aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
...
* landlock: fix misc messages in ll_is_supportedLibravatar Kelvin M. Klann2023-12-05
| | | | | This amends commit d10bf154a ("landlock: detect support at runtime", 2023-11-06) / PR #6078.
* landlock: add missing empty function ll_is_supportedLibravatar Kelvin M. Klann2023-12-05
| | | | | This amends commit d10bf154a ("landlock: detect support at runtime", 2023-11-06) / PR #6078.
* landlock: fix incomplete zsh completionLibravatar Kelvin M. Klann2023-12-05
| | | | | This amends commit 13b2c566d ("feature: add Landlock support", 2023-10-24) / PR #6078.
* docs: fix typo of --nonewprivs in Landlock sectionLibravatar glitsj162023-12-05
| | | | | | Originally from PR #5359. Relates to #6078.
* landlock: update README.md, small fix in man firejal; update profile stats ↵Libravatar netblue302023-12-04
| | | | in README.md
* nettraceLibravatar netblue302023-12-04
|
* Merge pull request #6078 from kmk3/landlock_v3Libravatar netblue302023-12-04
|\ | | | | feature: add Landlock support
| * landlock: detect support at runtimeLibravatar Kelvin M. Klann2023-11-07
| | | | | | | | | | And ignore landlock-related commands if Landlock is unsupported at runtime.
| * landlock: avoid parsing landlock commands twiceLibravatar netblue302023-11-07
| |
| * landlock: apply rules in sandbox before app startLibravatar netblue302023-11-07
| | | | | | | | Apply rules in the sandbox thread before the application is started.
| * landlock: new filesystem for --landlock commandLibravatar netblue302023-11-07
| |
| * feature: add Landlock supportLibravatar netblue302023-11-07
| | | | | | | | | | | | | | | | | | | | Based on 5315 by ChrysoliteAzalea. It is based on the same underlying structure, but with a lot of refactoring/simplification and with bugfixes and improvements. Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com> Co-authored-by: Азалия Смарагдова <charming.flurry@yandex.ru>
| * cleanupLibravatar netblue302023-11-06
| |
* | Merge pull request #6109 from kmk3/netfilter-expand-macrosLibravatar netblue302023-12-04
|\ \ | | | | | | feature: expand simple macros in more commands
| * | feature: expand simple macros in more commandsLibravatar Kelvin M. Klann2023-11-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This includes macros such as `${HOME}` and `${RUNUSER}`. Commands: * --chroot= * --netfilter= * --netfilter6= * --trace= Closes #6032. Reported-by: @michelesr
* | | Merge pull request #5876 from kmk3/firecfg-add-confdir-ignoreLibravatar netblue302023-12-04
|\ \ \ | |/ / |/| | feature: firecfg: add firecfg.d & add ignore command
| * | firecfg: add ignore command and docsLibravatar Kelvin M. Klann2023-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add ignore command (`!PROGRAM`), as suggested by @WhyNotHugo[1]. It prevents firecfg from creating a symlink for the given program. Also, document the paths used and the config file syntax. Note that `/etc/firejail/firecfg.d/*.conf` files are parsed before /etc/firejail/firecfg.config, so the former can ignore/override any item in the latter. Closes #2097. [1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
| * | firecfg: parse config files in /etc/firejail/firecfg.dLibravatar Kelvin M. Klann2023-08-04
| | | | | | | | | | | | | | | | | | As suggested by @WhyNotHugo[1]. [1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
| * | firecfg: turn constant strings into constantsLibravatar Kelvin M. Klann2023-08-04
| | | | | | | | | | | | | | | | | | Instead of using asprintf + free. Also, use LIBDIR instead of hardcoded "/usr/lib" for fzenity.
| * | firecfg: fix missing free and formattingLibravatar Kelvin M. Klann2023-08-04
| | | | | | | | | | | | | | | | | | | | | Changes: * fix inconsistent indentation/braces * add missing free
* | | mergesLibravatar netblue302023-11-24
| | |
* | | Merge pull request #6087 from chestnykh/issue-6006Libravatar netblue302023-11-24
|\ \ \ | | | | | | | | Lookup xauth in PATH.
| * | | Lookup xauth in PATH.Libravatar Dmitry Chestnykh2023-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't use hardcoded `/usr/bin/xauth`, iterate over directories inside PATH instead. This fixes https://github.com/netblue30/firejail/issues/6006
* | | | Merge pull request #5957 from gerasiov/fcopy-fix-size-calculationLibravatar netblue302023-11-24
|\ \ \ \ | | | | | | | | | | fcopy: Use lstat when copy directory.
| * | | | fcopy: Use lstat when copy directory.Libravatar Alexander Gerasiov2023-08-14
| | | | | | | | | | | | | | | | | | | | When copying directories use lstat when reading info about source files.
