| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
development
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See commit 15d793838 ("Try to fix #2310 -- Can't create run directory
without suid-root", 2021-05-13) / PR #4273.
It is the only "HAVE_" option whose value is set by if/else on a
makefile. Also, it is set in different places to either "yes", "no",
blank or "-DHAVE_SUID". Set the value only on configure.ac and only to
either blank or to "-DHAVE_SUID".
Misc: The `ifeq ($(HAVE_SUID),-DHAVE_SUID)` comparison that this adds is
based on the existing `ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)`
comparison on Makefile.in.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should make it easier for users, and distributions, to customize
which programs they want firejail to wrap. Also fixed some
firecfg.cfg -> firecfg.config references.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
Closes: https://github.com/netblue30/firejail/issues/408
Bug: https://github.com/netblue30/firejail/issues/2097
Bug: https://github.com/netblue30/firejail/issues/2829
Bug: https://github.com/netblue30/firejail/issues/3665
|
| |
|
| |
|
|
|
|
| |
like it is declared in the man page itself and referenced by other pages.
|
| |
|
|\
| |
| | |
Makefile improvements
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Avoid a stat() call for each affected target and also potentially speed
up parallel builds.
From the GNU make manual[1]:
> Phony targets are also useful in conjunction with recursive
> invocations of make (see Recursive Use of make). In this situation
> the makefile will often contain a variable which lists a number of
> sub-directories to be built.
[...]
> The implicit rule search (see Implicit Rules) is skipped for .PHONY
> targets. This is why declaring a target as .PHONY is good for
> performance, even if you are not worried about the actual file
> existing.
Commands used to search, replace and cleanup:
$ find -type f -name '*Makefile.in' -exec sed -i.bak \
-e 's/^all:/.PHONY: all\nall:/' \
-e 's/^clean:/.PHONY: clean\nclean:/' \
-e 's/^distclean:/.PHONY: distclean\ndistclean:/' '{}' +
$ find -type f -name '*Makefile.in.bak' -exec rm '{}' +
[1]: https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
With a fun little script:
$ git ls-files -z -- '*Makefile*' |
xargs -0 -I '{}' sh -c \
"test -s '{}' && printf '%s\n' \"\`git stripspace <'{}'\`\" >'{}'"
|
|/ |
|
| |
|
| |
|
|\
| |
| | |
Add first version of zsh completion
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't have duplicate descriptions and put = signs where they belong to
zsh completion function now dynamically adjusts for options (e.g. no --apparmor option without AppArmor configured)
No EXTRA_CFLAGS for cpp
Found main.c which does the argument processing. Moved some arguments into the correct #ifdef blocks
Profile selection now much better
Not more cpp. Using preproc.awk instead.
Updated bash firejail command completion to add profiles
ignore bash and zsh dynamically created completion scripts
Moved bash/zsh completions out of ALL_ITEMS to fix make install
Cleanup
|
| | |
|
|/
|
|
|
| |
(hopefully) fixes the issues that led to reverting
commits 6abb65d328af61d67361890743190bd4c57f8e3c and 98e42dc6da4e4b1e47ed2aa020012d4dedc1e80e
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Meanwhile most tests are also run via GitHub Actions
Fixes #3721
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 4422ce65a9d1e903e583d0f2eca9dc1ee7c839e9.
------
Revert for now as it breaks on some distros (namely Fedora), see
https://github.com/netblue30/firejail/commit/4422ce65a9d1e903e583d0f2eca9dc1ee7c839e9#commitcomment-42999952
|
| |
|
| |
|
| |
|
|
|
|
| |
Those are unnecessary in embedded environment.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixup 4de61a4b8fae97218de7405273cfe6b8810567f0
$ make rpms
./mkman.sh 0.9.63 src/man/firejail.man firejail.1
sed: can't read src/man/firejail.man: No such file or directory
./mkman.sh 0.9.63 src/man/firemon.man firemon.1
sed: can't read src/man/firemon.man: No such file or directory
./mkman.sh 0.9.63 src/man/firecfg.man firecfg.1
sed: can't read src/man/firecfg.man: No such file or directory
./mkman.sh 0.9.63 src/man/firejail-profile.man firejail-profile.5
sed: can't read src/man/firejail-profile.man: No such file or directory
./mkman.sh 0.9.63 src/man/firejail-login.man firejail-login.5
sed: can't read src/man/firejail-login.man: No such file or directory
./mkman.sh 0.9.63 src/man/firejail-users.man firejail-users.5
sed: can't read src/man/firejail-users.man: No such file or directory
./platform/rpm/mkrpm.sh firejail 0.9.63
|
|
|
|
|
|
|
|
| |
$ make rpms
./platform/rpm/mkrpm.sh firejail 0.9.63
sed: can't read src/man/firejail.man: No such file or directory
sed: can't read src/man/firemon.man: No such file or directory
sed: can't read src/man/firejail-profile.man: No such file or directory
|
|
|
|
| |
Fixes: #3623
|
| |
|
|\ |
|
| | |
|
| | |
|
|/ |
|
|\
| |
| | |
hardening: run plugins with dumpable flag cleared
|
| |
| |
| |
| |
| |
| |
| | |
the kernel clears the dumpable flag if a user has no read permission on an
executable and it is owned by another user; I omitted faudit, fbuilder and
ftee for now as they are not used to configure the sandbox itself, and as
this commit is going to complicate debugging efforts to some extent
|
|/
|
|
| |
/etc/apparmor.d/local/firejail.default - merge form 0.9.62.4
|
| |
|