| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following "implicit declaration" warning (13 occurrences in
total) when building with gcov support:
$ pacman -Q gcc10
gcc10 1:10.2.0-3
$ CC=gcc-10 && export CC
$ ./configure --prefix=/usr --enable-apparmor --enable-gcov >/dev/null
$ make >/dev/null
appimage.c: In function ‘appimage_set’:
appimage.c:140:2: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration]
140 | __gcov_flush();
| ^~~~~~~~~~~~
interface.c: In function ‘print_sandbox’:
interface.c:149:3: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration]
149 | __gcov_flush();
| ^~~~~~~~~~~~
netstats.c: In function ‘netstats’:
netstats.c:246:4: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration]
246 | __gcov_flush();
| ^~~~~~~~~~~~
[...]
Note: The commands above were executed from makepkg, while building
firejail-git from the AUR.
Note2: gcc-10 was used because the build fails with the current gcc
version (11.1.0) on Artix Linux. The failure happens because
__gcov_flush was removed on gcc 11.1.0[1]; this will be addressed later.
Note3: The following command helped find the affected files:
$ git grep -Fl __gcov -- src
[1] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=811b7636cb8c10f1a550a76242b5666c7ae36da2
|
| |
|
|\
| |
| | |
rename noautopulse to keep-config-pulse
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Dumb patch that adds O_CLOEXEC to all open/fopen
calls, even where it is obviously pointless.
While at it, also add O_EXCL where it might be
considered useful, for example to clear Coverity
warnings, or on files that subsequently are used
to configure a join sandbox.
Pure defense in depth, this patch should have no
observable effects.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default only joystick devices ("/dev/input/js*") can be accessed.
At least, that's the case on Debian: the other entries have more restrictive permissions.
The original owner and group are "root" and "input", respectively.
However, until we have granular input control options, allowing access to joysticks only is better than nothing.
$ ls -l /dev
total 0
lrwxrwxrwx 1 nobody nogroup 8 23 apr 07.22 cdrom -> /dev/sr0
lrwxrwxrwx 1 nobody nogroup 8 23 apr 07.22 cdrw -> /dev/sr0
drwxr-xr-x 3 nobody nogroup 100 22 apr 19.18 dri
lrwxrwxrwx 1 nobody nogroup 8 23 apr 07.22 dvd -> /dev/sr0
lrwxrwxrwx 1 nobody nogroup 8 23 apr 07.22 dvdrw -> /dev/sr0
lrwxrwxrwx 1 nobody nogroup 13 23 apr 07.22 fd -> /proc/self/fd
crw-rw-rw- 1 nobody nogroup 1, 7 23 apr 07.22 full
crw-rw----+ 1 nobody nogroup 244, 0 22 apr 19.18 hidraw0
crw-rw----+ 1 nobody nogroup 244, 1 22 apr 19.18 hidraw1
crw-rw----+ 1 nobody nogroup 244, 2 22 apr 19.18 hidraw2
crw-rw----+ 1 nobody nogroup 244, 3 22 apr 19.18 hidraw3
crw-rw----+ 1 nobody nogroup 244, 4 22 apr 19.18 hidraw4
crw-rw----+ 1 nobody nogroup 244, 5 22 apr 19.18 hidraw5
drwxr-xr-x 4 nobody nogroup 760 23 apr 07.22 input
srw-rw-rw- 1 nobody nogroup 0 22 apr 19.18 log
crw-rw-rw- 1 nobody nogroup 1, 3 23 apr 07.22 null
lrwxrwxrwx 1 nobody nogroup 13 23 apr 07.22 ptmx -> /dev/pts/ptmx
drwxr-xr-x 2 nobody nogroup 0 23 apr 07.22 pts
