proper quotation is important, you first
> need to know what the special characters are in Autoconf: ‘#’
> introduces a comment inside which no macro expansion is performed, ‘,’
> separates arguments, ‘[’ and ‘]’ are the quotes themselves, ‘(’ and
> ‘)’ (which M4 tries to match by pairs), and finally ‘$’ inside a macro
> definition.
[1] https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.70/autoconf.html#Active-Characters
|