| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|
|
|
| |
for --build run
|
|\
| |
| | |
add ncdu2 redirect profile
|
| | |
|
| | |
|
|\ \ |
|
| |/ |
|
|/ |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add ms-edge-beta paths to disable-programs.inc
Support firecfg
Adding to release notes (already added to README.md)
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |/
| |
| |
| | |
blacklisted
|
| |
| |
| |
| | |
See https://github.com/netblue30/firejail/commit/00cb8b611f0e35a56585061d689fbcca2af0566b#commitcomment-53262808
|
| |\
| | |
| | | |
Create profcleaner.sh
|
| | |
| | |
| | | |
[skip ci]
|
| | |
| | |
| | |
| | | |
profcleaner.c is just sed, I was wondering why we need C for that.
|
| |\ \
| | | |
| | | | |
allow/deny in zsh completion
|
| | |/ |
|
| |/
| |
| |
| |
| | |
Add new clion-eap profile
Fix broken clion profile
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
whitelist/nowhitelist/blacklist/noblacklist
|
| | |
|
| |\
| | |
| | | |
Fix sndio support
|
| | | |
|
| | | |
|
| |\ \
| | | |
| | | | |
gcov: use no-op functions if not enabled
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Instead of wrapping every gcov function call in an ifdef.
Note: The usage of `((void)0)` is based on section 7.2 of the C99
standard (N1256)[1] [2]:
> 7.2 Diagnostics <assert.h>
>
> 1 The header <assert.h> defines the assert macro and refers to another
> macro,
>
> NDEBUG
>
> which is not defined by <assert.h>. If NDEBUG is defined as a macro
> name at the point in the source file where <assert.h> is included, the
> assert macro is defined simply as
>
> #define assert(ignore) ((void)0)
See also assert.h(0p) from POSIX.1-2017[3].
Note: This is a continuation of commit b408b20c7 ("gcov: fix build
failure with gcc 11.1.0") / PR #4373.
[1] http://www.open-std.org/JTC1/SC22/WG14/www/docs/n1256.pdf
[2] https://port70.net/~nsz/c/c99/n1256.html#7.2
[3] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/assert.h.html
|
| | | | |
|
| |\ \ \
| | | | |
| | | | | |
remove kcmp from seccomp default drop list
|
| | | | | |
|
| |\ \ \ \
| | | |/ /
| | |/| | |
gcov: fix build failure with gcc 11.1.0
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The build currently fails if gcov support is enabled:
$ pacman -Q gcc
gcc 11.1.0-1
$ ./configure --prefix=/usr --enable-apparmor --enable-gcov >/dev/null
$ make >/dev/null
[...]
netstats.c: In function ‘netstats’:
netstats.c:250:25: warning: implicit declaration of function ‘__gcov_flush’; did you mean ‘__gcov_dump’? [-Wimplicit-function-declaration]
250 | __gcov_flush();
| ^~~~~~~~~~~~
| __gcov_dump
[...]
/usr/bin/ld: netstats.o: in function `netstats':
/tmp/firejail-git/src/firejail-git/src/firemon/netstats.c:250: undefined reference to `__gcov_flush'
[...]
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: firemon] Error 1
make: *** [Makefile:42: src/firemon/firemon] Error 2
[...]
This happens because __gcov_flush was removed on gcc 11.1.0[1] [2] [3].
See the following gcc commits:
* d39f7dc8d5 ("Do locking for __gcov_dump and __gcov_reset as well.")
* c0532db47d ("Use __gcov_dump and __gcov_reset in execv and fork context.")
* 811b7636cb ("Remove __gcov_flush.")
Its implementation did the following[4]:
__gcov_lock ();
__gcov_dump_int ();
__gcov_reset_int ();
__gcov_unlock ();
As hinted in the commit messages above, the function is no longer needed
because locking is now done inside each of __gcov_dump and __gcov_reset.
So add an implementation of __gcov_flush (on a new gcov_wrapper.h file)
for gcc >= 11.1.0, which just calls __gcov_dump and then __gcov_reset.
Commands used to search and replace:
$ git grep -Flz '#include <gcov.h>' -- '*.c' |
xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\`sed 's|<gcov\\.h>|\"../include/gcov_wrapper.h\"|' '{}'\`\" >'{}'"
Note: This is the continuation of commit 31557e9c7 ("gcov: add missing
gcov.h includes") / PR #4360.
[1] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=d39f7dc8d558ca31a661b02d08ff090ce65e6652
[2] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=c0532db47d092430f8e8f497b2dc53343527bb13
[3] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=811b7636cb8c10f1a550a76242b5666c7ae36da2
[4] https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=libgcc/libgcov-interface.c;h=855e8612018d1c9caf90396a3271337aaefdb9b3#l86
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
fixes a number of smaller issues:
* enable allow-debuggers option for Firejail login shells
* dhcp: noblacklist /sbin and /usr/sbin also when configuring a Firejail login shell
* don't print error when built with disable-suid: firejail --nonewprivs --quiet firejail
* don't process appimage option twice
* no unnecessary argument parsing when run via firecfg symbolic link
* process quiet option earlier, so it is available to init_cfg
|
| | | | |
|
|\ \ \ \
| | |/ /
| |/| | |
augment seccomp lists in firejail.config
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* move everything related to modification
of the default seccomp filter from --seccomp
to --seccomp= entry
* update errno descriptions
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
fs_home.c: run more code with euid of the user
|
| | | | | |
|
| | | | | |
|
|/ / / /
| | | |
| | | |
| | | | |
Added on commit e770ab6d8 ("appimage: automatically detect profile").
|
|\ \ \ \ |
|