| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
* firecfg.config: add support for clac
* Create clac.profile
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the CI check does not consider certain special characters
(such as `-`) when sorting due to `sort -d`.
So remove `-d`, sort firecfg using `LC_ALL=C` and enforce that order.
Also add `sort -u` to check for duplicates.
This also allows the CI check to ignore normal comments (lines starting
with `# `) anywhere in the file.
Relates to #4643.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove the space after `#` for commented code and use `#` instead of `-`
for comments at the end of the line.
Commands used to search and replace:
$ f=src/firecfg/firecfg.config; printf '%s\n' "$(sed -E \
-e '3,9999s/^# /#/' \
-e '3,9999s/^#([^ ]+) --? /#\1 # /' \
"$f")" >"$f"
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Create reader.profile
* firecfg.config: add reader support
* reader: integrate review suggestions
- blacklist whole ${RUNUSER}
- drop x11 none
* reader: fix 'x11 none'
|
| |
|
|
|
| |
* firecfg.config: add daisy support
* Create daisy.profile
|
| |
|
|
|
|
|
| |
* disable-programs.inc: add sniffnet support
* Create sniffnet.profile
* firecfg.config: add sniffnet support
|
| |
|
|
|
|
|
|
|
| |
Homepage: https://mullvad.net/en/download/browser/linux
mullvad-browser: don't use restrict-namespaces
mullvad-browser: cover both installation paths
Suggested in review by @kmk3.
|
| |
|
|
|
|
| |
Closes #5899.
Suggested-by: @shaggonit
|
| |
|
|
| |
To make it clearer that they are not modified later.
|
| |
|
|
| |
To make it match the function used in src/jailcheck/utils.c.
|
| | |
|
| |\
| |
| | |
modif: improve errExit error messages
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* Move msg to the end of errExit (right before perror(3p))
* Include the full file path (within the repository)
* Add "()" to function name for clarity
Before:
Error malloc: main.c:123 main: Cannot allocate memory
After:
Error src/firejail/main.c:123 main(): malloc: Cannot allocate memory
Note: This clarifies which is the exact file that the error message
comes from, as there are many source files with the same name. For
example:
$ git ls-files 'src/*/main.c' | wc -l
20
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
And remove the comment, as firecfg does not appear to support
end-of-line comments and normal comments break the linter:
$ ./ci/check/profiles/sort-firecfg.config.sh src/firecfg/firecfg.config
sort: -:13: disorder: #Debian 11 seems to be installing the same fbreader executable twice under two different names
This amends commit 869333a5f ("firecfg.config: fix sorting",
2023-06-28).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
It's currently breaking the profile-checks job in CI[1].
Tihs amends commit d88c8d439 ("fbreader/FBReader profile fixes; more on
static ip map", 2023-06-27).
[1] https://github.com/netblue30/firejail/actions/runs/5394764503/jobs/9796380881
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To make them less confusing, as they are extra dependencies, not files
that are specific to the module.
Commands used to search and replace:
$ git grep -IFlz -e 'MOD_HDRS' -e 'MOD_OBJS' -- src |
xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \
-e 's/MOD_HDRS/EXTRA_HDRS/g' \
-e 's/MOD_OBJS/EXTRA_OBJS/g' '{}')\" >'{}'"
Added on commit f5b1ccaad ("makefiles: move extra deps into new MOD
vars", 2022-05-07) / PR #5478.
|
| |/ |
|
| |
|
|
|
|
|
| |
To reduce the amount of boilerplate in the makefiles.
This amends commit 9789c263a ("build: disable all built-in implicit make
rules", 2023-06-21) / PR #5864.
|
| |\
| |
| | |
profiles: vmware improvements and new redirect
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It appears to be broken on Linux Mint 20.3 (based on Ubuntu 20.04), due
to the "VMWare Kernel Module Updater" being unable to install kernel
modules[1].
Relates to #3526.
[1] https://github.com/netblue30/firejail/issues/5861#issuecomment-1598407890
Reported-by: @MikeNavy
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As a redirect to vmware.profile.
This is apparently the filename for the "VMWare Workstation Player" on
Linux Mint 20.3 (based on Ubuntu 20.04)[1].
Relates to #3526.
[1] https://github.com/netblue30/firejail/issues/5861#issuecomment-1598132860
Reported-by: @MikeNavy
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use `make -r` to reduce unnecessary filesystem lookups.
Overall, this appears to reduce the amount of implicit rule searches by
~93.3% (~97.5% compared to a8f01a383) for the default build and by
~83.3% (~99.3% compared to a8f01a383) for the "man" target (as an
example):
$ git show --pretty='%h %ai %s' -s
a8f01a383 2023-06-20 05:26:23 +0000 Merge pull request #5859 from kmk3/build-remove-retpoline
$ ./configure >/dev/null
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
6798
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
1085
# (in the previous commit)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
2535
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
42
# (with this commit applied)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
170
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
7
Environment: GNU make 4.4.1-2 on Artix Linux.
Note: According to make(1p) in POSIX.1-2017, "If .SUFFIXES does not have
any prerequisites, the list of known suffixes shall be cleared.", while
"The result of setting MAKEFLAGS in the Makefile is unspecified."
