aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* makefiles: define root dir and include relative to itLibravatar Kelvin M. Klann2022-06-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A non-absolute path on an include command is always treated as being relative to the directory in which "make" was started in, rather than being relative to the makefile that contains the command. For example, given the following project structure and file contents: * Makefile: include src/foo.mk * src/foo.mk: include bar.mk * src/bar.mk: Running "make" on the root project directory (that is, where "Makefile" is) yields the following: src/foo.mk:1: bar.mk: No such file or directory As "bar.mk" in "include bar.mk" is relative to the current (process) directory (that is, "./bar.mk") and not to where foo.mk is located in ("./src/bar.mk"). So on every makefile that contains an include command, define the root project directory in the ROOT variable and always include relative to it, to later enable any included mkfiles to include other mkfiles without having to worry about the correct path. Commands used to search and replace: $ git grep -Flz 'include ../common.mk' -- src | xargs -0 -I '{}' sh -c \ "printf '%s\n' \"\`sed 's|include ../common.mk|ROOT = ../..\ninclude \$(ROOT)/src/common.mk|' '{}'\`\" >'{}'" Environment: GNU make 4.3-3.1 on Artix Linux
* common.mk.in: fix comment about file usage intentLibravatar Kelvin M. Klann2022-06-12
| | | | | | | | | | | | | | | | | | It currently claims to contain "common definitions for all makefiles", but it is not included by all makefiles under src/ and it contains variable definitions that may possibly clash with the ones defined on certain makefiles. Mainly, the following makefiles (which are used for building shared objects) use a different set of CFLAGS compared to src/common.mk.in: * src/libpostexecseccomp/Makefile.in * src/libtrace/Makefile.in * src/libtracelog/Makefile.in Given the contents of common.mk.in, it seems to be intended only for makefiles that build C programs and/or non-shared objects (which are most of, but not all of the makefiles under src/), so put that in the comment instead.
* fix typo in firejail-welcome.shLibravatar PizzaDude2022-06-10
|
* fix typoLibravatar Reiner Herrmann2022-06-09
|
* CVE-2022-31214: fixing the fix, one more timeLibravatar smitsohu2022-06-08
| | | | | | | | | the previous commit "CVE-2022-31214: fixing the fix" made private-etc=fonts,fonts and similar commands fail with an error fix that regression by tolerating already existing directories
* CVE-2022-31214: fixing the fixLibravatar smitsohu2022-06-08
|
* fixing CVE-2022-31214Libravatar smitsohu2022-06-08
|
* harden blacklistLibravatar smitsohu2022-06-03
|
* removed enforcement of nonewprivs for --noprofileLibravatar netblue302022-06-03
|
* --nettrace only available when running the sandbox as rootLibravatar netblue302022-06-03
|
* enforce nonewprivs for --noprofile optionLibravatar netblue302022-06-03
|
* fixesLibravatar netblue302022-06-02
|
* firemon reworkLibravatar netblue302022-06-02
|
* speed up firemonLibravatar netblue302022-06-02
|
* Removed IDS feature from the default build. To enable it, use --enable-ids ↵Libravatar netblue302022-05-25
| | | | at compile time.
* config guide (firecfg --guide) man pageLibravatar netblue302022-05-23
|
* netlock: restore environment for terminalLibravatar smitsohu2022-05-21
|
* --oomLibravatar netblue302022-05-20
|
* --oom (#5122)Libravatar netblue302022-05-20
|
* ci: fix --version not printing compile-time featuresLibravatar Kelvin M. Klann2022-05-16
| | | | | | | | | | | | | | Currently, when running on CI, `firejail --version` only prints the following line: firejail version 0.9.69 Add a new print_version() function that always prints both the above and the compile-time options (like it is done outside of CI) and call it in both of the places that handle --version on main.c. Misc: The printing of compile-time features was added on commit 48dd1fbec ("apparmor", 2016-08-02).
* fzenity: fix dead storeLibravatar Kelvin M. Klann2022-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As caught by the Clang Static Analyzer: $ make clean && NO_EXTRA_CFLAGS="yes" scan-build --status-bugs make -C src/fzenity [...] main.c:77:10: warning: Value stored to 'ptr' is never read [deadcode.DeadStores] return ptr++; ^~~~~ 1 warning generated. [...] scan-build: Analysis run complete. scan-build: 1 bug found. The above increment is a no-op, as it is equivalent to `return ptr; ptr++;`. For it to make any difference, the prefix increment operator would have to be used in place of the postfix one: return ++ptr; Which would be equivalent to `++ptr; return ptr;`. But in order to fix the warning (and CI) while avoiding to change the current behavior, just remove the operator instead. Added on commit 1cdfa6f95 ("more on firecfg --guide: fzenity", 2022-04-25).
