aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
...
| * | firefox(-based) profiles: refactor wusc (#5914)Libravatar glitsj162023-07-25
| | |
| * | update mov-cli (#5924)Libravatar pirate4867431862023-07-25
| | | | | | | | | Co-authored-by: pirate486743186 <>
* | | netlock/nettrace cleanupLibravatar netblue302023-07-26
| | |
* | | split nettrace executable ^Cto netrace and netlockLibravatar netblue302023-07-25
| | |
* | | cleanupLibravatar netblue302023-07-25
|/ /
* | Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302023-07-24
|\|
| * build(deps): bump github/codeql-action from 2.20.4 to 2.21.0Libravatar dependabot[bot]2023-07-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/489225d82a57396c6f426a40e66d461b16b3461d...1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | integrating nettrace dnstrace and snitraceLibravatar netblue302023-07-24
| |
* | fnettrace: trace ICPM ECHO (ping) trafficLibravatar netblue302023-07-23
|/
* contrib/syntax: run make syntaxLibravatar Kelvin M. Klann2023-07-23
| | | | | | | | | | | | This adds the `shell` command. Note that it's still being parsed in profile.c, even if it's just to return an error. Commands used to remake them: rm contrib/syntax/lists/* make syntax Relates to #5627 #5894.
* RELNOTES: add modif and build itemsLibravatar Kelvin M. Klann2023-07-22
| | | | Relates to #5894 #5911.
* Merge pull request #5911 from kmk3/build-rm-distcleanLibravatar Kelvin M. Klann2023-07-22
|\ | | | | build: fix hardcoded make & remove unnecessary distclean targets
| * build: remove unnecessary distclean targetsLibravatar Kelvin M. Klann2023-07-20
| | | | | | | | This also fixes the duplicate execution of the "clean" targets.
| * build: fix hardcoded make in recursive make callsLibravatar Kelvin M. Klann2023-07-20
| | | | | | | | | | | | | | Use the `$(MAKE)` macro to ensure that the same make program is used in the recursive invocation. Note: Most recursive calls already use `$(MAKE)`.
* | Create mullvad-browser.profile (#5887)Libravatar glitsj162023-07-22
| | | | | | | | | | | | | | | | | | Homepage: https://mullvad.net/en/download/browser/linux mullvad-browser: don't use restrict-namespaces mullvad-browser: cover both installation paths Suggested in review by @kmk3.
* | torbrowser-launcher: hardening (#5886)Libravatar glitsj162023-07-22
| | | | | | | | | | | | | | torbrowser-launcher: more hardening as per review torbrowser-launcher: revert enabling restrict-namespaces Suggested in review by @rusty-snake.
* | firefox-common-addons.profile: restore vulkan whitelistLibravatar Kelvin M. Klann2023-07-20
| | | | | | | | | | | | | | | | | | | | | | | | Multiple profiles include firefox-common.profile, but not all of them include whitelist-usr-share-common.inc. Suggested by @glitsj16[1]. This amends commit 094892dfd ("profiles: remove /usr/share/vulkan already whitelisted by wusc (#5910)", 2023-07-20). [1] https://github.com/netblue30/firejail/pull/5910/files#r1269397348
* | profiles: remove /usr/share/vulkan already whitelisted by wusc (#5910)Libravatar glitsj162023-07-20
| |
* | sqlitebrowser remote support (#5909)Libravatar glitsj162023-07-20
|/ | | | | * disable-programs.inc: add remote sqlitebrowser support * sqlitebrowser: add support for remote functionality
* hostnames.c: fix scan-build warningLibravatar Kelvin M. Klann2023-07-20
| | | | | | | | | | | | | | | | This is breaking scan-build in CI[1]: /usr/share/clang/scan-build-14/bin/../libexec/ccc-analyzer [...] -c hostnames.c -o hostnames.o hostnames.c:59:10: warning: Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker] return strdup(rv); ^~~~~~~~~~ 1 warning generated. Likely caused by commit d2802ce60 ("fnettrace cleanup", 2023-07-15). This also fixes a memory leak of `cmd`. [1] https://github.com/netblue30/firejail/actions/runs/5568460702/jobs/10171098449
* modif: drop deprecated 'shell' option references (#5894)Libravatar glitsj162023-07-19
| | | | | | | | | | | | The `shell` option has been removed. Remove stale references. This does NOT remove `shell none`-related code comments in: - src/firejail/fs_lib.c (L433-L441) - src/firejail/join.c (L415-L417) Relates to #5196. Suggested by #5891.
* zsh: add shell completion for --tabLibravatar Kelvin M. Klann2023-07-19
| | | | | | | | | | | Note: It already works for bash and it's already present in the syntax files: $ grep '^tab' contrib/syntax/lists/profile_commands_arg0.list tab Added on commit e6c50240f ("--tab: enable shell tab completion", 2022-02-20) / #4936.
* RELNOTES: add feature and modif itemsLibravatar Kelvin M. Klann2023-07-19
| | | | Relates to #5871 #5899 #5900.
