| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It currently claims to contain "common definitions for all makefiles",
but it is not included by all makefiles under src/ and it contains
variable definitions that may possibly clash with the ones defined on
certain makefiles. Mainly, the following makefiles (which are used for
building shared objects) use a different set of CFLAGS compared to
src/common.mk.in:
* src/libpostexecseccomp/Makefile.in
* src/libtrace/Makefile.in
* src/libtracelog/Makefile.in
Given the contents of common.mk.in, it seems to be intended only for
makefiles that build C programs and/or non-shared objects (which are
most of, but not all of the makefiles under src/), so put that in the
comment instead.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
the previous commit "CVE-2022-31214: fixing the fix"
made private-etc=fonts,fonts and similar commands
fail with an error
fix that regression by tolerating already existing
directories
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
at compile time.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, when running on CI, `firejail --version` only prints the
following line:
firejail version 0.9.69
Add a new print_version() function that always prints both the above and
the compile-time options (like it is done outside of CI) and call it in
both of the places that handle --version on main.c.
Misc: The printing of compile-time features was added on commit
48dd1fbec ("apparmor", 2016-08-02).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As caught by the Clang Static Analyzer:
$ make clean && NO_EXTRA_CFLAGS="yes" scan-build --status-bugs make -C src/fzenity
[...]
main.c:77:10: warning: Value stored to 'ptr' is never read [deadcode.DeadStores]
return ptr++;
^~~~~
1 warning generated.
[...]
scan-build: Analysis run complete.
scan-build: 1 bug found.
The above increment is a no-op, as it is equivalent to
`return ptr; ptr++;`.
For it to make any difference, the prefix increment operator would have
to be used in place of the postfix one:
return ++ptr;
Which would be equivalent to `++ptr; return ptr;`.
But in order to fix the warning (and CI) while avoiding to change the
current behavior, just remove the operator instead.
Added on commit 1cdfa6f95 ("more on firecfg --guide: fzenity",
2022-04-25).
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Partial error log when building firejail-git (afee8603f) with
--enable-fatal-warnings:
hostnames.c: In function ‘retrieve_hostname’:
hostnames.c:53:17: error: ‘fclose’ called on pointer returned from a mismatched allocation function [-Werror=mismatched-dealloc]
53 | fclose(fp);
| ^~~~~~~~~~
hostnames.c:38:20: note: returned from ‘popen’
38 | FILE *fp = popen(cmd, "r");
| ^~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7: hostnames.o] Error 1
Environment: gcc 11.2.0-4 on Artix Linux.
Added on commit 500a56efd ("more on nettrace", 2022-01-07).
|
| | | |
|
| |/
|
|
| |
/etc/alternatives on Debian
|
| |\ |
|
| | |\
| | |
| | | |
Stop warning on safe supplementary group clean
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When nogroups is used, the following warning may be issued (potentially
multiple times, as drop_privs may be called more than once):
Warning: cleaning all supplementary groups
But the warning is being shown even when it seems that all supplementary
groups can be safely dropped (and are thus dropped), which is likely a
common scenario. This commit prevents the warning from being printed in
that case, making it so that it is only shown in the non-happy paths (as
was the case on firejail 0.9.66).
Misc: The added code was copied from drop_privs.
This amends commit 7abce0b4c ("Fix keeping certain groups with
nogroups", 2021-11-30) / PR #4732.
Kind of relates to #4930.
|
| |/ / |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
- fix shellcheck
- break long lines
- remove unseless $? check
- remove needless \\
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
As hinted by @rusty-snake[1].
[1] https://github.com/netblue30/firejail/discussions/5064#discussioncomment-2417395
|
| | |
|
| |\
| |
| | |
docs: mention inconsistent homedir bug involving --private=dir
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
And the workaround suggested by @smitsohu[1] and @rusty-snake[2].
Relates to #903 #5048.
[1] https://github.com/netblue30/firejail/issues/903#issuecomment-946673346
[2] https://github.com/netblue30/firejail/discussions/5048#discussioncomment-2360034
|
| | |
| |
| |
| |
| |
| | |
It's currently only present on firejail.txt.
This amends commit 340699fbd ("misc things", 2020-02-22).
|
| |\ \
| |/
|/| |
man: mention that the protocol command accumulates
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As mentioned by @rusty-snake[1].
This amends commit 39654d016 ("adding netlink to --protocol list
(#4605)", 2022-01-21).
See also commit 75073e0e4 ("man: mention that private-bin and
private-etc are cumulative", 2022-01-22) and issue #4078.
[1] https://github.com/netblue30/firejail/pull/5042/files#r825477891
|
| | | |
|
| | | |
|
Kelvin M. Klann
PizzaDude
Reiner Herrmann
smitsohu
netblue30
rusty-snake
glitsj16