* always log seccomp errors (#5110)Libravatar netblue302022-05-09
|
* Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302022-04-29
|\
| * hostnames.c: fix mismatched dealloc (fclose -> pclose)Libravatar Kelvin M. Klann2022-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Partial error log when building firejail-git (afee8603f) with --enable-fatal-warnings: hostnames.c: In function ‘retrieve_hostname’: hostnames.c:53:17: error: ‘fclose’ called on pointer returned from a mismatched allocation function [-Werror=mismatched-dealloc] 53 | fclose(fp); | ^~~~~~~~~~ hostnames.c:38:20: note: returned from ‘popen’ 38 | FILE *fp = popen(cmd, "r"); | ^~~~~~~~~~~~~~~ cc1: all warnings being treated as errors make[1]: *** [Makefile:7: hostnames.o] Error 1 Environment: gcc 11.2.0-4 on Artix Linux. Added on commit 500a56efd ("more on nettrace", 2022-01-07).
* | fix firemon, speed-upLibravatar netblue302022-04-29
| |
* | remove inode warning from fcopy - long list of warnings for ↵Libravatar netblue302022-04-29
|/ | | | /etc/alternatives on Debian
* Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302022-04-25
|\
| * Merge pull request #5114 from kmk3/stop-warn-group-cleanLibravatar netblue302022-04-25
| |\ | | | | | | Stop warning on safe supplementary group clean
| | * Stop warning on safe supplementary group cleanLibravatar Kelvin M. Klann2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When nogroups is used, the following warning may be issued (potentially multiple times, as drop_privs may be called more than once): Warning: cleaning all supplementary groups But the warning is being shown even when it seems that all supplementary groups can be safely dropped (and are thus dropped), which is likely a common scenario. This commit prevents the warning from being printed in that case, making it so that it is only shown in the non-happy paths (as was the case on firejail 0.9.66). Misc: The added code was copied from drop_privs. This amends commit 7abce0b4c ("Fix keeping certain groups with nogroups", 2021-11-30) / PR #4732. Kind of relates to #4930.
* | | merges, fix compileLibravatar netblue302022-04-25
|/ /
* | more on firecfg --guide: fzenityLibravatar netblue302022-04-25
| |
* | fix firecfg --guideLibravatar netblue302022-04-21
| |
* | firejail-welcome.sh fixesLibravatar rusty-snake2022-04-21
| | | | | | | | | | | | | | - fix shellcheck - break long lines - remove unseless $? check - remove needless \\
* | more on firecfg --guideLibravatar netblue302022-04-21
| |
* | firecfg --guideLibravatar netblue302022-04-19
| |
* | resurecting welcome.shLibravatar netblue302022-04-19
|/
* fix --writable-etcLibravatar netblue302022-04-12
|
* small fixesLibravatar netblue302022-04-10
|
* compile fixLibravatar netblue302022-04-08
|
* nettrace dns and sniLibravatar netblue302022-04-08
|
* nettrace fixesLibravatar netblue302022-04-05
|
* man: typo fixes (#5084)Libravatar glitsj162022-03-31
|
* docs: mention capabilities(7) on --capsLibravatar Kelvin M. Klann2022-03-27
| | | | | | As hinted by @rusty-snake[1]. [1] https://github.com/netblue30/firejail/discussions/5064#discussioncomment-2417395
* adding ping in firecfg list (#1912)Libravatar netblue302022-03-24
|
* Merge pull request #5052 from kmk3/docs-private-bugLibravatar netblue302022-03-24
|\ | | | | docs: mention inconsistent homedir bug involving --private=dir
| * docs: mention inconsistent homedir bug involving --private=dirLibravatar Kelvin M. Klann2022-03-14
| | | | | | | | | | | | | | | | | | And the workaround suggested by @smitsohu[1] and @rusty-snake[2]. Relates to #903 #5048. [1] https://github.com/netblue30/firejail/issues/903#issuecomment-946673346 [2] https://github.com/netblue30/firejail/discussions/5048#discussioncomment-2360034
| * docs: add missing --private note to firejail-profile.txtLibravatar Kelvin M. Klann2022-03-14
| | | | | | | | | | | | It's currently only present on firejail.txt. This amends commit 340699fbd ("misc things", 2020-02-22).
* | Merge pull request #5043 from kmk3/docs-protocol-accLibravatar netblue302022-03-24
|\ \ | |/ |/| man: mention that the protocol command accumulates
| * man: mention that the protocol command accumulatesLibravatar Kelvin M. Klann2022-03-13
| | | | | | | | | | | | | | | | | | | | | | | | As mentioned by @rusty-snake[1]. This amends commit 39654d016 ("adding netlink to --protocol list (#4605)", 2022-01-21). See also commit 75073e0e4 ("man: mention that private-bin and private-etc are cumulative", 2022-01-22) and issue #4078. [1] https://github.com/netblue30/firejail/pull/5042/files#r825477891
* | fbuilder: fix private-etcLibravatar smitsohu2022-03-14
| |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-09 19:32:30 +0000