| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.12 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/27ea8f8fe5977c00f5b37e076ab846c5bd783b96...41a4ada31ba866a7f1196b9602703a89edd69e22)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before running test/fs/private-lib.exp.
Inspired by the configuration changes that are done on
test/root/checkcfg.exp.
Reason: Since commit 9741d0b60 ("fix disabled private-lib in
/etc/firejail/firejail.config", 2022-06-23), the "build_and_test" job
fails with the following error[1]:
TESTING: private-lib (test/fs/private-lib.exp)
spawn /bin/bash
firejail --private-lib --private-bin=sh,bash,dash,ps,grep,ls,find,echo,stty
runner@fv-az489-993:~/work/firejail/firejail/test/fs$
<private-bin=sh,bash,dash,ps,grep,ls,find,echo,stty
Error: private-lib feature is disabled in Firejail configuration file
runner@fv-az489-993:~/work/firejail/firejail/test/fs$ TESTING ERROR 1
This fixes CI.
Fixes #5214.
Relates to #5190.
[1] https://github.com/netblue30/firejail/runs/7030862406
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* drop private-lib
* drop private-lib
* drop private-lib
|
| |
|
|
|
|
|
|
|
| |
Logging is now default disabled in c7e4c8ed592fee7f1644152a23c3e1343b01b922
See https://github.com/netblue30/firejail/issues/5207
This reverts commit c0d314f945b405f1e90a1a43719059cd22f55de7.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Remove shell none from profiles
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Command: sed -i "/^shell none/d" etc/*/*
TODO:
```
etc/profile-a-l/beaker.profile:ignore shell none
etc/profile-a-l/default.profile:# shell none
etc/profile-a-l/fdns.profile:#shell none
etc/profile-a-l/gnome-nettool.profile:#shell none
etc/profile-a-l/jitsi-meet-desktop.profile:ignore shell none
etc/profile-m-z/pidgin.profile:# shell none
etc/profile-m-z/rocketchat.profile:ignore shell none
etc/profile-m-z/server.profile:# shell none
etc/templates/profile.template:# OPTIONS (caps*, net*, no*, protocol, seccomp*, shell none, tracelog)
etc/templates/profile.template:#shell none
```
- manpage
- RELNOTES
- fbuilder
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
| |
the password database (/etc/passwd file)
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
This amends commit 9a0fbbd71 ("mkdeb.sh.in: pass remaining arguments to
./configure", 2022-05-13) / PR #5154.
See also #5176.
|
| |
| |
| |
| |
| |
| |
| | |
See src/tools/extract_errnos.sh.
Added on commit 081d1fbf2 ("Add seccomp errno filter support",
2015-09-23) / PR #66.
|
|/ |
|
| |
|
|\
| |
| | |
build: fix file mode of shell scripts (644 -> 755)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some shell scripts are not executable, so fix their file modes:
$ git grep -Elz '^#!/bin/(ba)?sh' | xargs -0 -I '{}' \
chmod +x '{}'
Files changed:
* src/fgit/fgit-uninstall.sh
* src/tools/extract_errnos.sh
Note: I have manually checked that the files above are indeed intended
to be executable directly and not just sourced, as a script of the
latter kind could also contain a shebang (for example, to help ensure
proper syntax highlighting).
Misc: The affected files were added on commit e46dd3e95 ("git-install",
2017-02-04) and on commit 081d1fbf2 ("Add seccomp errno filter support",
2015-09-23) / PR #66, respectively.
|
|/ |
|
| |
|
|
|
|
|
|
|
| |
The "cgroup" option was removed from etc/firejail.config on commit
73b089092 ("disable cgroup code", 2022-06-13).
Relates to #5200.
|
| |
|
| |
|
|
|
|
|
|
|
| |
To match the usual usage order.
Relates to commit 222a2d772 ("order options alphabetically in
configure.ac report", 2022-06-13).
|
|
|
|
|
| |
This amends commit 72ba0b7e5 ("compile time: disable --output",
2021-02-28).
|
|
|
|
|
| |
This amends commit c165510dc ("CI: remove cgroup test because feature
has been removed", 2022-06-13).
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
build: deduplicate configure-time vars into new config files
|
| |
| |
| |
| |
| | |
For better organization and so that they can be used by other shell
scripts by just sourcing config.sh.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
common.mk contains definitions for building programs and it includes
config.mk.
Some makefiles that include common.mk do not contain any targets for
building programs. They depend only on configure-time variable
definitions (which are defined on config.mk) rather than anything
specific to common.mk. So change their includes of common.mk to
config.mk.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, the configure-time variables (that is, the ones that assign
to placeholders, such as "@HAVE_MAN@", which are set/replaced at
configure-time) are defined on multiple files (such as on Makefile.in
and on common.mk.in).
To avoid duplication, centralize these variables on a single file
(config.mk.in) and replace all of the other definitions of them with an
include of config.mk.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A non-absolute path on an include command is always treated as being
relative to the directory in which "make" was started in, rather than
being relative to the makefile that contains the command. For example,
given the following project structure and file contents:
* Makefile: include src/foo.mk
* src/foo.mk: include bar.mk
* src/bar.mk:
Running "make" on the root project directory (that is, where "Makefile"
is) yields the following:
src/foo.mk:1: bar.mk: No such file or directory
As "bar.mk" in "include bar.mk" is relative to the current (process)
directory (that is, "./bar.mk") and not to where foo.mk is located in
("./src/bar.mk").
So on every makefile that contains an include command, define the root
project directory in the ROOT variable and always include relative to
it, to later enable any included mkfiles to include other mkfiles
without having to worry about the correct path.
Commands used to search and replace:
$ git grep -Flz 'include ../common.mk' -- src |
xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\`sed 's|include ../common.mk|ROOT = ../..\ninclude \$(ROOT)/src/common.mk|' '{}'\`\" >'{}'"
Environment: GNU make 4.3-3.1 on Artix Linux
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It currently claims to contain "common definitions for all makefiles",
but it is not included by all makefiles under src/ and it contains
variable definitions that may possibly clash with the ones defined on
certain makefiles. Mainly, the following makefiles (which are used for
building shared objects) use a different set of CFLAGS compared to
src/common.mk.in:
* src/libpostexecseccomp/Makefile.in
* src/libtrace/Makefile.in
* src/libtracelog/Makefile.in
Given the contents of common.mk.in, it seems to be intended only for
makefiles that build C programs and/or non-shared objects (which are
most of, but not all of the makefiles under src/), so put that in the
comment instead.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is no config.h nor config.h.in in the repository:
$ git ls-files -- '*config.h*'
$
The filename is only mentioned on the generated configure script, as a
generic example of an autoconf config file:
$ git grep -F -A 1 -B 2 config.h | grep -v '^Makefile.in'
--
configure-# Set up the scripts for CONFIG_FILES section.
configure-# No need to generate them if there are no CONFIG_FILES.
configure:# This happens for instance with `./config.status config.h'.
configure-if test -n "$CONFIG_FILES"; then
--
configure- # Let's still pretend it is `configure' which instantiates (i.e., don't
configure- # use $as_me), people would be surprised to read:
configure: # /* config.h. Generated by config.status. */
configure- configure_input='Generated from '`
|