| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
See etc/templates/profile.template.
Added on commit f3d126bf1 ("disable curl and wget in browsers based on
firefox and chromium", 2021-12-18).
Relates to #4852.
|
|
|
|
| |
Relates to #5816 #5877 #6002 #6477 #6478 #6479.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disable common general-purpose text editors.
They are likely to be the default OS text editor and users may want to
use them for editing most/all files, which could include common
sensitive files such as ~/.bashrc and profiles in ~/.config/firejail.
Fixes #6002.
Relates to #924 #941 #1154.
Reported-by: @ilikenwf
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test started failing today with "TESTING ERROR 3".
Log from a CI re-run of test-fs on commit 897f12dd8 ("build(deps): bump
step-security/harden-runner from 2.9.0 to 2.9.1", 2024-09-01) /
PR #6455[1]:
2024-09-19T13:39:04.5681290Z TESTING: private home (test/fs/private-home.exp)
2024-09-19T13:39:04.5713434Z spawn /bin/bash
2024-09-19T13:39:05.2772248Z touch ~/_firejail_test_file1
2024-09-19T13:39:05.2773779Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$
2024-09-19T13:39:05.2774475Z <jail/firejail/test/fs$ touch ~/_firejail_test_file1
2024-09-19T13:39:05.2775175Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$
2024-09-19T13:39:05.2776506Z <jail/firejail/test/fs$ touch ~/_firejail_test_file2
2024-09-19T13:39:05.2777841Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$
2024-09-19T13:39:05.2778918Z <ejail/firejail/test/fs$ mkdir ~/_firejail_test_dir1
2024-09-19T13:39:05.2780080Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$
2024-09-19T13:39:05.2780903Z <fs$ mkdir ~/_firejail_test_dir1/_firejail_test_dir2
2024-09-19T13:39:05.2781613Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$
2024-09-19T13:39:05.2782461Z <_test_dir1/_firejail_test_dir2/_firejail_test_file3
2024-09-19T13:39:05.2783224Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$
2024-09-19T13:39:05.2784047Z <firejail/test/fs$ ln -s /etc ~/_firejail_test_link1
2024-09-19T13:39:05.2784851Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$
2024-09-19T13:39:05.2785861Z < ln -s ~/_firejail_test_dir1 ~/_firejail_test_link2
2024-09-19T13:39:05.2787008Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$
2024-09-19T13:39:05.2788303Z <test_file1,_firejail_test_file2,_firejail_test_dir1
[...]
2024-09-19T13:39:05.4971716Z runner@fv-az1247-944:~$ find ~
2024-09-19T13:39:05.4989255Z /home/runner
2024-09-19T13:39:05.4990116Z /home/runner/_firejail_test_file1
2024-09-19T13:39:05.4990768Z /home/runner/_firejail_test_file2
2024-09-19T13:39:05.4991299Z /home/runner/_firejail_test_dir1
2024-09-19T13:39:05.4992082Z /home/runner/_firejail_test_dir1/_firejail_test_dir2
2024-09-19T13:39:05.4992760Z /home/runner/_firejail_test_dir1/_firejail_test_dir2/_firejail_test_file3
[...]
2024-09-19T13:39:15.4995765Z runner@fv-az1247-944:~$ TESTING ERROR 3
2024-09-19T13:39:15.5000367Z
Misc: This was noticed on #6477.
[1] https://github.com/netblue30/firejail/actions/runs/10655583953/job/30378507249
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the report by @Saren-Arterius[1]:
Since GNOME gvfs 1.53+, the ssh client options `ControlMaster=auto` and
`ControlPath=/run/user/$UID/gvfsd-sftp/%C` are used to mount sftp.
Since `/run/user/$UID/gvfsd-sftp` is not whitelisted, gvfs sftp mount
with nautilus will fail with a meaningless error message shown in the
UI.
