| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
Based on the discussion at #5063.
Misc: The `\&` is used to escape the dot in `.desktop` (see roff(7)).
This amends commit a9c851ee4 ("firecfg: use ignorelist also for .desktop
files", 2024-01-08) / PR #6153.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.
So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.
Examples of filesystem and network access flags:
* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
remote port.
Relates to #6078.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow overriding the following tools at configure-time and build-time:
* codespell
* cppcheck
* gawk
* scan-build
For example, instead of hardcoding `gawk`, enable overriding it at
configure-time with:
./configure GAWK=/path/to/gawk
To override it for a single `make` invocation:
make GAWK=/path/to/gawk
Also, add default values for the programs that are not found (rather
than leaving the variables empty), to make error messages clearer when
trying to run them:
$ make CPPCHECK= cppcheck-old
[...]
force --error-exitcode=1 --enable=warning,performance .
make: force: No such file or directory
$ make CPPCHECK=cppcheck cppcheck-old
[...]
cppcheck --force --error-exitcode=1 --enable=warning,performance .
make: cppcheck: No such file or directory
|
|
|
|
|
|
|
|
|
| |
This amends commit 760f50f78 ("landlock: move commands into profile and
add landlock.enforce", 2023-11-17) / PR #6125.
Misc: This was noticed on #6203.
Relates to #6078.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As discussed with @topimiettinen[1], it is unlikely that an unprivileged
process would need to directly create block or character devices. Also,
`landlock.special` is not very descriptive of what it allows.
So split `landlock.special` into:
* `landlock.makeipc`: allow creating named pipes and sockets (which are
usually used for inter-process communication)
* `landlock.makedev`: allow creating block and character devices
Misc: The `makedev` name is based on `nodev` from mount(8), which makes
mount not interpret block and character devices. `ipc` was suggested by
@rusty-snake[2].
Relates to #6078.
[1] https://github.com/netblue30/firejail/pull/6078#pullrequestreview-1740569786
[2] https://github.com/netblue30/firejail/pull/6187#issuecomment-1924107294
|
|\
| |
| | |
firecfg: use ignorelist also for .profile/.desktop files
|
| |
| |
| |
| |
| |
| | |
Closes #5245.
Relates to #5876.
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* Move commands from --landlock and --landlock.proc= into
etc/inc/landlock-common.inc
* Remove --landlock and --landlock.proc=
* Add --landlock.enforce
Instead of hard-coding the default commands (and having a separate
command just for /proc), move them into a dedicated profile to make it
easier for users to interact with the entries (view, copy, add ignore
entries, etc).
Only enforce the Landlock commands if --landlock.enforce is supplied.
This allows safely adding Landlock commands to (upstream) profiles while
keeping their enforcement opt-in. It also makes it simpler to
effectively disable all Landlock commands, by using
`--ignore=landlock.enforce`.
Relates to #6078.
|
|
|
|
|
|
| |
Originally from PR #5359.
Relates to #6078.
|
|
|
|
| |
in README.md
|
|\
| |
| | |
feature: add Landlock support
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Based on 5315 by ChrysoliteAzalea.
It is based on the same underlying structure, but with a lot of
refactoring/simplification and with bugfixes and improvements.
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
Co-authored-by: Азалия Смарагдова <charming.flurry@yandex.ru>
|
|\ \
| |/
|/| |
feature: firecfg: add firecfg.d & add ignore command
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ignore command (`!PROGRAM`), as suggested by @WhyNotHugo[1].
It prevents firecfg from creating a symlink for the given program.
Also, document the paths used and the config file syntax.
Note that `/etc/firejail/firecfg.d/*.conf` files are parsed before
/etc/firejail/firecfg.config, so the former can ignore/override any item
in the latter.
Closes #2097.
[1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
|
| |
| |
| |
| | |
to run these options
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `shell` option has been removed. Remove stale references.
This does NOT remove `shell none`-related code comments in:
- src/firejail/fs_lib.c (L433-L441)
- src/firejail/join.c (L415-L417)
Relates to #5196.
Suggested by #5891.
|
|
|
|
|
|
| |
Closes #5899.
Suggested-by: @shaggonit
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simplify the main targets and use wildcards instead of repeating the
filenames manually.
Also, restore the `man` target and building only when `HAVE_MAN` is
enabled.
Note: Make automatically removes intermediate files (.1 and .5), so in
general only the .gz files have to be cleaned.
