| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |\
| |
| | |
build: Fix whitespace and add .editorconfig
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commands used to list the file extensions used in the project:
$ git ls-files | sed -En 's/.*(\.[^.]+)$/\1/p' |
LC_ALL=C sort | uniq -c
For rules that are more specific to a given directory, put a dedicated
.editorconfig file in it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* Fix spaces being used for indentation in some lines in C
* Remove leading spaces before some goto labels
* Remove leading spaces before the start of some multiline comments
* Change leading spaces to tabs in some multiline macros
* Add missing asterisk to some multiline comments (to match other
multiline comments and because they are false positives in the
commands below)
Note: Leading spaces can be used for alignment (such as in function
parameters and function arguments in C) and for line continuation (such
as in long commands in shell scripts). However, in the above changes
the leading spaces are used for other reasons and do not seem to fit
with the style used.
Commands used to search for errors:
$ git grep -In '^ [^*]' | grep -E -v \
-e '(COPYING|README|RELNOTES|configure(.ac)?):' \
-e '^[^:]+.(md|yml|py):' -e '(bash|zsh)_completion/' \
-e '^contrib/syntax/' -e '^etc/templates/.*\.txt:' -e '^m4/' \
-e '^platform/debian/' -e '^src/man/.*\.txt:' \
-e '.*mkrpm.sh:' -e '.*extract_errnos.sh:'
|
| | |
| |
| |
| |
| |
| |
| | |
To match the common usage; see for example src/firejail/firejail.h.
Added on commit 960b4daba ("add tool to dump seccomp filters",
2020-02-17).
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes all of the "space before tab in indent" errors raised by git:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
72 space before tab in indent.
Commands used to find the errors:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD
$ git grep -In "$(printf '\t') "
Note: Unlike "space before tab in indent", the reverse ("space after tab
in indent") is not reported by git. That is because spaces could be
intentionally used for alignment or line continuation, but in some cases
they are being used for indentation together with tabs and in others the
formatting is misaligned. The second command was used to help find and
fix these other issues.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commands used to search and replace:
$ git grep -Ilz '.' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(cat '{}')\" >'{}'"
The above commands ensure that there is exaclty 1 line terminator at EOF
(rather than 0 or more than 1) on all non-empty text files.
This fixes all of the "new blank line at EOF" errors raised by git:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
21 new blank line at EOF.
72 space before tab in indent.
4 trailing whitespace.
|
| |\ \
| | |
| | | |
Print the argument when failing with "too long arguments"
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, s/arguments/argument/ since the message refers to one specific
argument.
Relates to commit 0d06369a8 ("Make env/arg sanity check failure messages
more useful", 2021-11-10) / PR #4676.
Relates to #5676.
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create qpdf.profile and redirects
qpdf (CLI) provides PDF metadata cleaning.
See privacy-handbuch.de[1] for details.
The site offers pdf-meta-clean.sh[2], which works very well with
firejailed qpdf.
[1] https://www.privacy-handbuch.de/handbuch_43a.htm
[2] https://www.privacy-handbuch.de/download/pdf-meta-clean.sh
* RELNOTES: add qpdf and redirects to new profiles section
* firecfg.config: add qpdf and redirects
* qpdf: use 'seccomp socket' instead of 'protocol unix'
See https://github.com/netblue30/firejail/issues/639. Thanks @rusty-snake in code review.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream file is licensed under the LGPLv2.1+ and it uses an SPDX
license identifier rather than an LGPL license notice[1].
And according to the GNU project, the LGPLv2.1+ is compatible with both
the GPLv2 (with the result being GPLv2) and the GPLv3 (with the result
being GPLv3), though the reverse (GPL -> LGPL) does not apply[2] [3].
This means that if we make changes that are only available under the
GPLv2, systemd would be unable to copy them back and release the result
under the LGPLv2.1 without being in violation of the GPLv2.