Steps to reproduce[1]:
Prepare ssh server or localhost, then run:
ssh -o"ForwardX11 no" -o"ForwardAgent no" \
-o"PermitLocalCommand no" -o"ClearAllForwardings yes" \
-o"NoHostAuthenticationForLocalhost yes" \
-o"ControlMaster auto" \
-o"ControlPath=/run/user/${UID}/gvfsd-sftp/test" \
-s {SSH_HOST} sftp
stderr shows:
unix_listener: cannot bind to path /run/user/$UID/gvfsd-sftp/test.{RANDOM_STRING}: No such file or directory
And ssh exits with error code 255.
Fixes #5816.
[1] https://github.com/netblue30/firejail/issues/5816#issue-1695295931
Reported-by: @Saren-Arterius
Suggested-by: @Saren-Arterius
Reported-by: @Alex-Farol
Reported-by: @mirko
|
|
|
|
|
|
|
|
| |
Related commits:
* 4747e0ed7 ("Whitelist runuser common (#3286)", 2020-03-31)
* ebd4b3eea ("profiles: ssh: allow gpgagent socket for custom homedir
(#6419)", 2024-08-07)
|
|
|
|
|
|
|
|
|
|
| |
Related commits:
* 7c481eb43 ("Add QOwnNotes profile", 2018-10-20)
* 49a381c70 ("Add nextcloud-desktop", 2021-02-20) / PR #3997
Fixes #5877.
Reported-by: @Sadoon-AlBader
|
|
|
|
| |
Relates to #3997.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following error:
$ LC_ALL=C firejail /usr/bin/wesnoth
[...]
/usr/bin/wesnoth: error while loading shared libraries: liblua++.so.5.4: cannot open shared object file: Permission denied
Environment: lua 5.4.7-1, wesnoth 1:1.18.2-2 on Arch Linux.
Fixes #6475.
Reported-by: @marek22k
|
|
|
|
|
|
|
|
|
|
| |
Reword and add commit references.
Related commits:
* 0e48f9933 ("remove firemon --interface option - it is a duplication of
firejail --net.print", 2023-03-08)
* db09546f2 ("remove LTS and FIRETUNNEL support", 2023-12-23)
|
|
|
|
|
| |
Added on commit 0e48f9933 ("remove firemon --interface option - it is a
duplication of firejail --net.print", 2023-03-08).
|
|
|
|
| |
Relates to #6413 #6451 #6471 #6472 #6473 #6474.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It appears that LibreWolf 129 uses `io.gitlab.firefox.*` as the dbus
name.
Commands used to check the dbus name:
$ busctl --user --no-legend | grep -v '^:' | grep librewolf |
sed -E 's/(^[^ ]+\.)[^. ]+ .*/\1/'
io.gitlab.firefox.
Commands used to test dbus communication:
# Open a new browser instance:
$ firejail --name=lwtest --ignore=name --ignore='dbus-user none' \
--dbus-user=filter --dbus-user.own='io.gitlab.firefox.*' \
--private --net=none --ignore=net /usr/bin/librewolf
# In another shell, try to open a new tab:
$ firejail --join=lwtest /usr/bin/librewolf --new-tab about:blank
# Check that the new tab was opened
Related commits:
* c3f299620 ("Let programs outside librewolf sandbox open new tabs in
librewolf (#4546)", 2021-09-19)
* a8ad9cad1 ("Update librewolf.profile: use new message bus",
2022-02-03) / PR #4897
* 4211ee323 ("merges", 2022-02-04)
Fixes #6413.
Misc: This was noticed on #6444.
Reported-by: @Lonniebiz
|
|
|
|
|
|
|
|
|
|
|
| |
These paths are apparently used for attachments.
Disable private-tmp to make it easier to open attachments with external
programs.
Relates to #5101.
Reported-by: @githlp
Suggested-by: @rusty-snake
|
|
|
|
|
|
|
|
|
| |
It's used by libdvdcss (which is used to play copy-restricted dvds).
