aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* fixing broken buildLibravatar netblue302021-06-19
|
* jailcheck: networking supportLibravatar netblue302021-06-19
|
* Merge pull request #4360 from kmk3/gcov-add-missing-includesLibravatar netblue302021-06-18
|\ | | | | gcov: add missing gcov.h includes
| * gcov: add missing gcov.h includesLibravatar Kelvin M. Klann2021-06-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following "implicit declaration" warning (13 occurrences in total) when building with gcov support: $ pacman -Q gcc10 gcc10 1:10.2.0-3 $ CC=gcc-10 && export CC $ ./configure --prefix=/usr --enable-apparmor --enable-gcov >/dev/null $ make >/dev/null appimage.c: In function ‘appimage_set’: appimage.c:140:2: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration] 140 | __gcov_flush(); | ^~~~~~~~~~~~ interface.c: In function ‘print_sandbox’: interface.c:149:3: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration] 149 | __gcov_flush(); | ^~~~~~~~~~~~ netstats.c: In function ‘netstats’: netstats.c:246:4: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration] 246 | __gcov_flush(); | ^~~~~~~~~~~~ [...] Note: The commands above were executed from makepkg, while building firejail-git from the AUR. Note2: gcc-10 was used because the build fails with the current gcc version (11.1.0) on Artix Linux. The failure happens because __gcov_flush was removed on gcc 11.1.0[1]; this will be addressed later. Note3: The following command helped find the affected files: $ git grep -Fl __gcov -- src [1] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=811b7636cb8c10f1a550a76242b5666c7ae36da2
* | appimage fixLibravatar netblue302021-06-17
|/
* appimage: automatically detect profileLibravatar netblue302021-06-14
|
* Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2021-06-11
|\
| * mcomix profile creation (#4338)Libravatar pirate4867431862021-06-10
| | | | | | | | | | | | | | | | | | | | | | * mcomix * Create mcomix.profile * tightening * fixes * comment
* | follow-upLibravatar smitsohu2021-06-11
|/ | | | PR #4349
* Merge pull request #4344 from pirate486743186/qcomicbookLibravatar Reiner Herrmann2021-06-08
|\ | | | | creating qcomicbook profile
| * qcomicbookLibravatar pirate4867431862021-06-06
| |
* | add more EUID switchingLibravatar smitsohu2021-06-08
| | | | | | | | | | always access files under control of the user with effective user id of the user
* | refactor mountingLibravatar smitsohu2021-06-08
| |
* | miscLibravatar smitsohu2021-06-07
| |
* | fix OOBLibravatar smitsohu2021-06-07
| |
* | blacklist cleaned passwd, group, utmp filesLibravatar smitsohu2021-06-06
| | | | | | | | | | | | just in case users decide to remove them completely from the sandbox, by means of private-etc or whitelist
* | selinux enhancementsLibravatar smitsohu2021-06-06
| |
* | fixup 9678da00301562464464099b9d7cfd76424fbb23Libravatar smitsohu2021-06-06
|/
* cleanupLibravatar smitsohu2021-06-06
|
* jailcheck: fix spelling errorsLibravatar Reiner Herrmann2021-06-04
|
* creating googler and ddgr profiles (#4333)Libravatar pirate4867431862021-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Create googler-common.profile * Create googler.profile * Create ddgr.profile * Update firecfg.config * sort fix * space * space * tightening * comment * fix comment * fix private-etc and ${DOWNLOADS} * fix sort * redundant ${DOWNLOADS}
* Merge pull request #4326 from jsquyres/pr/master/dont-quote-all-cmdlinesLibravatar netblue302021-06-04
|\ | | | | cmdline.c: optionally quote the resulting command line
| * cmdline.c: optionally quote the resulting command lineLibravatar Jeff Squyres2021-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we were launched by sshd, do not add extra quotes to the command line. This is because if firejail is a login shell, sshd will launch firejail thusly: * argv[0]: /path/to/firejail * argv[1]: -c * argv[2]: user's command to execute For example, if the user executed "ssh othernode echo hello world", argv[2] will be "echo hello world". Firejail will then add *extra* quotes to it, resulting in argv[2] becoming "'echo hello world' " (without the "", of course). The user's shell (e.g., bash) will see the extra single quotes and will not split the token into multiple tokens. The shell will be unable to find an executable or intrinsic named "echo hello world ", so it will fail. This commit changes the above behavior if firejail is launched by sshd. In that case, firejail will *not* add the extra single quotes around argv[2]. Specifically: all the tokens still end up in argv[2], but there's no *extra* quotes around argv[2], so the shell will split argv[2] into multiple tokens (if necessary). In the above example, argv[2] will be "echo hello world" (without the ""), which will be split. The shell will then look for an intrinsic or executable named "echo", which will succeed, and "hello world" will ultimately be emitted. Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