Commands used to rename the man pages:
cd src/man
git mv firecfg.txt firecfg.1.in
git mv firejail-login.txt firejail-login.5.in
git mv firejail-profile.txt firejail-profile.5.in
git mv firejail-users.txt firejail-users.5.in
git mv firejail.txt firejail.1.in
git mv firemon.txt firemon.1.in
git mv jailcheck.txt jailcheck.1.in
This is kind of a follow-up to commit 9e206b7f2 ("rework src/man
Makefile", 2023-07-07).
|
|
|
|
|
|
|
|
| |
Added in the following commits:
* f3774678f ("compress static ip map for fnettrace at compile time",
2023-07-06)
* 9e206b7f2 ("rework src/man Makefile", 2023-07-07)
|
| |
|
|
|
|
|
|
|
| |
To reduce the amount of boilerplate in the makefiles.
This amends commit 9789c263a ("build: disable all built-in implicit make
rules", 2023-06-21) / PR #5864.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use `make -r` to reduce unnecessary filesystem lookups.
Overall, this appears to reduce the amount of implicit rule searches by
~93.3% (~97.5% compared to a8f01a383) for the default build and by
~83.3% (~99.3% compared to a8f01a383) for the "man" target (as an
example):
$ git show --pretty='%h %ai %s' -s
a8f01a383 2023-06-20 05:26:23 +0000 Merge pull request #5859 from kmk3/build-remove-retpoline
$ ./configure >/dev/null
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
6798
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
1085
# (in the previous commit)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
2535
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
42
# (with this commit applied)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
170
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
7
Environment: GNU make 4.4.1-2 on Artix Linux.
Note: According to make(1p) in POSIX.1-2017, "If .SUFFIXES does not have
any prerequisites, the list of known suffixes shall be cleared.", while
"The result of setting MAKEFLAGS in the Makefile is unspecified."
Commands used to search and replace:
$ git ls-files -z -- '*Makefile*' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed -E \
's/^(.SUFFIXES:)/\1\nMAKEFLAGS += -r\n/' '{}')\" >'{}'"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clear `.SUFFIXES:` to reduce unnecessary filesystem lookups.
Overall, this appears to reduce the amount of implicit rule searches by
~62% for the default build and by ~96% for the "man" target (as an
example):
$ git checkout master >/dev/null 2>&1
$ git show --pretty='%h %ai %s' -s
a8f01a383 2023-06-20 05:26:23 +0000 Merge pull request #5859 from kmk3/build-remove-retpoline
$ ./configure >/dev/null
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
6798
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
1085
# (with this commit applied)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
2535
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
42
Environment: GNU make 4.4.1-2 on Artix Linux.
Commands used to search and replace:
$ git ls-files -z -- '*Makefile*' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed '1s/^/.SUFFIXES:\n/' '{}')\" >'{}'"
See also commit f48886f25 ("build: mark most phony targets as such",
2023-02-01) / PR #5637.
|
|
|
|
| |
To make the makefiles look more similar.
|
| |
|
|
|
|
|
|
|
| |
Added on commit b689b69f6 ("make --private-lib a compile time option,
disabled by default", 2023-03-09).
Relates to #5727.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This fixes #1127.
This allow a user to provide their own zshrc/bashrc inside the jail.
This is very useful when using firejail to develop and prevent bad pip
packages to access your system.
|
|\
| |
| | |
modif: Prevent sandbox name from containing only digits
|
| |
| |
| |
| |
| | |
Names should not contain only numbers,
as they are used in other commands as PIDs.
|
| |
| |
| |
| | |
group; added nvidia and X11 directories to @x11 group.
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
And fix the argument order in the examples to reflect that.
Background: The order in which these options appeared in the
documentation was inconsistent. src/man/firejail.txt used --appimage
before --profile and src/man/firejail-profile.txt used --profile before
--appimage. Then commit 44fefcac0 ("Make appimage examples consistent
with --appimage option short description", 2022-10-05) / PR #5402 was
made, which standardized on --profile before --appimage in both places.
But as mentioned by @rusty-snake[1], --appimage has be specified before
--profile in order for any `?HAS_APPIMAGE` conditionals inside of the
profile to evaluate to true.
So change the documentation to use and recommend the latter form.
Also, add --quiet to one example to make it clear that --appimage does
not have to be the first option (nor the last option before --profile).
[1] https://github.com/netblue30/firejail/pull/5402#issuecomment-1274889618
|
| |
|
| |
|
| |
|
|\
| |
| | |
docs: Make appimage examples consistent with --appimage option short description
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* [man firejail] Make it explicit that some options are disabled by default in firejail.config
* Reword firejail.config notes
* Only add relevant firejail.config option in notes
* move firejail.config notes to the end of each section
* fix tracelog note
* fix erroneous line break
* really fix erroneous line break
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|