It seems to be just a cache directory, so just allow without mkdir.
Relates to #5391.
Suggested-by: @reinerh
|
|
|
|
| |
Relates to #6423 #6471.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* Sync bug_report.md with build_issue.md (reword items and add Linux
kernel item)
* Add a colon to the end of every item (to clarify where to add the
information)
* Add the Environment section to feature_request.md
The last item is intended as a basic sanity check, as users using an
outdated version of firejail may request something that was already
implemented (for example, see #6461).
Relates to #4515 #6423.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove extranous escape characters and fix bold escaping.
Command used to check for unusual escape sequences:
$ git grep -E -e '\\f[^BR]' -e '\\[^ "\f-]' -- src/man/*.in
With this, the only escape sequences used are:
$ git grep -E -ho -e '\\-' -e '\\[^-][^ ]?' -- src/man/*.in |
LC_ALL=C sort | uniq -c
9 \"
1 \&.
1194 \-
23 \\
507 \fB
127 \fR
Related commits:
* 137985136 ("Baseline firejail 0.9.28", 2015-08-08)
* 1684c9ea7 ("Fixes for man firejail (#2628)", 2019-03-29)
* 73525015e ("Clarify that file globbing occurs only at start",
2020-04-11) / PR #3347
* f54ee53b1 ("man text for --include command", 2021-03-05).
This is a follow-up to #6472.
Kind of relates to #5903.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reset the bold right after each command/argument.
Command used to check for issues:
git grep -E ' \\fR' -- src/man/*.in
Related commits:
* e91b9ff0f ("Deprecate --nodbus option", 2020-04-07) /
PR #3265
* 5a612029b ("rename noautopulse to keep-config-pulse", 2021-05-13) /
PR #4278
* d79547ca9 ("docs: warn about limitations of landlock", 2024-03-31) /
PR #6302
This is a follow-up to #6451.
Relates to #6078.
|
|
|
|
|
|
|
|
|
| |
Sort commands in firejail.1.in and sync the result with
firejail-profile.5.in.
* Commands: `--dbus-system.*`, `--dbus-user.*`, `--icmptrace`,
`--ip=none`, `memory-deny-write-execute`, `--noinput`
Relates to #3190 #3406 #4209.
|
|
|
|
|
|
|
|
|
|
| |
Move the "FILES" section to right before the "LICENSE" section in
firecfg.1.in, to match what is done in the other man pages.
This amends commit ef6cfb8a2 ("firecfg: add ignore command and docs",
2023-06-29) / PR #5876.
Relates to #6451.
|
|
|
|
|
|
|
| |
This amends commit 6489138a5 ("docs: document NAME VALIDATION in
firejail.txt", 2023-06-13) / PR #5856.
Relates to #6451.
|
|
|
|
|
|
|
| |
Added on commit 13b2c566d ("feature: add Landlock support", 2023-10-24)
/ PR #6078.
Relates to #6451.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/0d381219ddf674d61a7572ddd19d7941e271515c...5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/afb54ba388a7dca6ecae48f608c4ff05ff4cc77a...4dd16135b69a43b6c8efb853346f8437d92d3c93)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
| |
Changes:
- Allow shell access (bitwarden-desktop may be a shell script)
- Enable whitelist-usr-share-common.inc
- Introduce a new redirect for bitwarden-desktop
- Add the new redirect to firecfg
Relates to #6442.
|
|
|
|
|
|
|
| |
By default, Zoom records meetings to ~/Documents/Zoom. Add that folder
to the whitelist so that future users don't lose their meeting
recordings upon shutting Zoom down.
