| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove extranous escape characters and fix bold escaping.
Command used to check for unusual escape sequences:
$ git grep -E -e '\\f[^BR]' -e '\\[^ "\f-]' -- src/man/*.in
With this, the only escape sequences used are:
$ git grep -E -ho -e '\\-' -e '\\[^-][^ ]?' -- src/man/*.in |
LC_ALL=C sort | uniq -c
9 \"
1 \&.
1194 \-
23 \\
507 \fB
127 \fR
Related commits:
* 137985136 ("Baseline firejail 0.9.28", 2015-08-08)
* 1684c9ea7 ("Fixes for man firejail (#2628)", 2019-03-29)
* 73525015e ("Clarify that file globbing occurs only at start",
2020-04-11) / PR #3347
* f54ee53b1 ("man text for --include command", 2021-03-05).
This is a follow-up to #6472.
Kind of relates to #5903.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reset the bold right after each command/argument.
Command used to check for issues:
git grep -E ' \\fR' -- src/man/*.in
Related commits:
* e91b9ff0f ("Deprecate --nodbus option", 2020-04-07) /
PR #3265
* 5a612029b ("rename noautopulse to keep-config-pulse", 2021-05-13) /
PR #4278
* d79547ca9 ("docs: warn about limitations of landlock", 2024-03-31) /
PR #6302
This is a follow-up to #6451.
Relates to #6078.
|
|
|
|
|
|
|
|
|
| |
Sort commands in firejail.1.in and sync the result with
firejail-profile.5.in.
* Commands: `--dbus-system.*`, `--dbus-user.*`, `--icmptrace`,
`--ip=none`, `memory-deny-write-execute`, `--noinput`
Relates to #3190 #3406 #4209.
|
|
|
|
|
|
|
|
|
|
| |
Move the "FILES" section to right before the "LICENSE" section in
firecfg.1.in, to match what is done in the other man pages.
This amends commit ef6cfb8a2 ("firecfg: add ignore command and docs",
2023-06-29) / PR #5876.
Relates to #6451.
|
|
|
|
|
|
|
| |
This amends commit 6489138a5 ("docs: document NAME VALIDATION in
firejail.txt", 2023-06-13) / PR #5856.
Relates to #6451.
|
|
|
|
|
|
|
| |
Added on commit 13b2c566d ("feature: add Landlock support", 2023-10-24)
/ PR #6078.
Relates to #6451.
|
|
|
|
| |
Use the same examples with spaces and make the quotes more consistent
with the other examples.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* Use the exact same source date string for all `date` invocations
* Use `-d` instead of `--date=`
* Fallback to `-r` and then to no argument
Some `date` implementations only support BSD `-r` instead of GNU `-d` /
`--date=` and others may not support any of them since neither option is
in POSIX.
For example, if zoneinfo is installed by chromebrew on ChromeOS, it
provides a date program that only supports `-r` and overrides the system
one (which supports `-d`) [1]:
./mkman.sh 0.9.72 src/man/firejail.man firejail.1
date: invalid option -- '-'
date: usage: date [-u] [-c] [-r seconds] [+format]
make: *** [Makefile:42: firejail.1] Error 1
Environment: zoneinfo 2024a on ChromeOS M125.
Note: The changes are based on what is suggested by
reproducible-builds.org [2].
Relates to #193.
Fixes #6403.
[1] https://github.com/netblue30/firejail/issues/6403#issue-2402292506
[2] https://reproducible-builds.org/docs/source-date-epoch/
Reported-by: @Zopolis4
|
|
|
|
|
|
|
|
| |
An ssh private key may be stored in a Trusted Platform Module (TPM)
device and `private-dev` in ssh.profile currently breaks this use-case,
as it does not keep tpm devices (see #6379).
So add a new `notpm` command and keep tpm devices in /dev by default
with `private-dev` unless `notpm` is used.
|
|
|
|
| |
Format and sort items in the private-bin, private-dev and private-etc
sections.
|
|
|
| |
Fixes #6358.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tools:
* gzip
* install
* rm
* strip
* tar
For the programs not checked in configure.ac:
From the manual of GNU Autoconf (version 2.71):
> If you use `AC_PROG_INSTALL`, you must include `install-sh` in your
> distribution
So set `install` just in the Makefile. Use `$(RM)` to ensure that `-f`
is always used and to make it easier to spot when `-r` is used.
