| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, when running on CI, `firejail --version` only prints the
following line:
firejail version 0.9.69
Add a new print_version() function that always prints both the above and
the compile-time options (like it is done outside of CI) and call it in
both of the places that handle --version on main.c.
Misc: The printing of compile-time features was added on commit
48dd1fbec ("apparmor", 2016-08-02).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As caught by the Clang Static Analyzer:
$ make clean && NO_EXTRA_CFLAGS="yes" scan-build --status-bugs make -C src/fzenity
[...]
main.c:77:10: warning: Value stored to 'ptr' is never read [deadcode.DeadStores]
return ptr++;
^~~~~
1 warning generated.
[...]
scan-build: Analysis run complete.
scan-build: 1 bug found.
The above increment is a no-op, as it is equivalent to
`return ptr; ptr++;`.
For it to make any difference, the prefix increment operator would have
to be used in place of the postfix one:
return ++ptr;
Which would be equivalent to `++ptr; return ptr;`.
But in order to fix the warning (and CI) while avoiding to change the
current behavior, just remove the operator instead.
Added on commit 1cdfa6f95 ("more on firecfg --guide: fzenity",
2022-04-25).
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Partial error log when building firejail-git (afee8603f) with
--enable-fatal-warnings:
hostnames.c: In function ‘retrieve_hostname’:
hostnames.c:53:17: error: ‘fclose’ called on pointer returned from a mismatched allocation function [-Werror=mismatched-dealloc]
53 | fclose(fp);
| ^~~~~~~~~~
hostnames.c:38:20: note: returned from ‘popen’
38 | FILE *fp = popen(cmd, "r");
| ^~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7: hostnames.o] Error 1
Environment: gcc 11.2.0-4 on Artix Linux.
Added on commit 500a56efd ("more on nettrace", 2022-01-07).
|
| | |
|
|/
|
|
| |
/etc/alternatives on Debian
|
|\ |
|
| |\
| | |
| | | |
Stop warning on safe supplementary group clean
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When nogroups is used, the following warning may be issued (potentially
multiple times, as drop_privs may be called more than once):
Warning: cleaning all supplementary groups
But the warning is being shown even when it seems that all supplementary
groups can be safely dropped (and are thus dropped), which is likely a
common scenario. This commit prevents the warning from being printed in
that case, making it so that it is only shown in the non-happy paths (as
was the case on firejail 0.9.66).
Misc: The added code was copied from drop_privs.
This amends commit 7abce0b4c ("Fix keeping certain groups with
nogroups", 2021-11-30) / PR #4732.
Kind of relates to #4930.
|
|/ / |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
- fix shellcheck
- break long lines
- remove unseless $? check
- remove needless \\
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
As hinted by @rusty-snake[1].
[1] https://github.com/netblue30/firejail/discussions/5064#discussioncomment-2417395
|
| |
|
|\
| |
| | |
docs: mention inconsistent homedir bug involving --private=dir
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
And the workaround suggested by @smitsohu[1] and @rusty-snake[2].
Relates to #903 #5048.
[1] https://github.com/netblue30/firejail/issues/903#issuecomment-946673346
[2] https://github.com/netblue30/firejail/discussions/5048#discussioncomment-2360034
|
| |
| |
| |
| |
| |
| | |
It's currently only present on firejail.txt.
This amends commit 340699fbd ("misc things", 2020-02-22).
|
|\ \
| |/
|/| |
man: mention that the protocol command accumulates
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As mentioned by @rusty-snake[1].
This amends commit 39654d016 ("adding netlink to --protocol list
(#4605)", 2022-01-21).
See also commit 75073e0e4 ("man: mention that private-bin and
private-etc are cumulative", 2022-01-22) and issue #4078.
[1] https://github.com/netblue30/firejail/pull/5042/files#r825477891
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
| |
tracelog is known to be incompatible with Chromium/Electron apps
keep it commented for the time being
|
| |
|
|\
| |
| | |
gcov: fix gcov functions always declared as dummy
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, the check to enable gcov relies on a non-existent macro due
to a typo, which looks like it would cause the dummy/empty versions of
the gcov functions to always be declared (even with --enable-gcov),
instead of the real ones from gcov.h. This commit fixes the typo
(HAS_GCOV -> HAVE_GCOV). See configure.ac for the macro declaration.
This amends commit 5106b2ec4 ("gcov: use no-op functions if not
enabled", 2021-06-20) / PR #4376.
Occurrences of each macro with this commit applied:
$ git grep -F HAVE_GCOV | wc -l
16
$ git grep -F HAS_GCOV | wc -l
0
|
| | |
|
|/ |
|
|
|
|
| |
follow-up to fdee4dc1326bb2d5ce90ef2a0410dccba56beb70
|
| |
|
|
|
|
| |
remove all duplicate entries
|
|\
| |
| | |
whitelist restructuring
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check mountids while creating path of a new mount target.
If the mountid differs from the top level directory (tmpfs)
mountid, this proves an earlier whitelist command.
It is important to note though that this check is not exhaustive,
as besides nested whitelist commands there are also nested
top level directories. So a user could run:
firejail --whitelist=/a/b --whitelist=/a/b/c where both
a and b are (whitelist) top level directories. Such a command
may result in b and c sharing the filesystem and hence mountid.
In this case the nested nature of the whitelist commands
will go unnoticed.
A more rigorous version will probably need to apply some
sorting to the whitelist command, possibly by means of
glob(3).
|