aboutsummaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAge
* gcov_wrapper.h: Fix inconsistent Copyright yearsLibravatar Kelvin M. Klann2023-02-15
| | | | | | | | | | Make it "2014-2023", which is the same as in basically every other file that has the same Copyright author. This kind of amends commit b408b20c7 ("gcov: fix build failure with gcc 11.1.0", 2021-06-15) / PR #4376. This is a follow-up to #5664.
* Update copyright to 2023 (#5664)Libravatar David Fetter2023-02-15
|
* Merge pull request #5613 from layderv/escape-cntrl-sequencesLibravatar netblue302023-02-14
|\ | | | | modif: Escape control characters of the command line
| * Escape control charactersLibravatar layderv2023-01-15
| | | | | | | | | | | | | | | | | | | | | | Names and commands can contain control characters: ``` firejail --name="$(echo -e '\e[31mRed\n\b\b\bText\e[0m')" sleep 10s ``` results in "Text" printed in red. Prevent commands like `--tree` to control the terminal.
* | merges, disable sort.py in profile checks temporarely, two more private-etc ↵Libravatar netblue302023-02-14
| | | | | | | | profiles
* | private-etc: more on gcryptLibravatar netblue302023-02-09
| |
* | private-etc: moving gcrypt from tls-ca to x11 groupLibravatar netblue302023-02-08
| |
* | adding machine-id to x11 groupLibravatar netblue302023-02-08
| |
* | installing etc-cleanup tool in /usr/lib/firejail directoryLibravatar netblue302023-02-06
| |
* | private-etc: pushing vulkan into games groupLibravatar netblue302023-02-06
| |
* | private-etc: groups modifiedLibravatar netblue302023-02-05
| |
* | private-etc: cleanup toolLibravatar netblue302023-02-05
| |
* | etc_groups.h: sort groups alphabeticallyLibravatar glitsj162023-02-04
| |
* | etc_groups.h: internally sort groups alphabeticallyLibravatar glitsj162023-02-04
| |
* | private-etc: moved group names to @group syntax; GUI group renamed as @x11 ↵Libravatar netblue302023-01-30
| | | | | | | | group; added nvidia and X11 directories to @x11 group.
* | private-etc: corss-distro test for curl, gimp, inkscape, firefox, warzone2100Libravatar netblue302023-01-28
| |
* | private-etc: fixesLibravatar netblue302023-01-25
| |
* | private-etc rework: file groups moved to src/include/etc_groups.h, new ↵Libravatar netblue302023-01-25
| | | | | | | | groups added
* | private-etc rework: remove hiding blacklisted files in private-etc directory ↵Libravatar netblue302023-01-20
|/ | | | feature
* introduce new option restrict-namespacesLibravatar smitsohu2022-07-23
|
* refresh and sort syscall tablesLibravatar smitsohu2022-07-15
| | | | | | produced using commands documented in src/lib/syscall.c: awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_64.h awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_32.h
* more on removing cgroups (#5200)Libravatar netblue302022-06-16
|
* fixing CVE-2022-31214Libravatar smitsohu2022-06-08
|
* firemon reworkLibravatar netblue302022-06-02
|
* small fixesLibravatar netblue302022-04-10
|
* Merge pull request #5028 from kmk3/fix-gcov-macroLibravatar netblue302022-03-11
|\ | | | | gcov: fix gcov functions always declared as dummy
| * gcov: fix gcov functions always declared as dummyLibravatar Kelvin M. Klann2022-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the check to enable gcov relies on a non-existent macro due to a typo, which looks like it would cause the dummy/empty versions of the gcov functions to always be declared (even with --enable-gcov), instead of the real ones from gcov.h. This commit fixes the typo (HAS_GCOV -> HAVE_GCOV). See configure.ac for the macro declaration. This amends commit 5106b2ec4 ("gcov: use no-op functions if not enabled", 2021-06-20) / PR #4376. Occurrences of each macro with this commit applied: $ git grep -F HAVE_GCOV | wc -l 16 $ git grep -F HAS_GCOV | wc -l 0
* | refactor meta character filteringLibravatar smitsohu2022-03-10
|/
* keep-fd option (#4845)Libravatar smitsohu2022-01-14
|
* 2022 copyright updateLibravatar netblue302022-01-07
|
* more on nettraceLibravatar netblue302022-01-07
|
* gcov: use no-op functions if not enabledLibravatar Kelvin M. Klann2021-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of wrapping every gcov function call in an ifdef. Note: The usage of `((void)0)` is based on section 7.2 of the C99 standard (N1256)[1] [2]: > 7.2 Diagnostics <assert.h> > > 1 The header <assert.h> defines the assert macro and refers to another > macro, > > NDEBUG > > which is not defined by <assert.h>. If NDEBUG is defined as a macro > name at the point in the source file where <assert.h> is included, the > assert macro is defined simply as > > #define assert(ignore) ((void)0) See also assert.h(0p) from POSIX.1-2017[3]. Note: This is a continuation of commit b408b20c7 ("gcov: fix build failure with gcc 11.1.0") / PR #4373. [1] http://www.open-std.org/JTC1/SC22/WG14/www/docs/n1256.pdf [2] https://port70.net/~nsz/c/c99/n1256.html#7.2 [3] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/assert.h.html
