| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
microsoft-edge.profile rewritten for stable channel and moved microsoft-edge{,-beta,-dev} from private-opt to whitelist
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
* replaced private-opt by whitelist #5307
* added stable channel config dirs to disable-programs.inc
|
| |\ \
| | |
| | | |
docs: set vim filetype on man pages for syntax highlighting
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since the man pages in src/man use a ".txt" file extension (rather than
".1" or ".5"), their filetype is detected by (neo)vim as "text".
So at the bottom of every man page, add a vim modeline in a comment and
set the filetype to "groff", to enable syntax highlighting.
Note: All of the generated ".man", ".1" and ".5" files are currently
being detected as "nroff".
Note2: Set the filetype to "groff" rather than "nroff" because at least
.UR and .UE are groff extensions. These macros look the same with
either filetype, but there may be more extensions being used and the
nroff.vim syntax file (which is included by groff.vim) does things
differently based on which filetype is used.
Based on the following example from (neo)vim's filetype.txt:
or add this modeline to the file:
/* vim: set filetype=idl : */
See `:help groff.vim` and `:help filetype.txt` in (neo)vim.
See also groff_man(7) for the man page macros (including extensions).
Environment: neovim 0.7.2-3 on Artix Linux.
Misc: I noticed this on #5290.
|
| |\ \ \
| | | |
| | | | |
docs: mention risk of SUID binaries and also firejail-users(5)
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
On the introduction of firejail(1), mention the main risk of SUID
binaries and that by default, only trusted users should be allowed to
run firejail (and how to accomplish that).
Note: The added comment line is completely discarded (so there is no
extraneous blank line); see groff_man(7) for details.
Suggested by @emerajid on #5288.
Relates to #4601.
|
| |\ \ \ \
| | | | |
| | | | | |
vmware.profile: snapshot requires /etc/mtab
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch avoid the following error:
Error: One of the parameters supplied is invalid
Tested with VMware Workstation 16.2.4
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Add support for custom AppArmor profiles (--apparmor=)
|
| | |/ / / |
|
| | | | |
| | | |
| | | |
| | | | |
Relates to #5283 #5284.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
neomutt won't write to these locations. Processes it spawns might read
to some of them, but creating an empty file doesn't help. This just
pollutes user's $HOME with empty files and directories.
I've kept a few paths that MAY be written to by neomutt; it's not ideal,
but I want to minimise the risk of potential data loss, even if it is
corener cases.
See: https://github.com/netblue30/firejail/discussions/5276
|
| |\ \ \ \
| | | | |
| | | | | |
build: config.sh.in: quote variables and fix shellcheck issues
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix the following error and warnings:
$ shellcheck --version | grep ^version:
version: 0.8.0
$ shellcheck config.sh.in
In config.sh.in line 1:
# @configure_input@
^-- SC2148 (error): Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
In config.sh.in line 3:
NAME=@PACKAGE_NAME@
^--^ SC2034 (warning): NAME appears unused. Verify use (or export if used externally).
In config.sh.in line 4:
VERSION=@PACKAGE_VERSION@
^-----^ SC2034 (warning): VERSION appears unused. Verify use (or export if used externally).
For more information:
https://www.shellcheck.net/wiki/SC2148 -- Tips depend on target shell and y...
https://www.shellcheck.net/wiki/SC2034 -- NAME appears unused. Verify use (...
Relates to #5140.
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Output variables in general may contain values with spaces in them.
Example: `CC=gcc -foo`.
Relates to #5140.
|
| |\ \ \ \
| |_|_|/
|/| | | |
build: Add files `make uninstall` forgot to remove
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
There were a couple of files leftover after `make uninstall`. This
patch fixes that.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* fix(audacity): !5281 sharedlib bug on Arch/Fedora
removed `private-bin` line from audacity profile as it appears to block
access to shared libraries needed to start audacity on some
distributions.
Relates to github issue #5281
* fix(audacity): Disabling apparmor and reenabling private-bin
|
| |\ \ \ \
| | | | |
| | | | | |
makepkg: add description
|
| | | |_|/
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* add gdu to 'new profiles' section
* Create gdu.profile
* add gdu to firecfg
* harden gdu sandbox
* fix protocol
* simulate empty protocol in gdu
* more user-friendly gdu sandboxing
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0c670bbf0414f39666df6ce8e718ec5662c21e03...2ca79b6fa8d3ec278944088b4aa5f46912db5d63)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/3e7e3b32d0fb8283594bb0a76cc60a00918b0969...0c670bbf0414f39666df6ce8e718ec5662c21e03)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| |
| |
| | |
Relates to #5248 #5249 #5251.
|
| |/
|
|
| |
Relates to #5240 #5242.
|
| |\
| |
| | |
introduce new option restrict-namespaces
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
improve force-nonewprivs security guarantees
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
build: add autoconf auto-generation comment to input files
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To note on the output files that they are generated and to clarify how
they are generated.
From the manual of GNU Autoconf (version 2.69):
> -- Variable: configure_input
> A comment saying that the file was generated automatically by
> 'configure' and giving the name of the input file. 'AC_OUTPUT'
> adds a comment line containing this variable to the top of every
> makefile it creates. For other files, you should reference this
> variable in a comment at the top of each input file. For
> example, an input shell script should begin like this:
>
> #!/bin/sh
> # @configure_input@
>
> The presence of that line also reminds people editing the file
> that it needs to be processed by 'configure' in order to be used.
Resulting output on config.mk:
# config.mk. Generated from config.mk.in by configure.
Relates to #5140.
|
| |\ \ \ \
| | | | |
| | | | | |
ci: ignore git-related paths and the project license
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add the following paths to the ignore lists:
- .git-blame-ignore-revs
- .gitignore
- COPYING
To avoid running CI unnecessarily.
Commands used to show only the root files:
$ git ls-files | grep -v /
Misc: I noticed the missing paths on #5248.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
build: add dist build directory to .gitignore
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ignore it only on the repository root path, as a directory that matches
`firejail-*` could eventually be added.
Note that the dist archive is already ignored since commit da6b131c3
("chore(.gitignore) ignore built packages", 2018-01-15) / PR #1733.
Example paths:
* build dir: firejail-0.9.71/
* archive: firejail-0.9.71.tar.xz
See `$(NAME)-$(VERSION)` and `$(NAME)-$(VERSION).tar.xz` in the "dist"
target on the root Makefile.
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
CI: bump ubuntu to 22.04 and use newer compilers / analyzers
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
to check
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
runner
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
firejail is no longer detecting that /etc/hosts is getting opened.
in strace it can still be seen that the file is opened via syscall,
but on C library layer (which firejail is tracing) it's probably
implemented differently now.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
grep was returning non-zero exit code if it did NOT find the
error marker, and zero if it did.
|
| | | | | | | |
|
| | | | | | | |
|
| |/ / / / / |
|
netblue30
Quentin RETORNAZ
Kelvin M. Klann
Davide Gerhard
Азалия Смарагдова
Hugo Osvaldo Barrera
Tommy Nguyen
Christopher Morrow
pirate486743186
glitsj16
dependabot[bot]
smitsohu
Reiner Herrmann