crw-rw-rw- 1 nobody nogroup 1, 8 23 apr 07.22 random
drwxrwxrwt 2 nobody nogroup 40 23 apr 07.22 shm
drwxr-xr-x 4 nobody nogroup 500 22 apr 19.18 snd
brw-rw----+ 1 nobody nogroup 11, 0 23 apr 00.24 sr0
lrwxrwxrwx 1 nobody nogroup 15 23 apr 07.22 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 nobody nogroup 15 23 apr 07.22 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 nobody nogroup 15 23 apr 07.22 stdout -> /proc/self/fd/1
crw-rw-rw- 1 nobody nogroup 5, 0 23 apr 07.22 tty
crw-rw-rw- 1 nobody nogroup 1, 9 23 apr 07.22 urandom
drwxr-xr-x 2 nobody nogroup 120 22 apr 19.18 usb
crw-rw----+ 1 nobody video 81, 0 22 apr 19.18 video0
crw-rw----+ 1 nobody video 81, 1 22 apr 19.18 video1
crw-rw----+ 1 nobody video 81, 2 22 apr 19.18 video2
crw-rw----+ 1 nobody video 81, 3 22 apr 19.18 video3
crw-rw-rw- 1 nobody nogroup 1, 5 23 apr 07.22 zero
$ ls -l /dev/input
total 0
drwxr-xr-x 2 nobody nogroup 280 23 apr 07.22 by-id
drwxr-xr-x 2 nobody nogroup 300 23 apr 07.22 by-path
crw-rw---- 1 nobody nogroup 13, 64 22 apr 19.18 event0
crw-rw---- 1 nobody nogroup 13, 65 22 apr 19.18 event1
crw-rw---- 1 nobody nogroup 13, 74 22 apr 19.18 event10
crw-rw---- 1 nobody nogroup 13, 75 22 apr 19.18 event11
crw-rw---- 1 nobody nogroup 13, 76 22 apr 19.18 event12
crw-rw---- 1 nobody nogroup 13, 77 22 apr 19.18 event13
crw-rw---- 1 nobody nogroup 13, 78 22 apr 19.18 event14
crw-rw---- 1 nobody nogroup 13, 79 22 apr 19.18 event15
crw-rw---- 1 nobody nogroup 13, 80 22 apr 19.18 event16
crw-rw---- 1 nobody nogroup 13, 81 22 apr 19.18 event17
crw-rw---- 1 nobody nogroup 13, 82 22 apr 19.18 event18
crw-rw---- 1 nobody nogroup 13, 83 22 apr 19.18 event19
crw-rw---- 1 nobody nogroup 13, 66 22 apr 19.18 event2
crw-rw---- 1 nobody nogroup 13, 84 22 apr 19.18 event20
crw-rw---- 1 nobody nogroup 13, 85 22 apr 19.18 event21
crw-rw---- 1 nobody nogroup 13, 86 22 apr 19.18 event22
crw-rw---- 1 nobody nogroup 13, 87 22 apr 19.18 event23
crw-rw---- 1 nobody nogroup 13, 88 22 apr 19.18 event24
crw-rw---- 1 nobody nogroup 13, 89 22 apr 19.18 event25
crw-rw---- 1 nobody nogroup 13, 90 22 apr 19.18 event26
crw-rw---- 1 nobody nogroup 13, 91 22 apr 19.18 event27
crw-rw----+ 1 nobody nogroup 13, 92 23 apr 07.22 event28
crw-rw---- 1 nobody nogroup 13, 67 22 apr 19.18 event3
crw-rw---- 1 nobody nogroup 13, 68 22 apr 19.18 event4
crw-rw---- 1 nobody nogroup 13, 69 22 apr 19.18 event5
crw-rw---- 1 nobody nogroup 13, 70 22 apr 19.18 event6
crw-rw---- 1 nobody nogroup 13, 71 22 apr 19.18 event7
crw-rw---- 1 nobody nogroup 13, 72 22 apr 19.18 event8
crw-rw---- 1 nobody nogroup 13, 73 22 apr 19.18 event9
crw-rw-r-- 1 nobody nogroup 13, 0 22 apr 19.18 js0
crw-rw-r--+ 1 nobody nogroup 13, 1 23 apr 07.22 js1
crw-rw---- 1 nobody nogroup 13, 63 22 apr 19.18 mice
crw-rw---- 1 nobody nogroup 13, 32 22 apr 19.18 mouse0
crw-rw---- 1 nobody nogroup 13, 33 22 apr 19.18 mouse1
$ ls -l /dev/input/by-id
total 0
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 usb-BY_Tech_Usb-event-if01 -> ../event9
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 usb-BY_Tech_Usb-event-kbd -> ../event8
lrwxrwxrwx 1 nobody nogroup 10 22 apr 19.18 usb-BY_Tech_Usb-if01-event-kbd -> ../event11