* | Merge pull request #4330 from smitsohu/fjconfigLibravatar netblue302021-06-04
|\ \ | | | | | | add firejail.config switch for private-{bin,etc,opt,srv}
| * | add firejail.config switch for private-{bin,etc,opt,srv}Libravatar smitsohu2021-05-22
| | |
* | | simplify X11 socket whitelistingLibravatar smitsohu2021-06-03
| | |
* | | Update manpage for whitelist2Libravatar rusty-snake2021-06-03
| | |
* | | version 0.9.66rc1 released0.9.66rc1Libravatar netblue302021-06-02
| | |
* | | reorganizing links browsers (#4320)Libravatar pirate4867431862021-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create links-common.profile * Update links.profile * Create links2.profile * Update links.profile * Update links2.profile * Update elinks.profile * Update elinks.profile * links2 * Update firecfg.config * Update xlinks.profile * .xlinks * add dbus and whitelist-usr-share-common * .xlinks doesn't exist * revert * Create xlinks2 * xlinks2 * Update xlinks2 * Update xlinks.profile * no wayland * no wayland * doesn't use /tmp/.X11-unix * doesn't use /tmp/.X11-unix * noblacklist /tmp/.X11-unix * noblacklist /tmp/.X11-unix
* | | --debug takes precedence over --quiet (#2743)Libravatar netblue302021-05-30
| | |
* | | fix fcoy error message (#2743)Libravatar netblue302021-05-30
| | |
* | | allow --debug if quite-by-default is set (#3125, #4168)Libravatar netblue302021-05-30
| | |
* | | fix crash during --shutdonwLibravatar netblue302021-05-29
| | |
* | | disable home dir whitelists when --private is presentLibravatar netblue302021-05-29
| |/ |/|
* | reorganizing youtube-viewers (#4128)Libravatar pirate4867431862021-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create youtube-viewers-common.profile * reorganising youtube viewers * rm globals * reorganise youtube viewers * adding pipe-viewer * adding gtk-pipe-viewer * xterm and youtube-dl cache * sort * Update youtube-viewers-common.profile * quiet * quiet * quiet * Update firecfg.config * rm vlc * rm invalid binary * noinput * rm whitelist-runuser-common.inc * rm whitelist-runuser-common.inc * rm whitelist-runuser-common.inc * whitelist-runuser-common.inc
* | Merge pull request #4307 from slowpeek/masterLibravatar Reiner Herrmann2021-05-28
|\ \ | | | | | | Refine appimage example in docs
| * | Refine appimage example in docsLibravatar slowpeek2021-05-26
| | |
* | | default gw fix - #4306Libravatar netblue302021-05-27
| | |
* | | remove dophin from firecfg.configLibravatar netblue302021-05-26
|/ /
* | deprecated follow-symlink-as-user from firejail.configLibravatar netblue302021-05-26
| |
* | fix firejail startup raceLibravatar smitsohu2021-05-24
| | | | | | | | | | | | | | | | sandboxes can race to create RUN_RO_FILE in shared memory similiar to #1013 regression from 825ac9cdc38c4285584e69d6f29102b149914dfe
* | Merge pull request #4302 from smitsohu/whitelist2Libravatar smitsohu2021-05-23
|\ \ | | | | | | Whitelist2 follow-up
| * | whitelist: following up #4229Libravatar smitsohu2021-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | besides some cosmetic tweaks, fixes --whitelist=/a/b where /a/b is a symbolic link to /a/c/d and c is the user home directory: create path as user and not as root. (going forward, a better and more comprehensive fix would be to prevent all mount point traversals in whitelist_mkpath, but it will take a bit of time to implement)
* | | support trailing comments on profile linesLibravatar netblue302021-05-21
| | |
* | | --buid fixesLibravatar netblue302021-05-20
| | |
* | | new profilesLibravatar netblue302021-05-20
| | |
* | | jailtest -> jailcheck (#4268)Libravatar netblue302021-05-18
| | |
* | | Merge pull request #4273 from rusty-snake/fix-2310Libravatar netblue302021-05-18
|\ \ \ | | | | | | | | Try to fix #2310 -- Can't create run directory without suid-root
| * | | Try to fix #2310 -- Can't create run directory without suid-rootLibravatar rusty-snake2021-05-14
| | | |
* | | | Merge pull request #4229 from smitsohu/whitelist2Libravatar netblue302021-05-18
|\ \ \ \ | | |/ / | |/| / | |_|/ |/| | Whitelist2