* | | | | Fix displaying of large file sizes. (#6086)Libravatar Dmitriy Chestnykh2023-11-24
| |/ / / |/| | | | | | | | | | | | | | | The most generic way is to use `intmax_t` because we dont't know what is the "parent" type of `off_t`. This fixes https://github.com/netblue30/firejail/issues/5982 .
* | | | New profile: tiny-rdm (#6083)Libravatar glitsj162023-11-11
| |_|/ |/| | | | | | | | | | | | | | | | | * disable-programs.inc: add support for tiny-rdm * Create tiny-rdm.profile * firecfg.config: add support for tiny-rdm
* | | enabled nettraces by default in the main build - you would need to be root ↵landlock-splitLibravatar netblue302023-10-24
| | | | | | | | | | | | to run these options
* | | profiles: exchange private-opt with a whitelist (#6021)Libravatar glitsj162023-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * profiles: drop private-opt (existing whitelist) * profiles: replace private-opt with whitelist In most profiles. Kept private-opt for enpass (~85MB), mate-dictionary (<20MB), minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't check: xmr-stak. * docs: note potential issues with private-opt
* | | New profile: termshark (#6039)Libravatar glitsj162023-10-07
| | | | | | | | | | | | | | | | | | | | | * Create termshark.profile * firecfg.config: add termshark support * termshark: CLI hardening
* | | Merge pull request #6009 from jtrv/tidal-hifiLibravatar netblue302023-10-05
|\ \ \ | | | | | | | | New profile: tidal-hifi
| * | | New profile: tidal-hifi (#6008)Libravatar jtrv2023-09-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | modified src/firecfg/firecfg.config to add tidal-hifi created etc/profile-m-z/tidal-hifi.profile closes: #6008 Apply suggestions from code review Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* | | | New profile: lettura (#6027)Libravatar glitsj162023-10-03
|/ / / | | | | | | | | | | | | | | | | | | * disable-programs.inc: add lettura support * Create lettura.profile * firecfg.config: add lettura
* | | create fluffychat.profile (#6007)Libravatar pirate4867431862023-09-23
| | | | | | | | | Co-authored-by: pirate486743186 <>
* | | Merge pull request #5993 from kmk3/modif-keep-pipewire-groupLibravatar Kelvin M. Klann2023-09-20
|\ \ \ | | | | | | | | modif: keep pipewire group unless nosound is used
| * | | modif: keep pipewire group unless nosound is usedLibravatar Kelvin M. Klann2023-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This group is apparently used on Gentoo[1]. Currently only the "audio" supplementary group is kept. Fixes #5992. See also commit f32938669 ("Keep vglusers group unless no3d is used (virtualgl)", 2022-01-07) / PR #4851. [1] https://wiki.gentoo.org/wiki/PipeWire Reported-by: @amano-kenji
* | | | Add blender-3.6 redirect (#6013)Libravatar Frostbyte46642023-09-18
| | | |
* | | | speed up blacklistsLibravatar netblue302023-09-12
|/ / /
* | | build: add missing dbus/x11 commands to arg1 listLibravatar Kelvin M. Klann2023-09-06
| | | | | | | | | | | | | | | | | | Fix the list generation and run `make syntax`. Relates to #5627.
* | | Fix wrong syscall names for s390_pci_mmio_{read,write}Libravatar Topi Miettinen2023-08-26
| | | | | | | | | | | | Closes #5965
* | | update disable-devel.incLibravatar netblue302023-08-22
| | |
* | | more appimage fixesLibravatar netblue302023-08-22
| | |
* | | more domains for static-ip-mapLibravatar netblue302023-08-20
| | |
* | | appimage fixesLibravatar netblue302023-08-20
|/ /
* | build: fix wrong man page pathsLibravatar Kelvin M. Klann2023-08-12
| | | | | | | | | | | | | | Change the old .txt paths into the new .in paths. This amends commit 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12) / PR #5898.
* | build: fix codespell errorsLibravatar Kelvin M. Klann2023-08-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following errors: $ make codespell [...] codespell --ignore-regex "UE|creat|doas|shotcut|ether" src test src/firemon/procevent.c:188: duble ==> double src/fnettrace/main.c:30: postive ==> positive src/fnettrace/main.c:30: defiend ==> defined src/fnettrace/main.c:482: isplay ==> display make: *** [Makefile:371: codespell] Error 65 $ codespell --version 2.2.5 Added in the following commits: * bef5d86a1 ("increase socket buffer size for firemon, bug #2700", 2019-09-29) * c4962789f ("nettrace stats", 2023-08-08)
* | small nettrace updateLibravatar netblue302023-08-11
| |
* | Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302023-08-11
|\ \
| * | New profile: clac (#5947)Libravatar glitsj162023-08-10
| | | | | | | | | | | | | | | * firecfg.config: add support for clac * Create clac.profile
| * | New profile: journal-viewer (#5943)Libravatar glitsj162023-08-10
| | |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 14:56:22 +0000