| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds the `shell` command. Note that it's still being parsed in
profile.c, even if it's just to return an error.
Commands used to remake them:
rm contrib/syntax/lists/*
make syntax
Relates to #5627 #5894.
|
| |
|
|
| |
Relates to #5894 #5911.
|
| |\
| |
| | |
build: fix hardcoded make & remove unnecessary distclean targets
|
| | |
| |
| |
| | |
This also fixes the duplicate execution of the "clean" targets.
|
| | |
| |
| |
| |
| |
| |
| | |
Use the `$(MAKE)` macro to ensure that the same make program is used in
the recursive invocation.
Note: Most recursive calls already use `$(MAKE)`.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Homepage: https://mullvad.net/en/download/browser/linux
mullvad-browser: don't use restrict-namespaces
mullvad-browser: cover both installation paths
Suggested in review by @kmk3.
|
| | |
| |
| |
| |
| |
| |
| | |
torbrowser-launcher: more hardening as per review
torbrowser-launcher: revert enabling restrict-namespaces
Suggested in review by @rusty-snake.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Multiple profiles include firefox-common.profile, but not all of them
include whitelist-usr-share-common.inc.
Suggested by @glitsj16[1].
This amends commit 094892dfd ("profiles: remove /usr/share/vulkan
already whitelisted by wusc (#5910)", 2023-07-20).
[1] https://github.com/netblue30/firejail/pull/5910/files#r1269397348
|
| | | |
|
| |/
|
|
|
| |
* disable-programs.inc: add remote sqlitebrowser support
* sqlitebrowser: add support for remote functionality
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is breaking scan-build in CI[1]:
/usr/share/clang/scan-build-14/bin/../libexec/ccc-analyzer [...] -c hostnames.c -o hostnames.o
hostnames.c:59:10: warning: Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker]
return strdup(rv);
^~~~~~~~~~
1 warning generated.
Likely caused by commit d2802ce60 ("fnettrace cleanup", 2023-07-15).
This also fixes a memory leak of `cmd`.
[1] https://github.com/netblue30/firejail/actions/runs/5568460702/jobs/10171098449
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The `shell` option has been removed. Remove stale references.
This does NOT remove `shell none`-related code comments in:
- src/firejail/fs_lib.c (L433-L441)
- src/firejail/join.c (L415-L417)
Relates to #5196.
Suggested by #5891.
|
| |
|
|
|
|
|
|
|
|
|
| |
Note: It already works for bash and it's already present in the syntax
files:
$ grep '^tab' contrib/syntax/lists/profile_commands_arg0.list
tab
Added on commit e6c50240f ("--tab: enable shell tab completion",
2022-02-20) / #4936.
|
| |
|
|
| |
Relates to #5871 #5899 #5900.
|
| |
|
|
|
|
|
|
|
|
|
| |
See the following commits:
* 6fa19aab9 ("feature: use seccomp filters build at install time for
* --restrict-namespaces", 2023-07-12) and commit
* 80eb28483 ("build: restore seccomp filter targets", 2023-07-13)
* 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12)
Relates to #5898.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.3 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/46ed16ded91731b2df79a2893d3aea8e9f03b5c4...489225d82a57396c6f426a40e66d461b16b3461d)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| | |
|
| |\ |
|
| | |\
| | |
| | | |
feature: add doas support in firecfg and jailcheck
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Closes #5899.
Suggested-by: @shaggonit
|
| | | |
| | |
| | |
| | | |
To make it clearer that they are not modified later.
|
| | | |
| | |
| | |
| | | |
To make it match the function used in src/jailcheck/utils.c.
|
| | |/
| |
| |
| |
| |
| |
| | |
Bleachbit is used to permanently delete files by overwriting the memory.
So the most popular feature of Bleachbit is emptying the Trash.
Relates to #5337.
|
| | |\
| | |
| | | |
disable-common.inc: blacklist sudo/doas paths in /etc
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commands used to find the relevant paths in /etc:
$ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort
/etc/pam.d/ is owned by sudo 1.9.14.p1-1
/etc/sudo.conf is owned by sudo 1.9.14.p1-1
/etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1
/etc/sudoers is owned by sudo 1.9.14.p1-1
/etc/sudoers.d/ is owned by sudo 1.9.14.p1-1
Environment: Artix Linux.
Also, add missing paths sudo/doas to etc/ids.config and jailcheck.
See also commit dbebd71db ("disable-common.inc: blacklist doas binary",
2022-10-05).
Relates to #5385.
Reported-by: Dieter Plaetinck <dieter@plaetinck.be>
|
| | |\
| | |
| | | |
New profile: rssguard
|
| | | |
| | |
| | | |
As per review https://github.com/netblue30/firejail/pull/5881#pullrequestreview-1515652336
|
| | | |\ |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | | |
Grrrr
|
| | | | |
| | | |
| | | | |
Apparently a path containing whitespace and ending with a single digit breaks CI: https://github.com/netblue30/firejail/actions/runs/5448790502.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |\ \ \
| | | | |
| | | | | |
refresh feh.profile
|
| | | | | | |
|
| |/ / / / |
|
| |\ \ \ \
| | | | |
| | | | | |
build: simplify code related to man pages
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Simplify the main targets and use wildcards instead of repeating the
filenames manually.
Also, restore the `man` target and building only when `HAVE_MAN` is
enabled.
Note: Make automatically removes intermediate files (.1 and .5), so in
general only the .gz files have to be cleaned.
Commands used to rename the man pages:
cd src/man
git mv firecfg.txt firecfg.1.in
git mv firejail-login.txt firejail-login.5.in
git mv firejail-profile.txt firejail-profile.5.in
git mv firejail-users.txt firejail-users.5.in
git mv firejail.txt firejail.1.in
git mv firemon.txt firemon.1.in
git mv jailcheck.txt jailcheck.1.in
This is kind of a follow-up to commit 9e206b7f2 ("rework src/man
Makefile", 2023-07-07).
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This partially reverts commit 2b34747db ("generate seccomp filters at
install time", 2023-07-07). See also commit 6fa19aab9 ("feature: use
seccomp filters build at install time for --restrict-namespaces",
2023-07-12).
The seccomp filters were always being built because
src/fseccomp/fseccomp (and other programs) are in `$(ALL_ITEMS)`, which
is incorrectly marked as phony. This commit fixes that and restores the
previous target logic, for consistency with the other targets and so
that the seccomp filters are made at build time rather than at install
time.
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.20.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f6e388ebf0efc915c6c5b165b019ee61a6746a38...46ed16ded91731b2df79a2893d3aea8e9f03b5c4)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added in the following commits:
* f3774678f ("compress static ip map for fnettrace at compile time",
2023-07-06)
* 9e206b7f2 ("rework src/man Makefile", 2023-07-07)
|
| | | | | |
|
| |/ / / |
|
| | | | |
|
netblue30
Kelvin M. Klann
glitsj16
dependabot[bot]
ydididodat
pirate486743186