Fixes #4006.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Related commits:
* 9e206b7f2 ("rework src/man Makefile", 2023-07-07)
* 2b34747db ("generate seccomp filters at install time", 2023-07-07)
* 1d5fff903 ("Makefile fix", 2023-07-10)
* 6fa19aab9 ("feature: use seccomp filters build at install time for
--restrict-namespaces", 2023-07-12)
* a6172b725 ("build: remove extraneous blank lines in makefiles",
2023-07-12)
* 80eb28483 ("build: restore seccomp filter targets", 2023-07-13) /
PR #5898
* 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12) /
PR #5898
* 8e79f18cf ("build: add missing makefile dep", 2023-08-12) /
PR #5956
Note: The issue with seccomp filters specifically was fixed on commit
80eb28483 ("build: restore seccomp filter targets", 2023-07-13) /
PR #5898.
Relates to #5156 #5898 #5956.
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was enabled in firefox-common.inc on commit 34d004892 ("private-etc:
corss-distro test for curl, gimp, inkscape, firefox, warzone2100",
2023-01-28), but not in the profiles that include it.
Enable it in the including profiles as well.
Note: This was already done for firefox.profile on commit 76249284f
("firefox: fix private-etc firefox", 2023-06-02) / PR #5844.
Relates to #6400.
|
|
|
|
| |
Relates to #6423 #6425 #6426 #6431.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a custom GPG homedir is used, a hash of its path is used in the path
of the gpg agent socket[1].
For example, when running:
gpgconf --list-dirs agent-ssh-socket
With a custom homedir it returns:
/run/user/1000/gnupg/<hashed homedir>/S.gpg-agent.ssh
Environment: gnupg 2.4.5-4 on Arch Linux.
[1] https://github.com/gpg/gnupg/blob/91532dc3f40599b74fff489cb021c0cd3344ae60/common/homedir.c#L1342
|
|
|
|
|
| |
Based on `.github/ISSUE_TEMPLATE/bug_report.md`.
Relates to #6417.
|
|
|
| |
Fixes #6426.
|
|
|
|
|
|
|
|
|
| |
Much like the i3 IPC socket (#6361), the sway IPC socket also allows
arbitrary code execution via the `exec` subcommand. Access should only
be permitted to sway itself by default.
The location of the IPC socket is set in sway/ipc-server.c:
https://github.com/swaywm/sway/blob/7e74a4914261cf32c45017521960adf7ff6dac8f/sway/ipc-server.c#L126
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.8.1 to 2.9.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6...0d381219ddf674d61a7572ddd19d7941e271515c)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b611370bb5703a7efb587f9d136a52ea24c5c38c...afb54ba388a7dca6ecae48f608c4ff05ff4cc77a)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
| |
Use the same examples with spaces and make the quotes more consistent
with the other examples.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This path is apparently needed on openSUSE Tumbleweed[1]:
$ LC_ALL=C firejail /usr/bin/element-desktop
[...]
Error launching app
Unable to find Electron app at /usr/share/element/app
Cannot find module '/usr/share/element/app'
Parent is shutting down, bye...
Fixes #6421.
[1] https://software.opensuse.org/package/element-desktop
Reported-by: @leukimi
|
|
|
|
|
|
|
|
| |
Description: TUI for introspecting the state of the system/session dbus.
https://github.com/Troels51/dtui
https://aur.archlinux.org/packages/dtui
Relates to #6420.
|
|
|
|
|
|
|
|
| |
There are a lot of common options in the `d-feet` and `d-spy` profiles.
Create a new common include file and refactor the existing profiles as
redirects.
Relates to #2492 #6328.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current `bijiben.profile` sets an environment variable to disable
its internal webkit/bubblewrap sandbox but now a different variable
needs to be set[1]:
WEBKIT_FORCE_SANDBOX no longer allows disabling the sandbox. Use WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 instead.
This may be needed to make the profile work, but disabling the sandbox
affects the security in webkit[2], so update the variable and disable
bijiben by default in firecfg.config.
Note: Upstream replaced bijiben by gnome-notes[3] [4].
Relates to #2995.
