| Commit message (Collapse) | Author | Age |
|
|
|
| |
Enable -Wall by default and add -Wextra.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is not too uncommon for the firejail version to be missing when
issues are reported; this commit makes it more likely that any posted
logs will contain the program version.
Do so just for firejail and firecfg for now because they are the most
common user-facing programs.
Print the version after argument parsing, in order to avoid printing the
program version more than once and to avoid interfering with commands
that generate machine-readable output (like `firejail --list` and
`firecfg --list`). Also, only print it after all profiles have been
loaded, because a profile may contain `quiet`.
Note: This does not cover the case where the program exits before the
end of argument/profile parsing (such as when an error occurs).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For consistency and readability.
Note: This also makes exactly one extra blank line be printed at the end
of every usage text, which is currently only done in the following
files:
* src/fcopy/main.c
* src/fnettrace-dns/main.c
* src/fnettrace-icmp/main.c
* src/fnettrace-sni/main.c
* src/fnettrace/main.c
* src/profstats/main.c
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* Name them all "usage_str"
* Make them const
For the latter item, see commit eb20f52ef ("Make list of paths const to
fix a false positive of gcc analyzer", 2022-07-27) / PR #5275.
|
|
|
|
|
|
|
|
|
| |
Changes:
* Only print the version line in the print_version function
* Add a print_version function where missing (put it in usage.c if the
file exists)
* Always a blank line after the version
|
|
|
|
| |
Build the entire string at once and print it only once.
|
|
|
|
|
|
|
| |
Split print_version into two functions:
* print_version: only prints the version line
* print_version_full: also prints compile-time support
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, --version doesn't print a dash while --help does. Example:
$ firejail --version | grep 'version 0'
firejail version 0.9.73
$ firejail --help | grep 'version 0'
firejail - version 0.9.73
For consistency, always print the version without a dash.
Commands used to search and replace:
$ git grep -IFlz ' - version' -- src | xargs -0 -I '{}' sh -c
"printf '%s\n' \"\$(sed 's/ - version/ version/' '{}')\" >'{}'"
|
|
|
|
|
| |
Added on commit 42e2db127 ("jaitest - simple sandbox testing utility
program", 2021-02-20).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is causing main.o to be built using an implicit rule (rather than
the rule from src/prog.mk), which does not use PROG_CFLAGS. Example
(using src/fldd as a working example for comparison):
$ make -C src/etc-cleanup clean >/dev/null &&
make -C src/etc-cleanup | grep -Ev '(Entering|Leaving) directory'
gcc -g -O2 -c -o main.o main.c
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o etc-cleanup main.o
$ make -C src/etc-cleanup clean >/dev/null &&
make -C src/etc-cleanup -r | grep -Ev '(Entering|Leaving) directory'
make: *** No rule to make target 'main.o', needed by 'etc-cleanup'. Stop.
$ make -C src/fldd clean >/dev/null &&
make -C src/fldd | grep -Ev '(Entering|Leaving) directory'
gcc -ggdb -O2 -DVERSION='"0.9.73"' -fstack-protector-all [...]
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o fldd main.o ../lib/common.o ../lib/ldd_utils.o
$ make -C src/fldd clean >/dev/null &&
make -C src/fldd -r | grep -Ev '(Entering|Leaving) directory'
gcc -ggdb -O2 -DVERSION='"0.9.73"' -fstack-protector-all [...]
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o fldd main.o ../lib/common.o ../lib/ldd_utils.o
Environment: GNU make 4.4.1-2 on Artix Linux.
This amends commit e889db095 ("build fix", 2023-02-06).
See also commit 02d37680c ("private-etc rework: file groups moved to
src/include/etc_groups.h, new groups added", 2023-01-25).
Relates to #5610.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log from build_and_test[1]:
TESTING: network scan (net_scan.exp)
[...]
firejail /bin/bash
Child process initialized in 1704.83 ms
spawn /bin/bash
firejail --net=br0 --ip=10.10.20.60
runner@fv-az576-472:~/work/firejail/firejail/test/network$
<l/test/network$ firejail --net=br0 --ip=10.10.20.60
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
** Note: you can use --noprofile to disable default.profile **
Error select: arp.c:202 arp_check: Invalid argument
runner@fv-az576-472:~/work/firejail/firejail/test/network$ TESTING ERROR 4
This "Invalid argument" error does not always happen, so I assume that
it may be due to a negative integer value in `ts` when calling select.
Misc: Found in #5805.
[1] https://github.com/netblue30/firejail/actions/runs/4806275219/jobs/8553597462
|
|
|
|
|
| |
* Create url-eater.profile
* RELNOTES: add url-eater to 'new profiles'
|
| |
|
|\
| |
| | |
add mov-cli.profile
|
| | |
|
|\ \
| | |
| | | |
fs_etc.c: conditionally create /etc/resolv.conf
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The "invalid_name" function claims to "allow strict ASCII letters and
numbers".
However, it uses isalnum(3) and isdigit(3), which may take the current
locale into account and thus return 1 for non-ASCII characters.
So add the following functions:
* ascii_isalnum
* ascii_isalpha
* ascii_isdigit
* ascii_islower
* ascii_isupper
* ascii_isxdigit
And use the applicable ones in "invalid_name" so that it actually uses
strictly ASCII in its comparisons.
Added on commit b4ffaa207 ("merges; more on cleaning up esc chars",
2023-02-14).
Relates to #5578.
Kind of relates to #5708.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Follow the same order as on util.c.
Added on commit b4ffaa207 ("merges; more on cleaning up esc chars",
2023-02-14).
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* microsoft-edge*: fix spacing
* Create microsoft-edge-stable.profile
Relates to #5696.
* firecfg.config: add support for microsoft-edge-stable redirect
* disable-common.inc: blacklist msedge SUID executables
* microsoft-edge: add private-opt and allow internal sandbox access
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Added on commit b689b69f6 ("make --private-lib a compile time option,
disabled by default", 2023-03-09).
Relates to #5727.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
add ani-cli.profile
|
| |/
| |
| |
| | |
https://github.com/pystardust/ani-cli
|
|\ \
| | |
| | | |
add porn-cli.profile
|
| | | |
|
|\ \ \
| | | |
| | | | |
add lobster.profile
|
| | |/
| |/|
| | |
| | | |
https://github.com/justchokingaround/lobster
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Environment: codespell 2.2.2-3 on Artix Linux.
|
| |/
|/| |
|
|\ \ |
|
| |\ \
| | | |
| | | | |
Forbid control chars in names
|
| | |/ |
|
|/ / |
|
|/ |
|
| |
|