Commands used to search and replace:
$ git ls-files -z -- '*Makefile*' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed -E \
's/^(.SUFFIXES:)/\1\nMAKEFLAGS += -r\n/' '{}')\" >'{}'"
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clear `.SUFFIXES:` to reduce unnecessary filesystem lookups.
Overall, this appears to reduce the amount of implicit rule searches by
~62% for the default build and by ~96% for the "man" target (as an
example):
$ git checkout master >/dev/null 2>&1
$ git show --pretty='%h %ai %s' -s
a8f01a383 2023-06-20 05:26:23 +0000 Merge pull request #5859 from kmk3/build-remove-retpoline
$ ./configure >/dev/null
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
6798
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
1085
# (with this commit applied)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
2535
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
42
Environment: GNU make 4.4.1-2 on Artix Linux.
Commands used to search and replace:
$ git ls-files -z -- '*Makefile*' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed '1s/^/.SUFFIXES:\n/' '{}')\" >'{}'"
See also commit f48886f25 ("build: mark most phony targets as such",
2023-02-01) / PR #5637.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is not too uncommon for the firejail version to be missing when
issues are reported; this commit makes it more likely that any posted
logs will contain the program version.
Do so just for firejail and firecfg for now because they are the most
common user-facing programs.
Print the version after argument parsing, in order to avoid printing the
program version more than once and to avoid interfering with commands
that generate machine-readable output (like `firejail --list` and
`firecfg --list`). Also, only print it after all profiles have been
loaded, because a profile may contain `quiet`.
Note: This does not cover the case where the program exits before the
end of argument/profile parsing (such as when an error occurs).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For consistency and readability.
Note: This also makes exactly one extra blank line be printed at the end
of every usage text, which is currently only done in the following
files:
* src/fcopy/main.c
* src/fnettrace-dns/main.c
* src/fnettrace-icmp/main.c
* src/fnettrace-sni/main.c
* src/fnettrace/main.c
* src/profstats/main.c
|
| |
|
|
|
|
|
|
|
|
| |
Changes:
* Name them all "usage_str"
* Make them const
For the latter item, see commit eb20f52ef ("Make list of paths const to
fix a false positive of gcc analyzer", 2022-07-27) / PR #5275.
|
| |
|
|
|
|
|
|
|
| |
Changes:
* Only print the version line in the print_version function
* Add a print_version function where missing (put it in usage.c if the
file exists)
* Always a blank line after the version
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, --version doesn't print a dash while --help does. Example:
$ firejail --version | grep 'version 0'
firejail version 0.9.73
$ firejail --help | grep 'version 0'
firejail - version 0.9.73
For consistency, always print the version without a dash.
Commands used to search and replace:
$ git grep -IFlz ' - version' -- src | xargs -0 -I '{}' sh -c
"printf '%s\n' \"\$(sed 's/ - version/ version/' '{}')\" >'{}'"
|
| |
|
|
|
| |
* Create url-eater.profile
* RELNOTES: add url-eater to 'new profiles'
|
| |\
| |
| | |
add mov-cli.profile
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* microsoft-edge*: fix spacing
* Create microsoft-edge-stable.profile
Relates to #5696.
* firecfg.config: add support for microsoft-edge-stable redirect
* disable-common.inc: blacklist msedge SUID executables
* microsoft-edge: add private-opt and allow internal sandbox access
|
| | | |
|
| |\ \
| | |
| | | |
add ani-cli.profile
|
| | |/
| |
| |
| | |
https://github.com/pystardust/ani-cli
|
| |\ \
| | |
| | | |
add porn-cli.profile
|
| | |/ |
|
| |/
|
|
| |
https://github.com/justchokingaround/lobster
|
| |\
| |
| | |
build: Fix whitespace and add .editorconfig
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes all of the "space before tab in indent" errors raised by git:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
72 space before tab in indent.
Commands used to find the errors:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD
$ git grep -In "$(printf '\t') "
Note: Unlike "space before tab in indent", the reverse ("space after tab
in indent") is not reported by git. That is because spaces could be
intentionally used for alignment or line continuation, but in some cases
they are being used for indentation together with tabs and in others the
formatting is misaligned. The second command was used to help find and
fix these other issues.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create qpdf.profile and redirects
qpdf (CLI) provides PDF metadata cleaning.
See privacy-handbuch.de[1] for details.
The site offers pdf-meta-clean.sh[2], which works very well with
firejailed qpdf.
[1] https://www.privacy-handbuch.de/handbuch_43a.htm
[2] https://www.privacy-handbuch.de/download/pdf-meta-clean.sh
* RELNOTES: add qpdf and redirects to new profiles section
* firecfg.config: add qpdf and redirects
* qpdf: use 'seccomp socket' instead of 'protocol unix'
See https://github.com/netblue30/firejail/issues/639. Thanks @rusty-snake in code review.
|
| | |
|
| |
|
|
| |
md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile
|
| |\ |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
| |
Add a profile for the Qt5 GUI to process Avidemux jobs.
Use a redirection to the avidemux3_qt5 profile to reuse translation
files. The application needs to create a network socket on localhost and
fails to run with protocol unix, so that entry in the default avidemux
profile needs to be extended.
|
glitsj16
Kelvin M. Klann
netblue30
pirate486743186
Kobaxidze256
Neotamandua
David Fetter
Dpeta
Hartmut Knaack