| Commit message (Collapse) | Author | Age |
... | |
| | | |
|
| | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| | | |
|
| | | |
|
|/ / |
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/489225d82a57396c6f426a40e66d461b16b3461d...1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the `shell` command. Note that it's still being parsed in
profile.c, even if it's just to return an error.
Commands used to remake them:
rm contrib/syntax/lists/*
make syntax
Relates to #5627 #5894.
|
|
|
|
| |
Relates to #5894 #5911.
|
|\
| |
| | |
build: fix hardcoded make & remove unnecessary distclean targets
|
| |
| |
| |
| | |
This also fixes the duplicate execution of the "clean" targets.
|
| |
| |
| |
| |
| |
| |
| | |
Use the `$(MAKE)` macro to ensure that the same make program is used in
the recursive invocation.
Note: Most recursive calls already use `$(MAKE)`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Homepage: https://mullvad.net/en/download/browser/linux
mullvad-browser: don't use restrict-namespaces
mullvad-browser: cover both installation paths
Suggested in review by @kmk3.
|
| |
| |
| |
| |
| |
| |
| | |
torbrowser-launcher: more hardening as per review
torbrowser-launcher: revert enabling restrict-namespaces
Suggested in review by @rusty-snake.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Multiple profiles include firefox-common.profile, but not all of them
include whitelist-usr-share-common.inc.
Suggested by @glitsj16[1].
This amends commit 094892dfd ("profiles: remove /usr/share/vulkan
already whitelisted by wusc (#5910)", 2023-07-20).
[1] https://github.com/netblue30/firejail/pull/5910/files#r1269397348
|
| | |
|
|/
|
|
|
| |
* disable-programs.inc: add remote sqlitebrowser support
* sqlitebrowser: add support for remote functionality
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is breaking scan-build in CI[1]:
/usr/share/clang/scan-build-14/bin/../libexec/ccc-analyzer [...] -c hostnames.c -o hostnames.o
hostnames.c:59:10: warning: Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker]
return strdup(rv);
^~~~~~~~~~
1 warning generated.
Likely caused by commit d2802ce60 ("fnettrace cleanup", 2023-07-15).
This also fixes a memory leak of `cmd`.
[1] https://github.com/netblue30/firejail/actions/runs/5568460702/jobs/10171098449
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `shell` option has been removed. Remove stale references.
This does NOT remove `shell none`-related code comments in:
- src/firejail/fs_lib.c (L433-L441)
- src/firejail/join.c (L415-L417)
Relates to #5196.
Suggested by #5891.
|
|
|
|
|
|
|
|
|
|
|
| |
Note: It already works for bash and it's already present in the syntax
files:
$ grep '^tab' contrib/syntax/lists/profile_commands_arg0.list
tab
Added on commit e6c50240f ("--tab: enable shell tab completion",
2022-02-20) / #4936.
|
|
|
|
| |
Relates to #5871 #5899 #5900.
|
|
|
|
|
|
|
|
|
|
|
| |
See the following commits:
* 6fa19aab9 ("feature: use seccomp filters build at install time for
* --restrict-namespaces", 2023-07-12) and commit
* 80eb28483 ("build: restore seccomp filter targets", 2023-07-13)
* 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12)
Relates to #5898.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.3 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/46ed16ded91731b2df79a2893d3aea8e9f03b5c4...489225d82a57396c6f426a40e66d461b16b3461d)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | | |
feature: add doas support in firecfg and jailcheck
|
| | |
| | |
| | |
| | |
| | |
| | | |
Closes #5899.
Suggested-by: @shaggonit
|
| | |
| | |
| | |
| | | |
To make it clearer that they are not modified later.
|
| | |
| | |
| | |
| | | |
To make it match the function used in src/jailcheck/utils.c.
|
| |/
| |
| |
| |
| |
| |
| | |
Bleachbit is used to permanently delete files by overwriting the memory.
So the most popular feature of Bleachbit is emptying the Trash.
Relates to #5337.
|
| |\
| | |
| | | |
disable-common.inc: blacklist sudo/doas paths in /etc
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commands used to find the relevant paths in /etc:
$ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort
/etc/pam.d/ is owned by sudo 1.9.14.p1-1
/etc/sudo.conf is owned by sudo 1.9.14.p1-1
/etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1
/etc/sudoers is owned by sudo 1.9.14.p1-1
/etc/sudoers.d/ is owned by sudo 1.9.14.p1-1
Environment: Artix Linux.
Also, add missing paths sudo/doas to etc/ids.config and jailcheck.
See also commit dbebd71db ("disable-common.inc: blacklist doas binary",
2022-10-05).
Relates to #5385.
Reported-by: Dieter Plaetinck <dieter@plaetinck.be>
|
| |\
| | |
| | | |
New profile: rssguard
|
| | |
| | |
| | | |
As per review https://github.com/netblue30/firejail/pull/5881#pullrequestreview-1515652336
|
| | |\ |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | | |
Grrrr
|
| | | |
| | | |
| | | | |
Apparently a path containing whitespace and ending with a single digit breaks CI: https://github.com/netblue30/firejail/actions/runs/5448790502.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | | |
| | | | | |
refresh feh.profile
|
| | | | | |
|
|/ / / / |
|
|\ \ \ \
| | | | |
| | | | | |
build: simplify code related to man pages
|