| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| | |
Commons of opengl-game-wrapper.sh
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[skip ci]
- Add allow-opengl-game.inc
- Add profiles for alienarena-wrapper, ballbuster-wrapper,
colorful-wrapper, etr-wrapper, gl-117-wrapper, glaxium-wrapper,
neverball-wrapper, neverputt-wrapper, pinball-wrapper,
supertuxkart-wrapper
- Use allow-opengl-game.inc in xonotic.profile and the profiles above
- xonotic.profile: simplify private-bin by using xonotic*
|
| |
| |
| |
| |
| |
| |
| | |
…, gl-117, glaxium, pinball
alienarena is missing in firecfg.config by intention, I didn't tested
any online multiplayer.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add firedragon profile
* Point private-etc to firefox-common.local
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* Add to firecfg.config
* Add firedragon to disable-programs.inc
* Correct dir
* Remove private-etc
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
|
|
| |
profstats - correct variable for include global
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently pathological endings like in
/foo/bar/./. are mapped to RUN_LIB_DIR,
with the effect that the mount is skipped
because this directory always exists at
this point in time.
Even though it's harmless, it is wrong
behaviour, so handle trailing slashes and
dots before doing the mounts. Also avoids
running into an assertion if there is a trailing
slash.
Plus few small cosmetic changes to make
things more explicit.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using the "wildcard" internal functions.
This usage has been present since the first "real" commit in the
repository: commit 137985136 ("Baseline firejail 0.9.28").
> H_FILE_LIST = $(sort $(wildcard *.[h]))
> C_FILE_LIST = $(sort $(wildcard *.c))
There is only a single character (i.e.: "h") inside the character class,
so its usage should make no functional difference. It may stem from a
construct that could have originally looked something like this:
C_FILE_LIST = $(sort $(wildcard *.[ch]))
Which would match both the implementation files and the headers.
From Section 4.4, [Using Wildcard Characters in File Names][1] of the
GNU make manual:
> A single file name can specify many files using wildcard characters.
> The wildcard characters in make are ‘*’, ‘?’ and ‘[…]’, the same as in
> the Bourne shell. For example, *.c specifies a list of all the files
> (in the working directory) whose names end in ‘.c’.
See also Section 2.13, [Pattern Matching Notation][2] of POSIX.1-2017.
Commands used to search, replace and clean up:
$ find . -name .git -prune -o -type f \
\( -name Makefile -o -name Makefile.in \
-o -name '*.mk' -o -name '*.mk.in' \) -print0 |
xargs -0 grep -Fl '$(wildcard *.[h])' | tr '\n' '\000' |
xargs -0 sed -i.bak -e \
's/\$(wildcard \*.\[h\])/$(wildcard *.h)/'
$ find . -name .git -prune -o -type f \
-name '*.bak' -exec rm '{}' +
Note: To make sure that this doesn't actually change anything
functionally, I built firejail-git (AUR) on Artix from master and from
this commit and diffing the resulting files produced no output (other
than showing changes related to the build timestamps).
Misc: Reference to the previous makefile-related changes: commit
2465f9248 ("makefiles: make all, clean and distclean PHONY") /
https://github.com/netblue30/firejail/pull/4024
[1]: https://www.gnu.org/software/make/manual/html_node/Wildcards.html
[2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
|
| |
|
|\
| |
| | |
Clarify novideo
|
| | |
|
|\ \
| | |
| | | |
Create bcompare.profile
|
| | | |
|
| | |
| | |
| | |
| | | |
I can't seem to get it to work with seccomp enabled.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Add netlink to pcsxr fixing controller support
- Add openmw and PPSSPPSDL to firecfg
- Update readme for new profiles
Note: file picker in dolphin-emu is being weird (not showing or freezing)
|
| | | |
|
| | | |
|
| |/
|/|
| |
| | |
adds support to run appimage in a chroot
|
|\ \
| | |
| | | |
make appimage mounts private to sandbox
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add profile for youtube-dl-gui & some other changes
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
mount without stash locations, only using the file descriptors
|
|/ / / |
|
| | | |
|
|\ \ \
| |/ /
|/| | |
private-lib: move to mount-only
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|
|\ \
| | |
| | | |
Grammar
|
| |/ |
|
| | |
|
|\ \
| | |
| | | |
private-lib: mask /usr/local/lib[,64] directories, too
|
| | | |
|
|\| |
| | |
| | | |
private-lib hardening
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ensure that libraries are loaded
from a default ld.so search path
it is reasonable for firejail to
expect that unprivileged users have
no write permission on these paths;
lax permissions there mean that the
system is probably screwed anyway
|
|\ \ \
| | | |
| | | | |
sandbox setup: postpone library preloading
|
| |/ /
| | |
| | |
| | |
| | | |
for now avoids mixing of traces from sandbox helpers
into application traces
|
|\ \ \
| | | |
| | | | |
sandbox setup: postpone fslogger
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
postpone writing of log file in order to
catch filesystem modifications from x11
functions
|
|\ \ \
| | | |
| | | | |
Zsh completion improvements
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I don't understand the current brace expansions, so let's use a easier
one:
--foo <> one-time; no argument
*--foo <> multi-time; no argument
--foo=- <> one-time; with argument (direct after the =)
*--foo=- <> multi-time; with argument (direct after the =)
|