| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See commit 15d793838 ("Try to fix #2310 -- Can't create run directory
without suid-root", 2021-05-13) / PR #4273.
It is the only "HAVE_" option whose value is set by if/else on a
makefile. Also, it is set in different places to either "yes", "no",
blank or "-DHAVE_SUID". Set the value only on configure.ac and only to
either blank or to "-DHAVE_SUID".
Misc: The `ifeq ($(HAVE_SUID),-DHAVE_SUID)` comparison that this adds is
based on the existing `ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)`
comparison on Makefile.in.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added on commit 137985136 ("Baseline firejail 0.9.28", 2015-08-08). See
also commit ad6bb83fa ("consolidate makefiles", 2018-03-31).
It is not used anywhere. And it looks like it has never been used
anywhere:
$ git log --oneline -Gpthread.h 137985136..master
$
Issue mentioned by @rusty-snake:
https://github.com/netblue30/firejail/issues/4642#issuecomment-955795463
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using the "wildcard" internal functions.
This usage has been present since the first "real" commit in the
repository: commit 137985136 ("Baseline firejail 0.9.28").
> H_FILE_LIST = $(sort $(wildcard *.[h]))
> C_FILE_LIST = $(sort $(wildcard *.c))
There is only a single character (i.e.: "h") inside the character class,
so its usage should make no functional difference. It may stem from a
construct that could have originally looked something like this:
C_FILE_LIST = $(sort $(wildcard *.[ch]))
Which would match both the implementation files and the headers.
From Section 4.4, [Using Wildcard Characters in File Names][1] of the
GNU make manual:
> A single file name can specify many files using wildcard characters.
> The wildcard characters in make are ‘*’, ‘?’ and ‘[…]’, the same as in
> the Bourne shell. For example, *.c specifies a list of all the files
> (in the working directory) whose names end in ‘.c’.
See also Section 2.13, [Pattern Matching Notation][2] of POSIX.1-2017.
Commands used to search, replace and clean up:
$ find . -name .git -prune -o -type f \
\( -name Makefile -o -name Makefile.in \
-o -name '*.mk' -o -name '*.mk.in' \) -print0 |
xargs -0 grep -Fl '$(wildcard *.[h])' | tr '\n' '\000' |
xargs -0 sed -i.bak -e \
's/\$(wildcard \*.\[h\])/$(wildcard *.h)/'
$ find . -name .git -prune -o -type f \
-name '*.bak' -exec rm '{}' +
Note: To make sure that this doesn't actually change anything
functionally, I built firejail-git (AUR) on Artix from master and from
this commit and diffing the resulting files produced no output (other
than showing changes related to the build timestamps).
Misc: Reference to the previous makefile-related changes: commit
2465f9248 ("makefiles: make all, clean and distclean PHONY") /
https://github.com/netblue30/firejail/pull/4024
[1]: https://www.gnu.org/software/make/manual/html_node/Wildcards.html
[2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
|
|
|
|
| |
This will always set 'nonewprivs', 'caps.drop all' and 'nogroups'.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
according to GCC documentation (https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html):
"For predictable results, you must also specify the same set of options
used for compilation (-fpie, -fPIE, or model suboptions) when you
specify this linker option."
|
|
|
|
| |
building with clang printed a warning
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin`
shows that the SELinux labels are not correct:
```
user_u:object_r:user_tmpfs_t:s0 .
system_u:object_r:usr_t:s0 ..
user_u:object_r:user_tmpfs_t:s0 bash
user_u:object_r:user_tmpfs_t:s0 ls
```
After fixing this:
```
system_u:object_r:bin_t:s0 .
system_u:object_r:usr_t:s0 ..
system_u:object_r:shell_exec_t:s0 bash
system_u:object_r:bin_t:s0 ls
```
Most copied files and created directories should now have correct
labels (bind mounted objects keep their labels). This is useful to
avoid having to change the SELinux rules when using Firejail.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Make sure all files end with a newline
Strip extra newlines and trailing whitespace from files
|
| |
|
| |
|
|
|