| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, if double-dash ("--") is passed to firejail, it is forwarded
to the user shell:
$ firejail --debug --noprofile -- echo test 2>&1 |
grep -e execvp -e test
Building quoted command line: 'echo' 'test'
Building quoted command line: 'echo' 'test'
Running 'echo' 'test' command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: --
execvp argument 3: 'echo' 'test'
test
This causes issues when the user shell does not accept "--" / is not
POSIX-compatible:
$ /bin/bash -c -- 'echo test'
test
$ /bin/fish -c -- 'echo test'
fish: Unknown command: --
fish:
--
^
Fixes #5599.
Relates to #3434.
Reported-by: @iltep64
Reported-by: @ferreum
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/959cbb7472c4d4ad70cdfe6f4976053fe48ab394...515828d97454b8354517688ddc5b48402b723750)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5...18bf8ad2ca49c14cbb28b91346d626ccfb00c518)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
This amends commit a100cbe99 ("RELNOTES: move etc-hide-blacklisted item
to modif", 2023-01-16).
|
| |
|
|
|
|
| |
And clarify it.
Relates to #5010 #5230 #5591 #5595.
|
| | |
|
| | |
|
| |\
| |
| | |
Rename etc-no-blacklisted to etc-hide-blacklisted
|
| | |
| |
| |
| |
| |
| |
| | |
Let users know that enabling this may break /etc/resolv.conf.
Added on commit ded50200e ("opt-in: skip blacklisted files in
private-etc - #5010, #5230", 2023-01-15) / PR #5591.
|
| | |
| |
| |
| |
| |
| |
| | |
To make it clearer.
Added on commit ded50200e ("opt-in: skip blacklisted files in
private-etc - #5010, #5230", 2023-01-15) / PR #5591.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To avoid boolean confusion (`no-foo no` / `no-foo yes`) in
firejail.config:
etc-no-blacklisted no
etc-no-blacklisted yes
Commands used to search and replace:
git grep -Ilz -i 'etc.no.blacklisted' -- etc src |
xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \
-e 's/etc-no-blacklisted/etc-hide-blacklisted/' \
-e 's/ETC_NO_BLACKLISTED/ETC_HIDE_BLACKLISTED/' \
'{}')\" >'{}'"
Added on commit ded50200e ("opt-in: skip blacklisted files in
private-etc - #5010, #5230", 2023-01-15) / PR #5591.
|
| |\ \
| |/
|/| |
add timezone access to make libical functional
|
| |/
|
| |
claws-mail vcalendar-plugin uses libical to get current timezone. Libical needs access to file `/etc/timezone` to work properly.
|
| |\
| |
| | |
opt-in: hide blacklisted files in /etc
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
email-common refactoring
|
| | | |
| | |
| | | |
Supporting 'level 1 hack' to allow opening hyperlinks with firefox needs xdg-open (besides bash,sh). Adding xdg-open to private-bin is not enough, as it pulls in a long list of other commands and that's pretty unmaintainable IMO. So I opted to drop private-bin here.
|
| | | |
| | |
| | | |
Suggested in review.
|
| | | |
| | |
| | | |
Pointed out in review that this comment was removed by mistake.
|
| | | |
| | |
| | | |
No longer used for claws-mail and sylpheed only.
|
| | | | |
|
| | | | |
|
| | |/ |
|
| |\ \
| | |
| | | |
New profiles: linuxqq/qq
|
| | |\ \ |
|
| | | | |
| | | |
| | | | |
Now that #5569 is in we can remove the hardening comment.
|
| | | | |
| | | |
| | | | |
As suggested in review.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Relates to #5274 #5475.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added on commit 7902594e7 ("RELNOTES: add bugfix for --profile-path in
--help", 2023-01-14).
Relates to #5585 #5586.
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Relates to #5585 #5586.
|
| |\ \ \ \
| | | | |
| | | | | |
Remove --profile-path from --help
|
| |/ / / /
| | | |
| | | | |
Fixes #5585
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \ |
|
Kelvin M. Klann
dependabot[bot]
netblue30
bymoz089
smitsohu
glitsj16
rusty-snake
Reiner Herrmann