| Commit message (Collapse) | Author | Age |
|\
| |
| | |
build: deb: enable apparmor by default & remove deb-apparmor
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The official .deb package is always built with apparmor support, so use
`--enable-apparmor` in mkdeb.sh and remove the "deb-apparmor" target in
order to reduce redundancy.
Note that custom configure options may be specified by calling
./mkdeb.sh directly.
For example, to build the .deb package without apparmor support, instead
of running `make deb`, the following commands can be used:
make dist
./mkdeb.sh --disable-apparmor
Also, change the `build_apparmor` GitLab CI job into
`build_no_apparmor`, which is intended to check that building without
apparmor still works.
Note: This commit makes the resulting .deb package not have an
"-apparmor" suffix (see `EXTRA_VERSION` in mkdeb.sh), to avoid
redundancy (as having apparmor support becomes the default).
Misc: This is a follow-up to #5654.
Relates to #5154 #5176 #5547.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "deb" target depends on the "dist" target, which creates an archive
from DISTFILES.
The arguments to ./configure are misleading, as they do not affect the
archive that is used by `make deb`. That is the case because the
configure output files (config.mk and config.sh) are not copied into the
dist archive, only their input files (config.mk.in and config.sh.in).
In order to affect the .deb package, the configure arguments have to be
passed to mkdeb.sh, which then forwards them to ./configure itself.
Note: This does not apply to the rpm-based jobs, as `make rpms` uses the
files directly rather than using the dist archive.
Relates to #5154.
|
| |
| |
| |
| |
| |
| | |
In the `build_and_test` job, to match the common usage.
Added on commit 300efec35 ("let github CI run tests", 2020-10-24).
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make it "2014-2023", which is the same as in basically every other file
that has the same Copyright author.
This kind of amends commit b408b20c7 ("gcov: fix build failure with gcc
11.1.0", 2021-06-15) / PR #4376.
This is a follow-up to #5664.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Fixes #5639.
qutebrowser: drop apparmor
Suggested in PR review.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This amends commit 707f48a12 ("RELNOTES", 2023-02-14).
Note: The "Allow only letters and digits" modif item was implemented on
commit b4ffaa207 ("merges; more on cleaning up esc chars", 2023-02-14)
and relates to both #5578 and #5613. The "--hostname" part of both the
"Prevent" and the "Allow" modif items was also only added on that
commit. Discussion about the hostname:
https://github.com/netblue30/firejail/pull/5613#issuecomment-1421271389
Relates to #5578.
|
| |
| |
| |
| | |
Relates to #5613 #5654.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move it before modifs, add missing PR reference and make the description
match the PR name.
This amends commit 9d68139d7 ("merges", 2023-02-06).
Relates to #1127 #5634.
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
modif: Escape control characters of the command line
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Names and commands can contain control characters:
```
firejail --name="$(echo -e '\e[31mRed\n\b\b\bText\e[0m')" sleep 10s
```
results in "Text" printed in red.
Prevent commands like `--tree` to control the terminal.
|
| | |
| | |
| | |
| | | |
profiles
|
|\ \ \
| | | |
| | | | |
disable-programs.inc: blacklist sendgmail config
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
sendgmail is a cli tool by Google that "uses Gmail in order to mimic
sendmail for git send-email" as per its own description. In other words it
is a basic sendmail replacement with OAuth2 support to send emails from
Gmail accounts.
https://github.com/google/gmail-oauth2-tools/tree/master/go/sendgmail
Config files location depends on "xdg" build tag. Without the tag it would
be "~/.sendgmail.*". With the tag it is either under
"$XDG_CONFIG_HOME/sendgmail" if set or "~/.config/sendgmail" otherwise.
|
|\ \ \ \
| | |_|/
| |/| | |
build: mkdeb.sh: pass all arguments to ./configure
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Instead of using the first argument as the `EXTRA_VERSION` variable.
This should make the usage of mkdeb.sh less confusing, especially when
one is not trying to set the variable.
As for using `EXTRA_VERSION` (which is still optional with this commit),
make sure that it is set as an environment variable before caling
mkdeb.sh. Example:
env EXTRA_VERSION=-apparmor ./mkdeb.sh --enable-apparmor
See also commit 9a0fbbd71 ("mkdeb.sh.in: pass remaining arguments to
./configure", 2022-05-13) / PR #5154.
|
|\ \ \ \
| | | | |
| | | | | |
transmission-cli: allow web client
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
netblue30/dependabot/github_actions/github/codeql-action-2.2.4
build(deps): bump github/codeql-action from 2.2.1 to 2.2.4
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.1 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/3ebbd71c74ef574dbc558c82f70e52732c8b44fe...17573ee1cc1b9d061760f3a006fc4aac4f944fd5)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
disable-common.inc: Prevent access to LUKS keyfile
|
|/ / / / |
|
| |/ /
|/| | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
whois: re-fix private-etc
|
|/ / / |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
feature: Add 'keep-shell-rc' command and option
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes #1127.
This allow a user to provide their own zshrc/bashrc inside the jail.
This is very useful when using firejail to develop and prevent bad pip
packages to access your system.
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
ephemeral: use newly introduced private-etc @groups syntax
|
| | | | | |
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
private-etc fixes
|