| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
None of the files affected use any macros from linux/limits.h:
$ git grep -Fl 'NGROUPS_MAX
ARG_MAX
LINK_MAX
MAX_CANON
MAX_INPUT
NAME_MAX
PATH_MAX
PIPE_BUF
XATTR_NAME_MAX
XATTR_SIZE_MAX
XATTR_LIST_MAX
RTSIG_MAX' -- src
src/firejail/cmdline.c
src/firejail/firejail.h
src/libtrace/libtrace.c
src/libtracelog/libtracelog.c
Environment:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Qo /usr/include/linux/limits.h
/usr/include/linux/limits.h is owned by linux-api-headers 5.12.3-1
Note: This include has been present on all of the affected files since
their inception. For restrict_users.c, that's on commit 4f003daec
("prevent leaking user information by modifying /home directory,
/etc/passwd and /etc/group") and for every other file, it's on commit
137985136 ("Baseline firejail 0.9.28").
Relates to #4578.
|
|
|
|
| |
Relates to #4578.
|
| |
|
|
|
|
|
| |
don't try to read /usr/bin/firejail if private-bin removed it
from the sandbox filesystem
|
|
|
|
|
|
| |
users, and fldd in particular, might have no read permission
on the firejail executable, make that ok by running fldd
as root
|
|\
| |
| | |
Create goldendict.profile
|
| | |
|
|\ \
| | |
| | | |
Add missing final newlines
|
| | | |
|
|\ \ \
| | | |
| | | | |
Remove /etc/hosts is_link check
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ /
|/| | |
|
|\ \ \
| | | |
| | | | |
rework exitcodes
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
* add 128 to exitcode if child receives a fatal signal
(this is similar to what bash and other shells do)
* unify exitcodes across firejail: treat join'ed processes
the same as processes in the primary process tree
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit a11707ea273e5665047f8a7d9387ba07f08d72f6.
The man pages currently direct users to use the aliases instead of the
commands, which some users of firejail-git may end up doing. Example:
https://github.com/netblue30/firejail/discussions/4496
So revert the man page changes as well to avoid confusion.
Note: This is not a full revert. The commit in question also contains
some string formatting fixes on src/firejail/usage.c (related to dbus
and netmask), which are left intact.
Relates to #4410.
|
|\ \
| | |
| | | |
create yt-dlp.profile
|
| | | |
|
|\ \ \
| | | |
| | | | |
creating gallery-dl.profile
|
| |/ / |
|
|/ /
| |
| |
| |
| |
| |
| | |
arp_check relied on select(2) decreasing the timeout. This doesn't seem
to be the case on Linux anymore, thus arp_check tends to hang when the
interface sees a lot of traffic. Calculating the timeout explicitly
solves the problem.
|
| |
| |
| |
| | |
Closes: #4460
|
| |
| |
| |
| | |
follow up
|
| |
| |
| |
| |
| | |
machine-id is not affected by --disable-network and matches in "User
Environment" as well.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
for --build run
|
|\ \
| | |
| | | |
add ncdu2 redirect profile
|
| | | |
|
| | | |
|
|\ \ \ |
|
| |/ / |
|
|/ / |
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add ms-edge-beta paths to disable-programs.inc
Support firecfg
Adding to release notes (already added to README.md)
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | | |
|
| |/ /
| | |
| | |
| | | |
blacklisted
|
| | |
| | |
| | |
| | | |
See https://github.com/netblue30/firejail/commit/00cb8b611f0e35a56585061d689fbcca2af0566b#commitcomment-53262808
|
| |\ \
| | | |
| | | | |
Create profcleaner.sh
|
| | | |
| | | |
| | | | |
[skip ci]
|
| | | |
| | | |
| | | |
| | | | |
profcleaner.c is just sed, I was wondering why we need C for that.
|
| |\ \ \
| | | | |
| | | | | |
allow/deny in zsh completion
|
| | |/ / |
|