See commit 93d623fdf ("build: allow overriding certain tools",
2024-02-23) / PR #6222.
|
|
|
|
|
|
|
|
|
| |
Just in case the value is not defined in config.mk and `make` is first
executed from another directory (such as in src/man) instead of the root
directory.
This amends commit 93d623fdf ("build: allow overriding certain tools",
2024-02-23) / PR #6222.
|
|
|
|
|
|
| |
And mark it as experimental.
Relates to #6078.
|
|
|
|
|
|
|
|
| |
Based on the discussion at #5063.
Misc: The `\&` is used to escape the dot in `.desktop` (see roff(7)).
This amends commit a9c851ee4 ("firecfg: use ignorelist also for .desktop
files", 2024-01-08) / PR #6153.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.
So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.
Examples of filesystem and network access flags:
* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
remote port.
Relates to #6078.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow overriding the following tools at configure-time and build-time:
* codespell
* cppcheck
* gawk
* scan-build
For example, instead of hardcoding `gawk`, enable overriding it at
configure-time with:
./configure GAWK=/path/to/gawk
To override it for a single `make` invocation:
make GAWK=/path/to/gawk
Also, add default values for the programs that are not found (rather
than leaving the variables empty), to make error messages clearer when
trying to run them:
$ make CPPCHECK= cppcheck-old
[...]
force --error-exitcode=1 --enable=warning,performance .
make: force: No such file or directory
$ make CPPCHECK=cppcheck cppcheck-old
[...]
cppcheck --force --error-exitcode=1 --enable=warning,performance .
make: cppcheck: No such file or directory
|
|
|
|
|
|
|
|
|
| |
This amends commit 760f50f78 ("landlock: move commands into profile and
add landlock.enforce", 2023-11-17) / PR #6125.
Misc: This was noticed on #6203.
Relates to #6078.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As discussed with @topimiettinen[1], it is unlikely that an unprivileged
process would need to directly create block or character devices. Also,
`landlock.special` is not very descriptive of what it allows.
So split `landlock.special` into:
* `landlock.makeipc`: allow creating named pipes and sockets (which are
usually used for inter-process communication)
* `landlock.makedev`: allow creating block and character devices
Misc: The `makedev` name is based on `nodev` from mount(8), which makes
mount not interpret block and character devices. `ipc` was suggested by
@rusty-snake[2].
Relates to #6078.
[1] https://github.com/netblue30/firejail/pull/6078#pullrequestreview-1740569786
[2] https://github.com/netblue30/firejail/pull/6187#issuecomment-1924107294
|
|\
| |
| | |
firecfg: use ignorelist also for .profile/.desktop files
|
| |
| |
| |
| |
| |
| | |
Closes #5245.
Relates to #5876.
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* Move commands from --landlock and --landlock.proc= into
etc/inc/landlock-common.inc
* Remove --landlock and --landlock.proc=
* Add --landlock.enforce
Instead of hard-coding the default commands (and having a separate
command just for /proc), move them into a dedicated profile to make it
easier for users to interact with the entries (view, copy, add ignore
entries, etc).
Only enforce the Landlock commands if --landlock.enforce is supplied.
This allows safely adding Landlock commands to (upstream) profiles while
keeping their enforcement opt-in. It also makes it simpler to
effectively disable all Landlock commands, by using
`--ignore=landlock.enforce`.
Relates to #6078.
|
|
|
|
|
|
| |
Originally from PR #5359.
Relates to #6078.
|
|
|
|
| |
in README.md
|
|\
| |
| | |
feature: add Landlock support
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Based on 5315 by ChrysoliteAzalea.
It is based on the same underlying structure, but with a lot of
refactoring/simplification and with bugfixes and improvements.
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
Co-authored-by: Азалия Смарагдова <charming.flurry@yandex.ru>
|
|\ \
| |/
|/| |
feature: firecfg: add firecfg.d & add ignore command
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ignore command (`!PROGRAM`), as suggested by @WhyNotHugo[1].
It prevents firecfg from creating a symlink for the given program.
Also, document the paths used and the config file syntax.
Note that `/etc/firejail/firecfg.d/*.conf` files are parsed before
/etc/firejail/firecfg.config, so the former can ignore/override any item
in the latter.