* gcov: fix build failure with gcc 11.1.0Libravatar Kelvin M. Klann2021-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The build currently fails if gcov support is enabled: $ pacman -Q gcc gcc 11.1.0-1 $ ./configure --prefix=/usr --enable-apparmor --enable-gcov >/dev/null $ make >/dev/null [...] netstats.c: In function ‘netstats’: netstats.c:250:25: warning: implicit declaration of function ‘__gcov_flush’; did you mean ‘__gcov_dump’? [-Wimplicit-function-declaration] 250 | __gcov_flush(); | ^~~~~~~~~~~~ | __gcov_dump [...] /usr/bin/ld: netstats.o: in function `netstats': /tmp/firejail-git/src/firejail-git/src/firemon/netstats.c:250: undefined reference to `__gcov_flush' [...] collect2: error: ld returned 1 exit status make[1]: *** [Makefile:10: firemon] Error 1 make: *** [Makefile:42: src/firemon/firemon] Error 2 [...] This happens because __gcov_flush was removed on gcc 11.1.0[1] [2] [3]. See the following gcc commits: * d39f7dc8d5 ("Do locking for __gcov_dump and __gcov_reset as well.") * c0532db47d ("Use __gcov_dump and __gcov_reset in execv and fork context.") * 811b7636cb ("Remove __gcov_flush.") Its implementation did the following[4]: __gcov_lock (); __gcov_dump_int (); __gcov_reset_int (); __gcov_unlock (); As hinted in the commit messages above, the function is no longer needed because locking is now done inside each of __gcov_dump and __gcov_reset. So add an implementation of __gcov_flush (on a new gcov_wrapper.h file) for gcc >= 11.1.0, which just calls __gcov_dump and then __gcov_reset. Commands used to search and replace: $ git grep -Flz '#include <gcov.h>' -- '*.c' | xargs -0 -I '{}' sh -c \ "printf '%s\n' \"\`sed 's|<gcov\\.h>|\"../include/gcov_wrapper.h\"|' '{}'\`\" >'{}'" Note: This is the continuation of commit 31557e9c7 ("gcov: add missing gcov.h includes") / PR #4360. [1] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=d39f7dc8d558ca31a661b02d08ff090ce65e6652 [2] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=c0532db47d092430f8e8f497b2dc53343527bb13 [3] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=811b7636cb8c10f1a550a76242b5666c7ae36da2 [4] https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=libgcc/libgcov-interface.c;h=855e8612018d1c9caf90396a3271337aaefdb9b3#l86
* simplify X11 socket whitelistingLibravatar smitsohu2021-06-03
|
* add support for arbitrary whitelist directoriesLibravatar smitsohu2021-05-03
|
* simplify initial /home and /run/user cleaningLibravatar smitsohu2021-03-14
| | | | mount without stash locations, only using the file descriptors
* copyright updateLibravatar startx20172021-02-15
|
* add support for faccessat2 syscallLibravatar glitsj162021-02-10
|
* add support for faccessat2 syscallLibravatar glitsj162021-02-10
|
* add support for fsaccessat2 syscallLibravatar glitsj162021-02-10
|
* Seccomp error action fixesLibravatar Topi Miettinen2021-02-01
| | | | | | | | | | | | | | fsec-optimize: Optimize BPF with current seccomp error action, not just KILL fseccomp: use correct BPF code for errno action firejail: honor seccomp error action for X32 and secondary filters, rebuild filters if the error action is changed Closes: #3933 Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
* non-dumpable pluginsLibravatar smitsohu2021-01-04
| | | | | (hopefully) fixes the issues that led to reverting commits 6abb65d328af61d67361890743190bd4c57f8e3c and 98e42dc6da4e4b1e47ed2aa020012d4dedc1e80e
* a more portable implementation for time measurementsLibravatar netblue302020-12-01
|
* DHCP fixesLibravatar netblue302020-10-06
|
* testing 0.9.64rc1 - disable dumpable working for this release, problems on ↵0.9.64rc1Libravatar netblue2020-10-04
| | | | Debian8; we will bring it back in the next release
* removed --disable-seccomp from ./configureLibravatar startx20172020-09-01
|
* join: move to mmapped sandbox status indicatorLibravatar smitsohu2020-08-31
| | | | | | | | | | 1) close #3612 2) remove an implicit limitation on rlimit-fsize option (could not set limit to smaller than 6 bytes without affecting the ability to join a sandbox) 3) rename 'join-or-start' file to just 'join' 4) when waiting for a sandbox that is not fully configured yet, increase polling frequency from 10 per second to 100 per second
* firemon fix for xdg-bus-proxyLibravatar netblue302020-08-22
|
* Merge pull request #3572 from smitsohu/dumpableLibravatar netblue302020-08-22
|\ | | | | hardening: run plugins with dumpable flag cleared
| * add dumpable warningsLibravatar smitsohu2020-08-17
| |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-31 01:57:38 +0000