| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Append the current year rather than replace the previous one.
This amends commit 2609e5cf0 ("copyright update").
Commands that helped catch this:
$ git show --pretty='' 2609e5cf0 | sed -n 's/^-.*Copyright //p' |
LC_ALL=C sort | uniq
(C) 2014-2020 Firejail Authors
(C) 2014-2020 Firejail Authors (see README file for more details)
(C) 2020 Firejail Authors
(C) 2020 Firejail and systemd authors
(c) 2019,2020 rusty-snake
$ git show --pretty='' 2609e5cf0 | sed -n 's/^+.*Copyright //p' |
LC_ALL=C sort | uniq
(C) 2014-2021 Firejail Authors
(C) 2014-2021 Firejail Authors (see README file for more details)
(C) 2020-2021 Firejail Authors
(C) 2020-2021 Firejail and systemd authors
(C) 2021 Firejail Authors
(c) 2019-2021 rusty-snake
|
| |
|
|\ |
|
| | |
|
| |
| |
| |
| | |
Fixes: #3986
|
|/ |
|
| |
|
|\
| |
| | |
add apparmor to torbrowser-launcher
|
|/ |
|
|\
| |
| | |
Add first version of zsh completion
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't have duplicate descriptions and put = signs where they belong to
zsh completion function now dynamically adjusts for options (e.g. no --apparmor option without AppArmor configured)
No EXTRA_CFLAGS for cpp
Found main.c which does the argument processing. Moved some arguments into the correct #ifdef blocks
Profile selection now much better
Not more cpp. Using preproc.awk instead.
Updated bash firejail command completion to add profiles
ignore bash and zsh dynamically created completion scripts
Moved bash/zsh completions out of ALL_ITEMS to fix make install
Cleanup
|
| |
| |
| |
| | |
Added on commit 64505c744 ("fix SHA1 issue when signing the realease").
|
| |
| |
| |
| |
| | |
readability/making it more obvious buffers
are properly initialized
|
| | |
|
| |
| |
| |
| |
| | |
the check was introduced some time ago in fs_x11(), but
fs_chroot() does the same thing and needs it as well
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit bd1819a8641e0eeae016846b28a41e625bcc215b, reversing
changes made to 807af3dce05786f10747cc0938cc98af484c8e97.
The hole PR looks like a single crap, it is not even syntactically
correct. Has anyone at least started kmail with this profile before it
was merged? See #3979, thanks @creideiki for reporting.
> First, there are syntax errors. Several mkdir lines have file names containing asterisks.
> This gives the following error:
>
> Error: "${HOME}/.cache/akonadi*" is an invalid filename: rejected character: "*"
>
> I am not sure what they intend to do, but whatever it is it's not working.
> Especially confusing is the line
>
> mkdir /tmp/akonadi-*
>
> Yes, Akonadi creates a directory in /tmp, but its name is random and seems to have been created
> using mkstemp(3) or similar. I'm not sure how Firejail is supposed to be able to pre-create it.
>
> Removing the asterisks makes Firejail at least accept the profile syntactically and try to run
> the program.
It is rejected by syntax. Has anyone tested?
> At startup, Firejail now prints the following warning:
>
> ***
> *** Warning: cannot whitelist ${DOCUMENTS} directory
> *** Any file saved in this directory will be lost when the sandbox is closed.
> ***
Why was 'include disable-xdg.inc' added together with 'whitelist ${DOCUMENTS}', but
no 'nobalcklist ${DOCUMENTS}'? It can not work.
> The actual error is that PostgreSQL needs access to /usr/lib64/postgresql-13/ in order to run.
> Adding the following line to kmail.profile fixes that:
>
> whitelist /usr/share/postgresql*
Again, has anyone thested this?
> The next problem is this message on the console:
>
> kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full?
>
> Which may have something to do with the profile creating a directory with that name:
>
> mkdir ${HOME}/.config/kmail2rc
>
> when it's supposed to be a file:
>
> $ stat ~/.config/kmail2rc
> File: /home/creideiki/.config/kmail2rc
> Size: 24660 Blocks: 56 IO Block: 4096 regular file
Has anyone tested this or is this just a blind copy of the noblacklist
from above with noblacklist replaced by mkdir?
> However, the error message
>
> kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full?
>
> still appears.
Looks like #1793. HAS ANYONE TESTED THIS PROFILE??!
> Finally, when exiting KMail, it crashes with a SIGSEGV:
>
> *** KMail got signal 11 (Exiting)
> *** Dead letters dumped.
> KCrash: crashing... crashRecursionCounter = 2
> KCrash: Application Name = kmail path = /usr/bin pid = 20
> KCrash: Arguments: /usr/bin/kmail
Has any...
> I tried restoring an older kmail.profile, from commit 319f2dc, and it has none of the above problems.
... I give up asking if anyone tested this.
> Given the multitude of problems with commit 5532fbd, I'd suggest reverting it until it can be fixed.
Yes, definitely.
|
| |
| |
| |
| |
| |
| |
| | |
With the recent changes to environment variable handling, it should be
safe to always allow empty variables.
Closes: #3965
|
| | |
|
| | |
|
|\ \
| | |
| | | |
add support for faccessat2 syscall
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
|/| | |
small man fixes
|
| | | |
|
|/ / |
|
|\ \
| | |
| | | |
Add a comment in some profiles to allow screen sharing
|
| | |
| | |
| | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | |
| | |
| | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This configuration is to be applied in order to get screen sharing
working under Wayland (via pipewire and a xdg-desktop-portal backend).
Note that {chrome|chromium} does not need the dbus filters (at least
as of today) because dbus filtering is not enabled (dbus-user not set
to none).
|
|\ \ \
| | | |
| | | | |
configure*: fix typo of HAVE_USERTMPFS
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added on commit 64a8d6a7f ("compile time option to disable
--private-cache and --tmpfs for regular user").
These are the only occurrences:
$ git ls-files -z | xargs -0 grep -Fin USERTMPS
configure:3542:HAVE_USERTMPS=""
configure.ac:80:HAVE_USERTMPS=""
|
|/ /
| |
| |
| |
| | |
GitHub added native support for it, no need for this anymore.
https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 5df1f27c638c487dfd664ea3a0f756565e1e57bd.
That commit breaks things, as pointed out by @rusty-snake[1]:
> @kmk3 @glitsj16 The xdg macros are treated literally if they have sub
> components (#2359):
>
> ```
> Error: "${DOCUMENTS}/KeePassXC" is an invalid filename: rejected character: "{"
> ```
[1]: https://github.com/netblue30/firejail/commit/3fa2927c3c1c5cf583864746538ea791c1ba2dc4#commitcomment-46913219
|
| | |
|
|\ \
| | |
| | | |
Email part (2)
|
| | | |
|
| | |
| | |
| | |
| | | |
mutt,neomuut; some sorting
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|