Closes #2097.
[1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
|
| |
| |
| |
| | |
to run these options
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `shell` option has been removed. Remove stale references.
This does NOT remove `shell none`-related code comments in:
- src/firejail/fs_lib.c (L433-L441)
- src/firejail/join.c (L415-L417)
Relates to #5196.
Suggested by #5891.
|
|
|
|
|
|
| |
Closes #5899.
Suggested-by: @shaggonit
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simplify the main targets and use wildcards instead of repeating the
filenames manually.
Also, restore the `man` target and building only when `HAVE_MAN` is
enabled.
Note: Make automatically removes intermediate files (.1 and .5), so in
general only the .gz files have to be cleaned.
Commands used to rename the man pages:
cd src/man
git mv firecfg.txt firecfg.1.in
git mv firejail-login.txt firejail-login.5.in
git mv firejail-profile.txt firejail-profile.5.in
git mv firejail-users.txt firejail-users.5.in
git mv firejail.txt firejail.1.in
git mv firemon.txt firemon.1.in
git mv jailcheck.txt jailcheck.1.in
This is kind of a follow-up to commit 9e206b7f2 ("rework src/man
Makefile", 2023-07-07).
|
|
|
|
|
|
|
|
| |
Added in the following commits:
* f3774678f ("compress static ip map for fnettrace at compile time",
2023-07-06)
* 9e206b7f2 ("rework src/man Makefile", 2023-07-07)
|
| |
|
|
|
|
|
|
|
| |
To reduce the amount of boilerplate in the makefiles.
This amends commit 9789c263a ("build: disable all built-in implicit make
rules", 2023-06-21) / PR #5864.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use `make -r` to reduce unnecessary filesystem lookups.
Overall, this appears to reduce the amount of implicit rule searches by
~93.3% (~97.5% compared to a8f01a383) for the default build and by
~83.3% (~99.3% compared to a8f01a383) for the "man" target (as an
example):
$ git show --pretty='%h %ai %s' -s
a8f01a383 2023-06-20 05:26:23 +0000 Merge pull request #5859 from kmk3/build-remove-retpoline
$ ./configure >/dev/null
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
6798
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
1085
# (in the previous commit)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
2535
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
42
# (with this commit applied)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
170
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
7
Environment: GNU make 4.4.1-2 on Artix Linux.
Note: According to make(1p) in POSIX.1-2017, "If .SUFFIXES does not have
any prerequisites, the list of known suffixes shall be cleared.", while
"The result of setting MAKEFLAGS in the Makefile is unspecified."
Commands used to search and replace:
$ git ls-files -z -- '*Makefile*' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed -E \
's/^(.SUFFIXES:)/\1\nMAKEFLAGS += -r\n/' '{}')\" >'{}'"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clear `.SUFFIXES:` to reduce unnecessary filesystem lookups.
Overall, this appears to reduce the amount of implicit rule searches by
~62% for the default build and by ~96% for the "man" target (as an
example):
$ git checkout master >/dev/null 2>&1
$ git show --pretty='%h %ai %s' -s
a8f01a383 2023-06-20 05:26:23 +0000 Merge pull request #5859 from kmk3/build-remove-retpoline
$ ./configure >/dev/null
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
6798
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
1085
# (with this commit applied)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
2535
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
42
Environment: GNU make 4.4.1-2 on Artix Linux.
Commands used to search and replace:
$ git ls-files -z -- '*Makefile*' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed '1s/^/.SUFFIXES:\n/' '{}')\" >'{}'"
See also commit f48886f25 ("build: mark most phony targets as such",
2023-02-01) / PR #5637.
|
|
|
|
| |
To make the makefiles look more similar.
|
| |
|
|
|
|
|
|
|
| |
Added on commit b689b69f6 ("make --private-lib a compile time option,
disabled by default", 2023-03-09).
Relates to #5727.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This fixes #1127.
This allow a user to provide their own zshrc/bashrc inside the jail.
This is very useful when using firejail to develop and prevent bad pip
packages to access your system.
|
|\
| |
| | |
modif: Prevent sandbox name from containing only digits
|
| |
| |
| |
| |
| | |
Names should not contain only numbers,
as they are used in other commands as PIDs.
|