lrwxrwxrwx 1 nobody nogroup 10 22 apr 19.18 usb-BY_Tech_Usb-if01-event-mouse -> ../event12
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 usb-BY_Tech_Usb-if01-mouse -> ../mouse1
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 usb-SOAI_USB_Gaming_Mouse-event-if01 -> ../event5
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 usb-SOAI_USB_Gaming_Mouse-event-mouse -> ../event2
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 usb-SOAI_USB_Gaming_Mouse-if01-event-kbd -> ../event3
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 usb-SOAI_USB_Gaming_Mouse-mouse -> ../mouse0
lrwxrwxrwx 1 nobody nogroup 10 22 apr 19.18 usb-Sonix_Technology_Co.__Ltd._H264_USB_Camera_SN0001-event-if00 -> ../event27
lrwxrwxrwx 1 nobody nogroup 10 23 apr 07.22 usb-ZEROPLUS_Controller_3136303033313032354246323543-event-joystick -> ../event28
lrwxrwxrwx 1 nobody nogroup 6 23 apr 07.22 usb-ZEROPLUS_Controller_3136303033313032354246323543-joystick -> ../js1
$ ls -l /dev/input/by-path
total 0
lrwxrwxrwx 1 nobody nogroup 10 23 apr 07.22 pci-0000:05:00.1-usb-0:6.1:1.0-event-joystick -> ../event28
lrwxrwxrwx 1 nobody nogroup 6 23 apr 07.22 pci-0000:05:00.1-usb-0:6.1:1.0-joystick -> ../js1
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 pci-0000:05:00.3-usb-0:6.3:1.0-event-mouse -> ../event2
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 pci-0000:05:00.3-usb-0:6.3:1.0-mouse -> ../mouse0
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 pci-0000:05:00.3-usb-0:6.3:1.1-event -> ../event5
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 pci-0000:05:00.3-usb-0:6.3:1.1-event-kbd -> ../event3
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 pci-0000:05:00.3-usb-0:6.4:1.0-event-kbd -> ../event8
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 pci-0000:05:00.3-usb-0:6.4:1.1-event -> ../event9
lrwxrwxrwx 1 nobody nogroup 10 22 apr 19.18 pci-0000:05:00.3-usb-0:6.4:1.1-event-kbd -> ../event11
lrwxrwxrwx 1 nobody nogroup 10 22 apr 19.18 pci-0000:05:00.3-usb-0:6.4:1.1-event-mouse -> ../event12
lrwxrwxrwx 1 nobody nogroup 9 22 apr 19.18 pci-0000:05:00.3-usb-0:6.4:1.1-mouse -> ../mouse1
lrwxrwxrwx 1 nobody nogroup 10 22 apr 19.18 pci-0000:0c:00.3-usb-0:4:1.0-event -> ../event27
lrwxrwxrwx 1 nobody nogroup 10 22 apr 19.18 platform-pcspkr-event-spkr -> ../event13
|
|
|
|
| |
adds support to run appimage in a chroot
|
| |
|
|\
| |
| | |
sandbox setup: postpone library preloading
|
| |
| |
| |
| |
| | |
for now avoids mixing of traces from sandbox helpers
into application traces
|
|\ \
| | |
| | | |
sandbox setup: postpone fslogger
|
| |/
| |
| |
| |
| |
| | |
postpone writing of log file in order to
catch filesystem modifications from x11
functions
|
| |
| |
| |
| |
| |
| | |
back in the days always the same default seccomp filter was loaded
for chroot/appimage/overlayfs sandboxes. Nowadays users can configure
their own filters, so allow postexecseccomp again.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
remove whitespaces in order to create
a uniform message layout. Compare with:
** Note: you can use --noprofile to disable default.profile **
when firejail loads the default profile.
