| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Configure summary: autoconf essentially only parses configure.ac and
generates the configure script (that is, the "./configure" shell
script). The latter is what actually checks what is available on the
system and internally sets the value of the output variables. It then,
for every filename foo in AC_CONFIG_FILES (and for every output variable
name BAR in AC_SUBST), reads foo.in, replaces every occurrence of
`@BAR@` with the value of the shell variable `$BAR` and generates the
file foo from the result. After this, configure is finished and `make`
could be executed to start the build.
Now that (as of #5140) all output variables are only defined on
config.mk.in and on config.sh.in, there is no need to generate any
makefile nor any other mkfile or shell script at configure time. So
rename every "Makefile.in" to "Makefile", mkdeb.sh.in to mkdeb.sh,
src/common.mk.in to src/common.mk and leave just config.mk and config.sh
as the files to be generated at configure time.
This allows editing and committing all makefiles directly, without
potentially having to run ./configure in between.
Commands used to rename the makefiles:
$ git ls-files -z -- '*Makefile.in' | xargs -0 -I '{}' sh -c \
"git mv '{}' \"\$(dirname '{}')/Makefile\""
Additionally, from my (rudimentary) testing, this commit reduces the
time it takes to run ./configure by about 20~25% compared to commit
72ece92ea ("Transmission fixes: drop private-lib (#5213)", 2022-06-22).
Environment: dash 0.5.11.5-1, gcc 12.1.0-2, Artix Linux, ext4 on an HDD.
Commands used for benchmarking each commit:
$ : >time_configure && ./configure && make distclean &&
for i in $(seq 1 10); do
{ time -p ./configure; } 2>>time_configure; done
$ grep real time_configure |
awk '{ total += $2 } END { print total/NR }'
|
| |
|
|
|
|
|
| |
See src/tools/extract_errnos.sh.
Added on commit 081d1fbf2 ("Add seccomp errno filter support",
2015-09-23) / PR #66.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A non-absolute path on an include command is always treated as being
relative to the directory in which "make" was started in, rather than
being relative to the makefile that contains the command. For example,
given the following project structure and file contents:
* Makefile: include src/foo.mk
* src/foo.mk: include bar.mk
* src/bar.mk:
Running "make" on the root project directory (that is, where "Makefile"
is) yields the following:
src/foo.mk:1: bar.mk: No such file or directory
As "bar.mk" in "include bar.mk" is relative to the current (process)
directory (that is, "./bar.mk") and not to where foo.mk is located in
("./src/bar.mk").
So on every makefile that contains an include command, define the root
project directory in the ROOT variable and always include relative to
it, to later enable any included mkfiles to include other mkfiles
without having to worry about the correct path.
Commands used to search and replace:
$ git grep -Flz 'include ../common.mk' -- src |
xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\`sed 's|include ../common.mk|ROOT = ../..\ninclude \$(ROOT)/src/common.mk|' '{}'\`\" >'{}'"
Environment: GNU make 4.3-3.1 on Artix Linux
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
remove kcmp from seccomp default drop list
|
| | | |
|
| |/ |
|
| | |
|
| |\
| |
| | |
private-lib: mask /usr/local/lib[,64] directories, too
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid a stat() call for each affected target and also potentially speed
up parallel builds.
From the GNU make manual[1]:
> Phony targets are also useful in conjunction with recursive
> invocations of make (see Recursive Use of make). In this situation
> the makefile will often contain a variable which lists a number of
> sub-directories to be built.
[...]
> The implicit rule search (see Implicit Rules) is skipped for .PHONY
> targets. This is why declaring a target as .PHONY is good for
> performance, even if you are not worried about the actual file
> existing.
Commands used to search, replace and cleanup:
$ find -type f -name '*Makefile.in' -exec sed -i.bak \
-e 's/^all:/.PHONY: all\nall:/' \
-e 's/^clean:/.PHONY: clean\nclean:/' \
-e 's/^distclean:/.PHONY: distclean\ndistclean:/' '{}' +
$ find -type f -name '*Makefile.in.bak' -exec rm '{}' +
[1]: https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
|
| | |
|
| | |
|
| |\
| |
| | |
return to non-dumpable plugins
|
| | |
| |
| |
| |
| | |
(hopefully) fixes the issues that led to reverting
commits 6abb65d328af61d67361890743190bd4c57f8e3c and 98e42dc6da4e4b1e47ed2aa020012d4dedc1e80e
|
| |/
|
|
|
|
|
|
|
| |
* don't mess with umask of root, it could be more strict
than user umask and relaxing it may catch root by surprise
* join needs execveat syscall, need to drop it post-exec
* make things more explicit
|
| | |
|
| |
|
|
| |
kernel >= 5.8 now translates mode "1" to "noaccess" and mode "2" to "invisible", which breaks
Firejail's hidepid detection
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let user specify the action when seccomp filters trigger:
- errno name like EPERM (default) or ENOSYS: return errno and let the process continue.
- 'kill': kill the process as previous versions
The default action is EPERM, but killing can still be specified with
syscall:kill syntax or globally with seccomp-error-action=kill. The
action can be also overridden /etc/firejail/firejail.config file.
Not killing the process weakens Firejail slightly when trying to
contain intrusion, but it may also allow tighter filters if the
only alternative is to allow a system call.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
System calls (names and numbers) are not exactly the same for 32 bit
and 64 bit architectures. Let's allow defining separate filters for
32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This
is useful for mixed 64/32 bit application environments like Steam and
Wine.
Implement protocol and mdwx filtering also for 32 bit arch. It's still
better to block secondary archs completely if not needed.
Lists of supported system calls are also updated.
Warn if preload libraries would be needed due to trace, tracelog or
postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic
linker does not understand the 64 bit preload libraries.
Closes #3267.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |
|
|
| |
see issue #3145
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
* move copyright statement to 2020
|
| | |
|
| | |
|
| |
|
| |
Remove redundant `child` variable in src/lib/pid.c
|
| |
|
|
| |
firetools
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
run firecfg with umask 022 and print a diagnostic message if
the database is not readable.
closes #2225
|
| |
|
|
| |
avoid accounting for processes with a "firejail" prefix.
|
| |
|
|
| |
Fixes #2117
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
#1964
|
| | |
|
Kelvin M. Klann
smitsohu
netblue30
startx2017
glitsj16
netblue30
rusty-snake
Reiner Herrmann
Andrew Branson
Topi Miettinen
Disconnect3d
Glenn Washburn
Tad