[1] https://github.com/WebKit/WebKit/blob/0678a98c864ee36f0114ea4e7d303fd07788a822/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp#L117
[2] https://github.com/netblue30/firejail/issues/2995
[3] https://archlinux.org/packages/extra/x86_64/gnome-notes/
[4] https://wiki.gnome.org/Apps/Notes
|
|
|
|
| |
Relates to #6401 #6403 #6404 #6414 #6415.
|
|
|
|
|
|
| |
There are various reports in #5127 that the current profile is broken on
wayland (and at least one report that it is broken on xorg as well).
Relates to #6268.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The coredump-related code fails to build on Linux kernel version 3.8 as
apparently it only exists on Linux since version 3.10:
docker run --platform linux/386 --rm -it satmandu/crewbuild:386
[...]
./configure && make
[...]
gcc -ggdb -O2 -DVERSION='"0.9.73"' [...] -march=i686 -c ../../src/firemon/procevent.c -o ../../src/firemon/procevent.o
../../src/firemon/procevent.c: In function ‘procevent_monitor’:
../../src/firemon/procevent.c:399:38: error: ‘PROC_EVENT_COREDUMP’ undeclared (first use in this function); did you mean ‘PROC_EVENT_COMM’?
399 | case PROC_EVENT_COREDUMP:
| ^~~~~~~~~~~~~~~~~~~
| PROC_EVENT_COMM
../../src/firemon/procevent.c:399:38: note: each undeclared identifier is reported only once for each function it appears in
../../src/firemon/procevent.c:400:66: error: ‘union <anonymous>’ has no member named ‘coredump’
400 | pid = proc_ev->event_data.coredump.process_tgid;
| ^
make[1]: *** [../../src/prog.mk:25: ../../src/firemon/procevent.o] Error 1
make[1]: Leaving directory '/home/chronos/user/firejail/src/firemon'
make: *** [Makefile:72: src/firemon/firemon] Error 2
Environment: gcc 14.1.0, glibc 2.23 and linuxheaders 3.8 on ChromeOS
M58.
Misc: @Zopolis4 also reports that "All i686 chromebooks have a kernel
version of 3.8".
This amends commit e11949a71 ("add support for comm, coredump, and prctl
procevents in firemon", 2024-04-30).
Fixes #6414.
Reported-by: @Zopolis4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* Use the exact same source date string for all `date` invocations
* Use `-d` instead of `--date=`
* Fallback to `-r` and then to no argument
Some `date` implementations only support BSD `-r` instead of GNU `-d` /
`--date=` and others may not support any of them since neither option is
in POSIX.
For example, if zoneinfo is installed by chromebrew on ChromeOS, it
provides a date program that only supports `-r` and overrides the system
one (which supports `-d`) [1]:
./mkman.sh 0.9.72 src/man/firejail.man firejail.1
date: invalid option -- '-'
date: usage: date [-u] [-c] [-r seconds] [+format]
make: *** [Makefile:42: firejail.1] Error 1
Environment: zoneinfo 2024a on ChromeOS M125.
Note: The changes are based on what is suggested by
reproducible-builds.org [2].
Relates to #193.
Fixes #6403.
[1] https://github.com/netblue30/firejail/issues/6403#issue-2402292506
[2] https://reproducible-builds.org/docs/source-date-epoch/
Reported-by: @Zopolis4
|
|
|
|
|
| |
Add `ps2pdf` to private-bin.
Fixes #6402.
|
|
|
|
|
|
|
| |
Remove the newer #6390 item as it is already on the list, remove the
older #6307 item (modif) and sort the new #6307 item (bugfix).
This amends commit 9ebecd00d ("readme/relnotes update", 2024-07-13).
|
| |
|
|
|
|
|
|
|
|
| |
This command is deprecated and may be confused for a hardening option.
This amends commit 5a612029b ("rename noautopulse to keep-config-pulse",
2021-05-13) / PR #4278.
This is a follow-up to #6390.
|
|
|
|
| |
Relates to #6372 #6379 #6380 #6382 #6387 #6390 #6398.
|