| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
Makefile improvements
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Avoid a stat() call for each affected target and also potentially speed
up parallel builds.
From the GNU make manual[1]:
> Phony targets are also useful in conjunction with recursive
> invocations of make (see Recursive Use of make). In this situation
> the makefile will often contain a variable which lists a number of
> sub-directories to be built.
[...]
> The implicit rule search (see Implicit Rules) is skipped for .PHONY
> targets. This is why declaring a target as .PHONY is good for
> performance, even if you are not worried about the actual file
> existing.
Commands used to search, replace and cleanup:
$ find -type f -name '*Makefile.in' -exec sed -i.bak \
-e 's/^all:/.PHONY: all\nall:/' \
-e 's/^clean:/.PHONY: clean\nclean:/' \
-e 's/^distclean:/.PHONY: distclean\ndistclean:/' '{}' +
$ find -type f -name '*Makefile.in.bak' -exec rm '{}' +
[1]: https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
With a fun little script:
$ git ls-files -z -- '*Makefile*' |
xargs -0 -I '{}' sh -c \
"test -s '{}' && printf '%s\n' \"\`git stripspace <'{}'\`\" >'{}'"
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
man firejail-profiles has it already. [skip ci]
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
bash:
- remove --audit
zsh:
- add --mkdir + --mkfile
- remove -audit
and fix typo in 9b56dc8e
|
| | |
|
| | |
|
| |\
| |
| | |
fix protocol list
|
| | | |
|
| | |
| |
| | |
Due to https://github.com/netblue30/firejail/commit/5d88ee8957dc38a52c36f71b91c786dbec9d4ec9 we should provide an override option here IMO.
|
| | |
| |
| | |
Now that https://github.com/netblue30/firejail/commit/5d88ee8957dc38a52c36f71b91c786dbec9d4ec9 introduces new protocol list behaviour, we need to add an ignore here due to the redirect to transmission-common.profile. See https://github.com/netblue30/firejail/issues/4017 for clarification.
|
| |\ \
| | |
| | | |
Force nnp compile time
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The current message misses the info that nnp and nogroups is applied
too. The new mentions nnp too, but is very long. If anyone has a better
wording, say it.
|
| |/ /
| |
| |
| | |
This will always set 'nonewprivs', 'caps.drop all' and 'nogroups'.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
- RELNOTS: protocol now accumulates
- fix #3978 -- Android Studio: cannot create the directory
Unresolved:
> google-earth.profile has a 'noblacklist ${HOME}/.config/Google' too,
> so we should consider to add additional blacklists for ~/.config/Google/*.
- marker.profile: allow ${DOCUMENTS}
- profile.template: add bluetooth protocol
- profile.template: add DBus portal note
- firejail-profile.txt: revert 17fe4b9e -- fix private=directory in man firejail-profile
see https://github.com/netblue30/firejail/pull/3970#discussion_r574411745
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
Allow changing protocol list after initial set
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Firejail uses set-once logic for "protocol" list. This makes it
impossible to accumulate list of allowed protocols from multiple
include files.
Use profile_list_augment() for maintaining list of protocols. This
implicitly means protocols can be added/removed via any number of
command line options / profile configuration files.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A lot of profile options deal with manipulating strings containing
comma separated list of things, using several strains of similar but
not exactly the same code, duplicated for the purposes of processing
command line arguments and parsing configuration files.
Having utility functions available for handling such list strings can
make higher level logic shorter, cleaner and function in more uniform
manner.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| |\ \
| |/
|/| |
Add --mkdir and --mkfile command line options for firejail
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Profile files are defined as a means to "pass several command line
arguments to firejail" but apparently for example mkdir and mkfile
options are available in context of profile files, but can't be
specified directly from command line.
Add support for -mkdir and --mkfile options so that executing:
firejail --mkdir=${HOME}/directory/path\
--whitelist=${HOME}/directory/path
behaves similarly as having profile file content:
mkdir ${HOME}/directory/path
whitelist ${HOME}/directory/path
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| |
|
| |
Thx to @rusty-snake for spotting this.
|
| |\
| |
| | |
add new profile for gget
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| | |
fix firecfg links in restrictive sandboxes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
firejail symbolic link redirection currently depends
on a shell, but in restrictive sandboxes there
might be no execute permission, or private-lib might
have removed necessary libraries, or seccomp might
block required syscalls ...
Fix this by forcing --shell=none.
closes #3911
|
| | | |
|
glitsj16
Reiner Herrmann
Kelvin M. Klann
rusty-snake
netblue30
startx2017
Simo Piiroinen
smitsohu