| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 4422ce65a9d1e903e583d0f2eca9dc1ee7c839e9.
------
Revert for now as it breaks on some distros (namely Fedora), see
https://github.com/netblue30/firejail/commit/4422ce65a9d1e903e583d0f2eca9dc1ee7c839e9#commitcomment-42999952
|
| |
|
| |
|
| |
|
|
|
|
| |
Those are unnecessary in embedded environment.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixup 4de61a4b8fae97218de7405273cfe6b8810567f0
$ make rpms
./mkman.sh 0.9.63 src/man/firejail.man firejail.1
sed: can't read src/man/firejail.man: No such file or directory
./mkman.sh 0.9.63 src/man/firemon.man firemon.1
sed: can't read src/man/firemon.man: No such file or directory
./mkman.sh 0.9.63 src/man/firecfg.man firecfg.1
sed: can't read src/man/firecfg.man: No such file or directory
./mkman.sh 0.9.63 src/man/firejail-profile.man firejail-profile.5
sed: can't read src/man/firejail-profile.man: No such file or directory
./mkman.sh 0.9.63 src/man/firejail-login.man firejail-login.5
sed: can't read src/man/firejail-login.man: No such file or directory
./mkman.sh 0.9.63 src/man/firejail-users.man firejail-users.5
sed: can't read src/man/firejail-users.man: No such file or directory
./platform/rpm/mkrpm.sh firejail 0.9.63
|
|
|
|
|
|
|
|
| |
$ make rpms
./platform/rpm/mkrpm.sh firejail 0.9.63
sed: can't read src/man/firejail.man: No such file or directory
sed: can't read src/man/firemon.man: No such file or directory
sed: can't read src/man/firejail-profile.man: No such file or directory
|
|
|
|
| |
Fixes: #3623
|
| |
|
|\ |
|
| | |
|
| | |
|
|/ |
|
|\
| |
| | |
hardening: run plugins with dumpable flag cleared
|
| |
| |
| |
| |
| |
| |
| | |
the kernel clears the dumpable flag if a user has no read permission on an
executable and it is owned by another user; I omitted faudit, fbuilder and
ftee for now as they are not used to configure the sandbox itself, and as
this commit is going to complicate debugging efforts to some extent
|
|/
|
|
| |
/etc/apparmor.d/local/firejail.default - merge form 0.9.62.4
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
revert long-line split and fix bash-completion
|
|
|
|
|
|
| |
- remove -c, the manpage says it is ignored
- $(DESTDIR)/$(bindir)/. -> $(DESTDIR)$(bindir) and so on
- install contrib by file glob (*.py, *.sh)
- split long lines
|
| |
|
|
|
|
|
| |
Configure Debian package with AA and SELinux options if they are
enabled.
|
|
|
| |
We seem to have forgotten 3 scripts from contrib. Let's add those too.
|
|
|
|
|
|
| |
Don't build all filters many times over but instead let them be built
in parallel.
Closes #3393
|
|
|
|
|
|
| |
- create vim directorys (#3396)
- fix #3400 (Eye of GNOME won't open)
- fix feedreader, it is broken without org.freedesktop.secrets access
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
- Makefile.in: loops are slow
- Makefile.in: firecfg.config wasn't installed
- allow-gjs.inc: gjs uses libmozjs, forgotten to commit
|
|
|
|
|
|
|
| |
Move autoconfigured lines up in Makefile.in so that they are defined
before they are used .
Closes #3341 #3344.
|
|
|
|
| |
Closes #3341.
|
|
|
|
|
| |
Sometimes concurrent build could fail if the filter apps were not
made before attempting to make the filters.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
- replaing 'include /etc/firejail/foobar.inc' with
'include $(sysconfdir)/firejail/foobar.inc' is useless since 0.9.58
- onetime calling install with globbing is faster the a loop calling
install nearly 1000 times
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
System calls (names and numbers) are not exactly the same for 32 bit
and 64 bit architectures. Let's allow defining separate filters for
32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This
is useful for mixed 64/32 bit application environments like Steam and
Wine.
Implement protocol and mdwx filtering also for 32 bit arch. It's still
better to block secondary archs completely if not needed.
Lists of supported system calls are also updated.
Warn if preload libraries would be needed due to trace, tracelog or
postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic
linker does not understand the 64 bit preload libraries.
Closes #3267.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
- fix for #2038
- update RELNOTES
- fix #2925
|