| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
Bleachbit is used to permanently delete files by overwriting the memory.
So the most popular feature of Bleachbit is emptying the Trash.
Relates to #5337.
|
|\
| |
| | |
disable-common.inc: blacklist sudo/doas paths in /etc
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commands used to find the relevant paths in /etc:
$ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort
/etc/pam.d/ is owned by sudo 1.9.14.p1-1
/etc/sudo.conf is owned by sudo 1.9.14.p1-1
/etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1
/etc/sudoers is owned by sudo 1.9.14.p1-1
/etc/sudoers.d/ is owned by sudo 1.9.14.p1-1
Environment: Artix Linux.
Also, add missing paths sudo/doas to etc/ids.config and jailcheck.
See also commit dbebd71db ("disable-common.inc: blacklist doas binary",
2022-10-05).
Relates to #5385.
Reported-by: Dieter Plaetinck <dieter@plaetinck.be>
|
|\
| |
| | |
New profile: rssguard
|
| |
| |
| | |
As per review https://github.com/netblue30/firejail/pull/5881#pullrequestreview-1515652336
|
| |\ |
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
Grrrr
|
| | |
| | |
| | | |
Apparently a path containing whitespace and ending with a single digit breaks CI: https://github.com/netblue30/firejail/actions/runs/5448790502.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
refresh feh.profile
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
build: simplify code related to man pages
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Simplify the main targets and use wildcards instead of repeating the
filenames manually.
Also, restore the `man` target and building only when `HAVE_MAN` is
enabled.
Note: Make automatically removes intermediate files (.1 and .5), so in
general only the .gz files have to be cleaned.
Commands used to rename the man pages:
cd src/man
git mv firecfg.txt firecfg.1.in
git mv firejail-login.txt firejail-login.5.in
git mv firejail-profile.txt firejail-profile.5.in
git mv firejail-users.txt firejail-users.5.in
git mv firejail.txt firejail.1.in
git mv firemon.txt firemon.1.in
git mv jailcheck.txt jailcheck.1.in
This is kind of a follow-up to commit 9e206b7f2 ("rework src/man
Makefile", 2023-07-07).
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This partially reverts commit 2b34747db ("generate seccomp filters at
install time", 2023-07-07). See also commit 6fa19aab9 ("feature: use
seccomp filters build at install time for --restrict-namespaces",
2023-07-12).
The seccomp filters were always being built because
src/fseccomp/fseccomp (and other programs) are in `$(ALL_ITEMS)`, which
is incorrectly marked as phony. This commit fixes that and restores the
previous target logic, for consistency with the other targets and so
that the seccomp filters are made at build time rather than at install
time.
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.20.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f6e388ebf0efc915c6c5b165b019ee61a6746a38...46ed16ded91731b2df79a2893d3aea8e9f03b5c4)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added in the following commits:
* f3774678f ("compress static ip map for fnettrace at compile time",
2023-07-06)
* 9e206b7f2 ("rework src/man Makefile", 2023-07-07)
|
| | | | |
|
|/ / / |
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| | | |
|
| |/
|/| |
|
|\ \
| | |
| | | |
fix lobster.profile
|
| | | |
|
|\ \ \
| | | |
| | | | |
fix mov-cli.profile
|
| |/ / |
|
| | | |
|
|/ / |
|
| |
| |
| |
| | |
PKG_CHECK_MODULES macro
|
|/ |
|
|\
| |
| | |
modif: improve errExit error messages
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* Move msg to the end of errExit (right before perror(3p))
* Include the full file path (within the repository)
* Add "()" to function name for clarity
Before:
Error malloc: main.c:123 main: Cannot allocate memory
After:
Error src/firejail/main.c:123 main(): malloc: Cannot allocate memory
Note: This clarifies which is the exact file that the error message
comes from, as there are many source files with the same name. For
example:
$ git ls-files 'src/*/main.c' | wc -l
20
|
| |
| |
| |
| |
| |
| | |
For increased portability.
The former is in C99, the latter is from gcc.
|
| | |
|
| |
| |
| |
| |
| |
| | |
Use errExit in every place that uses __FILE__ and __LINE__ manually.
Note: This currently only happens in the duplicated `is_dir` function.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
And remove the comment, as firecfg does not appear to support
end-of-line comments and normal comments break the linter:
$ ./ci/check/profiles/sort-firecfg.config.sh src/firecfg/firecfg.config
sort: -:13: disorder: #Debian 11 seems to be installing the same fbreader executable twice under two different names
This amends commit 869333a5f ("firecfg.config: fix sorting",
2023-06-28).
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It's currently breaking the profile-checks job in CI[1].
Tihs amends commit d88c8d439 ("fbreader/FBReader profile fixes; more on
static ip map", 2023-06-27).
[1] https://github.com/netblue30/firejail/actions/runs/5394764503/jobs/9796380881
|
|\| |
|
| |
| |
| |
| | |
Relates to #5859 #5864 #5866.
|
| |\
| | |
| | | |
build: organize and standardize make vars and targets
|
| | |
| | |
| | |
| | | |
This allows overriding them when calling make.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
* Deduplicate common CFLAGS into a new COMMON_CFLAGS variable
* Move some definitions from PROG_CFLAGS into COMMON_CFLAGS
|