* RELNOTES: clarify feature itemLibravatar Kelvin M. Klann2023-07-19
| | | | | | | | | | | See the following commits: * 6fa19aab9 ("feature: use seccomp filters build at install time for * --restrict-namespaces", 2023-07-12) and commit * 80eb28483 ("build: restore seccomp filter targets", 2023-07-13) * 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12) Relates to #5898.
* build(deps): bump github/codeql-action from 2.20.3 to 2.20.4Libravatar dependabot[bot]2023-07-17
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.3 to 2.20.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/46ed16ded91731b2df79a2893d3aea8e9f03b5c4...489225d82a57396c6f426a40e66d461b16b3461d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* mergesLibravatar netblue302023-07-16
|
* feature: stats support for --nettraceLibravatar netblue302023-07-16
|
* Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302023-07-16
|\
| * Merge pull request #5900 from kmk3/firecfg-support-doasLibravatar Kelvin M. Klann2023-07-16
| |\ | | | | | | feature: add doas support in firecfg and jailcheck
| | * feature: add doas support in firecfg and jailcheckLibravatar Kelvin M. Klann2023-07-14
| | | | | | | | | | | | | | | | | | Closes #5899. Suggested-by: @shaggonit
| | * firecfg: add const to a few functions/variablesLibravatar Kelvin M. Klann2023-07-14
| | | | | | | | | | | | To make it clearer that they are not modified later.
| | * firecfg: rename get_user to get_sudo_userLibravatar Kelvin M. Klann2023-07-14
| | | | | | | | | | | | To make it match the function used in src/jailcheck/utils.c.
| * | bleachbit.profile: allow erasing Trash contentsLibravatar ydididodat2023-07-16
| |/ | | | | | | | | | | | | Bleachbit is used to permanently delete files by overwriting the memory. So the most popular feature of Bleachbit is emptying the Trash. Relates to #5337.
| * Merge pull request #5387 from kmk3/dc-blacklist-sudoersLibravatar Kelvin M. Klann2023-07-14
| |\ | | | | | | disable-common.inc: blacklist sudo/doas paths in /etc
| | * disable-common.inc: blacklist sudo/doas paths in /etcLibravatar Kelvin M. Klann2023-07-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commands used to find the relevant paths in /etc: $ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort /etc/pam.d/ is owned by sudo 1.9.14.p1-1 /etc/sudo.conf is owned by sudo 1.9.14.p1-1 /etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1 /etc/sudoers is owned by sudo 1.9.14.p1-1 /etc/sudoers.d/ is owned by sudo 1.9.14.p1-1 Environment: Artix Linux. Also, add missing paths sudo/doas to etc/ids.config and jailcheck. See also commit dbebd71db ("disable-common.inc: blacklist doas binary", 2022-10-05). Relates to #5385. Reported-by: Dieter Plaetinck <dieter@plaetinck.be>
| * Merge pull request #5881 from glitsj16/rssguardLibravatar netblue302023-07-13
| |\ | | | | | | New profile: rssguard
| | * RELNOTES: revert adding rssguard to new profiles sectionLibravatar glitsj162023-07-06
| | | | | | | | | As per review https://github.com/netblue30/firejail/pull/5881#pullrequestreview-1515652336
| | * Merge branch 'netblue30:master' into rssguardLibravatar glitsj162023-07-06
| | |\
| | * | rssguard.profile: add netlink to protocolLibravatar glitsj162023-07-05
| | | |
| | * | rssguard.profile: add seccomp.block-secondaryLibravatar glitsj162023-07-04
| | | |
| | * | disable-programs.inc: fix ordering rssguard entreeLibravatar glitsj162023-07-03
| | | | | | | | | | | | Grrrr
| | * | disable-programs.inc: fix rssguard entreeLibravatar glitsj162023-07-03
| | | | | | | | | | | | Apparently a path containing whitespace and ending with a single digit breaks CI: https://github.com/netblue30/firejail/actions/runs/5448790502.
| | * | firecfg.config: add rssguardLibravatar glitsj162023-07-03
| | | |
| | * | RELNOTES: add rssguard to 'new profiles' sectionLibravatar glitsj162023-07-03
| | | |
| | * | Create rssguard.profileLibravatar glitsj162023-07-03
| | | |
| | * | disable-programs.inc: add support for rssguardLibravatar glitsj162023-07-03
| | | |
| * | | Merge pull request #5893 from pirate486743186/fehLibravatar netblue302023-07-13
| |\ \ \ | | | | | | | | | | refresh feh.profile
| | * | | refresh feh.profileLibravatar pirate4867431862023-07-12
| | | | |
* | | | | fnettrace cleanupLibravatar netblue302023-07-15
|/ / / /
* | | | Merge pull request #5898 from kmk3/build-simplify-manLibravatar netblue302023-07-13
|\ \ \ \ | | | | | | | | | | build: simplify code related to man pages
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 11:56:11 +0000