| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|
|
|
|
|
|
|
| |
* move everything related to modification
of the default seccomp filter from --seccomp
to --seccomp= entry
* update errno descriptions
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Curerently sys.argv is accessed without checks, resulting in an
IndexError:
```
Traceback (most recent call last):
File "/home/rusty-snake/Projects/firejail/contrib/jail_prober.py", line 205, in <module>
main()
File "/home/rusty-snake/Projects/firejail/contrib/jail_prober.py", line 170, in main
profile_path = sys.argv[1]
IndexError: list index out of range
```
This commit catches this IndexError and prints a more helpfull message
instaed:
```
USAGE: jail_prober.py <PROFILE-PATH> <PROGRAM>
```
|
|\
| |
| | |
jail_prober: enable absolut include directives
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The header of profile.template define this order:
IGNORES
NOBLACKLISTS
ALLOW INCLUDES
BLACKLISTS
DISABLE INCLUDES
|
| |
| |
| |
| | |
closes #4324
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Correct typo in telegram-desktop profile
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create links-common.profile
* Update links.profile
* Create links2.profile
* Update links.profile
* Update links2.profile
* Update elinks.profile
* Update elinks.profile
* links2
* Update firecfg.config
* Update xlinks.profile
* .xlinks
* add dbus and whitelist-usr-share-common
* .xlinks doesn't exist
* revert
* Create xlinks2
* xlinks2
* Update xlinks2
* Update xlinks.profile
* no wayland
* no wayland
* doesn't use /tmp/.X11-unix
* doesn't use /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
|
| |
|
| |
|
| |
|
|\
| |
| | |
Update vim syntax highlighting
|
| | |
|
| |
| |
| |
| |
| | |
this is a bit nicer, as it does not overwrite the filetype if it
already has been set.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Restrict /usr/libexec
|
| | | |
|
|\ \ \
| | | |
| | | | |
Configure improvements
|
| | | |
| | | |
| | | |
| | | | |
For simplicity and increased portability.
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes the following warning:
$ autoconf
configure.ac:306: warning: AC_OUTPUT should be used without arguments.
configure.ac:306: You should run autoupdate.
Environment:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Q autoconf
autoconf 2.71-1
Though keep `AC_PREREQ` at 2.68 (released on 2010-09-23[1]), as version
2.71 (which autoupdate automatically bumps to) is rather recent
(released on 2021-01-28[2]) and the changes do not appear to require a
version bump, as on `AC_INIT` it only adds some quotes, and the rest of
the changes are consistent with the autoconf 2.68 manual. From Section
18.4, Obsolete Macros[3]:
> — Macro: AC_OUTPUT ([file]..., [extra-cmds], [init-cmds])
>
> The use of AC_OUTPUT with arguments is deprecated. This obsoleted
> interface is equivalent to:
>
> AC_CONFIG_FILES(file...)
> AC_CONFIG_COMMANDS([default],
> extra-cmds, init-cmds)
> AC_OUTPUT
>
> See AC_CONFIG_FILES, AC_CONFIG_COMMANDS, and AC_OUTPUT.
Note: The usage of the above format has been present since the inception
of configure.ac, on commit 137985136 ("Baseline firejail 0.9.28").
Misc: This is a continuation of #4293.
[1] https://lists.gnu.org/archive/html/info-gnu/2010-09/msg00013.html
[2] https://lists.gnu.org/archive/html/autoconf/2021-01/msg00126.html
[3] https://www.gnu.org/software/autoconf/manual/autoconf-2.68/html_node/Obsolete-Macros.html#index-AC_005fOUTPUT-2058
|
| | | |
|
| | | |
|
| |/
|/| |
|
|/
|
|
|
| |
* ignore include disable-shell.inc
* allow-bin-sh.inc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create youtube-viewers-common.profile
* reorganising youtube viewers
* rm globals
* reorganise youtube viewers
* adding pipe-viewer
* adding gtk-pipe-viewer
* xterm and youtube-dl cache
* sort
* Update youtube-viewers-common.profile
* quiet
* quiet
* quiet
* Update firecfg.config
* rm vlc
* rm invalid binary
* noinput
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* whitelist-runuser-common.inc
|
|\
| |
| | |
Refine appimage example in docs
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
| |
sandboxes can race to create RUN_RO_FILE in shared memory
similiar to #1013
regression from 825ac9cdc38c4285584e69d6f29102b149914dfe
|
|\
| |
| | |
Whitelist2 follow-up
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
besides some cosmetic tweaks, fixes --whitelist=/a/b
where /a/b is a symbolic link to /a/c/d
and c is the user home directory: create
path as user and not as root.
(going forward, a better and more comprehensive fix
would be to prevent all mount point traversals in
whitelist_mkpath, but it will take a bit of time
to implement)
|