|
| |
| |
| |
| | |
fixes reversed /etc and /usr/etc timetraces
|
| |
| |
| |
| |
| |
| |
| |
| | |
Better for portability and consistency. Currently strerror() is used
everywhere else, so use it here as well. printf's %m is a glibc
extension that is supported also by some other libc implementations.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| | |
|
| |
| |
| |
| |
| |
| | |
The current message misses the info that nnp and nogroups is applied
too. The new mentions nnp too, but is very long. If anyone has a better
wording, say it.
|
| |
| |
| |
| | |
This will always set 'nonewprivs', 'caps.drop all' and 'nogroups'.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Firejail uses file bind-mounts to filter /etc/passwd and /etc/group
content. If private-etc is used, these mounts are left underneath
the /etc directory mount and this seems to be causing problems in
devices with older kernels: attempts to modify passwd or group
data fails with EBUSY.
Make it possible to perform fs_private_dir_list() actions in two
separate phases.
Undo the file mounts in /etc before mounting private-etc content.
Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Save all environment variables for later use in the application, clear
environment and re-apply only whitelisted variables for the main
firejail process. The whitelisted environment is only used by C
library. Sandboxed tools will get further variables used
internally (FIREJAIL_*).
All variables will be reapplied for the firejailed application.
This also lifts the length restriction for environment variables,
except for the variables used by Firejail itself or the sandboxed
tools.
|
|\
| |
| | |
join: add fexecve fallback for shells
|
| |
| |
| |
| |
| |
| |
| |
| | |
Allows users to join a sandbox and get a shell even
if there is none in the sandbox mount namespace.
There are few limitations:
1. This will fail with scripted shells (see man 3 fexecve for an explanation)
2. Shell process names are not user friendly
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
fixes e.g. --shell=none --seccomp.drop=write --seccomp-error-action=kill
|
|
|
|
|
|
|
|
|
|
| |
1) close #3612
2) remove an implicit limitation on rlimit-fsize option
(could not set limit to smaller than 6 bytes without affecting
the ability to join a sandbox)
3) rename 'join-or-start' file to just 'join'
4) when waiting for a sandbox that is not fully configured yet,
increase polling frequency from 10 per second to 100 per second
|
| |
|
|\ |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
| |
Allow setting a separate policy for the user and system buses.
For now, the filter policy is equivalent to the none (block) policy.
Future commits will add more configuration options and filters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let user specify the action when seccomp filters trigger:
- errno name like EPERM (default) or ENOSYS: return errno and let the process continue.
- 'kill': kill the process as previous versions
The default action is EPERM, but killing can still be specified with
syscall:kill syntax or globally with seccomp-error-action=kill. The
action can be also overridden /etc/firejail/firejail.config file.
Not killing the process weakens Firejail slightly when trying to
contain intrusion, but it may also allow tighter filters if the
only alternative is to allow a system call.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
System calls (names and numbers) are not exactly the same for 32 bit
and 64 bit architectures. Let's allow defining separate filters for
32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This
is useful for mixed 64/32 bit application environments like Steam and
Wine.
Implement protocol and mdwx filtering also for 32 bit arch. It's still
better to block secondary archs completely if not needed.
Lists of supported system calls are also updated.
Warn if preload libraries would be needed due to trace, tracelog or
postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic
linker does not understand the 64 bit preload libraries.
Closes #3267.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
|
| |
add AppArmor confinement to processes started with --join and,
more importantly, --join-or-start
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin`
shows that the SELinux labels are not correct:
```
user_u:object_r:user_tmpfs_t:s0 .
system_u:object_r:usr_t:s0 ..
user_u:object_r:user_tmpfs_t:s0 bash
user_u:object_r:user_tmpfs_t:s0 ls
```
After fixing this:
```
system_u:object_r:bin_t:s0 .
system_u:object_r:usr_t:s0 ..
system_u:object_r:shell_exec_t:s0 bash
system_u:object_r:bin_t:s0 ls
```
Most copied files and created directories should now have correct
labels (bind mounted objects keep their labels). This is useful to
avoid having to change the SELinux rules when using Firejail.
|
|
|
|
| |
see issue #3145
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
|