| Commit message (Collapse) | Author | Age |
|
|
|
| |
Relates to #5982 #6006 #6057 #6059 #6070 #6086 #6087.
|
|
|
|
|
|
| |
For extra clarity.
Relates to #5987.
|
|
|
|
|
|
|
|
| |
These profile-related changes seem significant enough to warrant
entries, as #6021 adds some guidance on the use of private-opt and #5987
standardizes the format of commented code in all profiles.
Relates to #5987 #6021.
|
|
|
|
| |
Relates to #6026.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This group is apparently used on Gentoo[1].
Currently only the "audio" supplementary group is kept.
Fixes #5992.
See also commit f32938669 ("Keep vglusers group unless no3d is used
(virtualgl)", 2022-01-07) / PR #4851.
[1] https://wiki.gentoo.org/wiki/PipeWire
Reported-by: @amano-kenji
|
|
|
|
| |
Relates to #5965 #5976 #5984.
|
|
|
|
| |
Relates to #5942 #5955 #5956 #5960.
|
|
|
|
|
|
| |
Found by simply running `codespell .`.
Environment: codespell 2.2.5-2 on Artix Linux.
|
|
|
|
| |
Relates to #5916 #5927.
|
|
|
|
| |
Relates to #5894 #5911.
|
|
|
|
| |
Relates to #5871 #5899 #5900.
|
|
|
|
|
|
|
|
|
|
|
| |
See the following commits:
* 6fa19aab9 ("feature: use seccomp filters build at install time for
* --restrict-namespaces", 2023-07-12) and commit
* 80eb28483 ("build: restore seccomp filter targets", 2023-07-13)
* 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12)
Relates to #5898.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simplify the main targets and use wildcards instead of repeating the
filenames manually.
Also, restore the `man` target and building only when `HAVE_MAN` is
enabled.
Note: Make automatically removes intermediate files (.1 and .5), so in
general only the .gz files have to be cleaned.
Commands used to rename the man pages:
cd src/man
git mv firecfg.txt firecfg.1.in
git mv firejail-login.txt firejail-login.5.in
git mv firejail-profile.txt firejail-profile.5.in
git mv firejail-users.txt firejail-users.5.in
git mv firejail.txt firejail.1.in
git mv firemon.txt firemon.1.in
git mv jailcheck.txt jailcheck.1.in
This is kind of a follow-up to commit 9e206b7f2 ("rework src/man
Makefile", 2023-07-07).
|
| |
|
| |
|
|
|
|
| |
Relates to #5859 #5864 #5866.
|
| |
|
|
|
|
|
|
|
|
| |
Added on commit b689b69f6 ("make --private-lib a compile time option,
disabled by default", 2023-03-09) and on commit 91f2b3ffc ("private-lib
cleanup", 2023-03-09).
Relates to #5727 #5732.
|
|
|
|
| |
Relates to #5708 #5741 #5856.
|
|
|
|
| |
Relates to #5842 #5850 #5857.
|
|
|
|
|
| |
See commit f48886f25 ("build: mark most phony targets as such",
2023-02-01) / PR #5637.
|
|
|
|
| |
Relates to #5829.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of Debian 9, use Debian 10 in build_debian_package.
It currently fails to update the package index[1]:
$ apt-get update -qq
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.130.132 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.
Also, note that LTS support for Debian 9 ended on 2022-06-30, while
Debian 10 has LTS support until 2024-06-30[2].
Relates to #5818.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/4195782936
[2] https://wiki.debian.org/LTS
|
|
|
|
| |
Relates to #5806 #5812 #5815.
|
|
|
|
| |
Relates to #5795 #5802.
|
| |
|
|
|
|
|
| |
* Create url-eater.profile
* RELNOTES: add url-eater to 'new profiles'
|
|
|
|
| |
Relates to #5784.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log from a recent run of build_ubuntu_package[1]:
$ ./configure && make deb && dpkg -i firejail*.deb
[...]
dpkg-deb: building package 'firejail' in 'debian.deb'.
A future release will drop --no-tag-display-limit; please use '--tag-display-limit 0' instead.
running with root privileges is not recommended!
E: firejail: latest-changelog-entry-without-new-date [usr/share/doc/firejail/changelog.Debian.gz:1]
[...]
make: *** [Makefile:341: deb] Error 2
$ command -V firejail && firejail --version
/usr/bin/bash: line 139: command: firejail: not found
[1] https://gitlab.com/Firejail/firejail_ci/-/pipelines/832916003
|
|
|
|
| |
Relates to #5757.
|
|
|
|
|
|
|
| |
Licensing-related changes are not quite the same as documentation
changes.
Relates to #5667.
|
|
|
|
| |
Relates to #5783.
|
|
|
|
|
| |
* Create standard-notes.profile
* RELNOTES: add standard-notes to 'new profiles'
|
|
|
|
| |
Relates to #5742.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added in the following commits:
* 336ecb5d6 ("network testing; merges", 2023-03-02)
* 0e48f9933 ("remove firemon --interface option - it is a duplication of
firejail --net.print", 2023-03-08)
Relates to the following commits:
* e4f9f36a4 ("random hostname by default; fix --hostname and
--hosts-file", 2023-02-27)
* 0e48f9933 ("remove firemon --interface option - it is a duplication of
firejail --net.print", 2023-03-08)
|
| |
|
| |
|
| |
|
|
|
|
| |
Relates to #5674 #5677.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create qpdf.profile and redirects
qpdf (CLI) provides PDF metadata cleaning.
See privacy-handbuch.de[1] for details.
The site offers pdf-meta-clean.sh[2], which works very well with
firejailed qpdf.
[1] https://www.privacy-handbuch.de/handbuch_43a.htm
[2] https://www.privacy-handbuch.de/download/pdf-meta-clean.sh
* RELNOTES: add qpdf and redirects to new profiles section
* firecfg.config: add qpdf and redirects
* qpdf: use 'seccomp socket' instead of 'protocol unix'
See https://github.com/netblue30/firejail/issues/639. Thanks @rusty-snake in code review.
|
|
|
|
| |
Relates to #5667 #5668.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This amends commit 707f48a12 ("RELNOTES", 2023-02-14).
Note: The "Allow only letters and digits" modif item was implemented on
commit b4ffaa207 ("merges; more on cleaning up esc chars", 2023-02-14)
and relates to both #5578 and #5613. The "--hostname" part of both the
"Prevent" and the "Allow" modif items was also only added on that
commit. Discussion about the hostname:
https://github.com/netblue30/firejail/pull/5613#issuecomment-1421271389
Relates to #5578.
|
|
|
|
| |
Relates to #5613 #5654.
|
|
|
|
|
|
|
|
|
| |
Move it before modifs, add missing PR reference and make the description
match the PR name.
This amends commit 9d68139d7 ("merges", 2023-02-06).
Relates to #1127 #5634.
|
| |
|
| |
|
|
|
|
| |
Relates to #5627 #5637.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the "fix:" prefix to "bugfix:" and move it below modifs, for
consistency with the previous releases.
Also, add a missing PR reference and make the description match the
current issue title.
Added on commit be88622c8 ("private-etc: fix man page", 2023-01-25).
Relates to #5601 #5618.
|