So replace the GPL license notice with the SPDX license identifier of
the upstream file ("LGPL-2.1-or-later"), to make it easier to share
changes between both projects.
See also the following systemd commits[4] [5] [6] [7]:
* 53e1b68390 ("Add SPDX license identifiers to source files under the
LGPL", 2017-11-18)
* db9ecf0501 ("license: LGPL-2.1+ -> LGPL-2.1-or-later", 2020-11-09)
[1] https://github.com/systemd/systemd/blob/254d1313ae5a69c08c9b93032aaaf3d6083cfc07/src/shared/selinux-util.c
[2] https://www.gnu.org/licenses/license-list.en.html#LGPLv2.1
[3] https://www.gnu.org/licenses/license-compatibility.html
[4] https://github.com/systemd/systemd/commit/53e1b683907c2f12330f00feb9630150196f064d
[5] https://github.com/systemd/systemd/pull/7386
[6] https://github.com/systemd/systemd/commit/db9ecf050165fd1033c6f81485917e229c4be537
[7] https://github.com/systemd/systemd/pull/17548
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes firejail's Copyright notice match the ones in basically
every other file, which simplifies updating the Copyright years.
selinux.c was added on commit 1ad2d54c0 ("Add support for SELinux
labeling", 2020-02-18) and it claims to be "from systemd
selinux-util.c".
As for systemd's Copyright notice, the current version of that file on
the systemd project does not have any[1].
The first commit in the systemd repository is from 2009[2] and the file
was copied in 2020 (and does not seem to have been synced since), so set
the years in its Copyright notice to 2009-2020.
Since there is no Copyright notice (and no author) in the upstream file,
list "The systemd Authors" in the Copyright notice.
See also systemd commit 0c69794138 ("tree-wide: remove Lennart's
copyright lines", 2018-06-12)[3] [4].
[1] https://github.com/systemd/systemd/blob/254d1313ae5a69c08c9b93032aaaf3d6083cfc07/src/shared/selinux-util.c
[2] https://github.com/systemd/systemd/commit/6091827530d6dd43479d6709fb6e9f745c11e900
[3] https://github.com/systemd/systemd/commit/0c697941389b7379c4471bc0a067ede02814bc57
[4] https://github.com/systemd/systemd/pull/9274
|
| |
|
|
|
|
|
|
|
|
| |
Make it "2014-2023", which is the same as in basically every other file
that has the same Copyright author.
This kind of amends commit b408b20c7 ("gcov: fix build failure with gcc
11.1.0", 2021-06-15) / PR #4376.
This is a follow-up to #5664.
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
modif: Escape control characters of the command line
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Names and commands can contain control characters:
```
firejail --name="$(echo -e '\e[31mRed\n\b\b\bText\e[0m')" sleep 10s
```
results in "Text" printed in red.
Prevent commands like `--tree` to control the terminal.
|
| | |
| |
| |
| | |
profiles
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
feature: Add 'keep-shell-rc' command and option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes #1127.
This allow a user to provide their own zshrc/bashrc inside the jail.
This is very useful when using firejail to develop and prevent bad pip
packages to access your system.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
| |\ \
| | |
| | | |
modif: Prevent sandbox name from containing only digits
|
| | | |
| | |
| | |
| | |
| | | |
Names should not contain only numbers,
as they are used in other commands as PIDs.
|
| | | |
| | |
| | |
| | | |
group; added nvidia and X11 directories to @x11 group.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
groups added
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
feature
|
| |\ \ \
| | | |
| | | | |
modif: Stop forwarding own double-dash to the shell
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, if double-dash ("--") is passed to firejail, it is forwarded
to the user shell:
$ firejail --debug --noprofile -- echo test 2>&1 |
grep -e execvp -e test
Building quoted command line: 'echo' 'test'
Building quoted command line: 'echo' 'test'
Running 'echo' 'test' command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: --
execvp argument 3: 'echo' 'test'
test
This causes issues when the user shell does not accept "--" / is not
POSIX-compatible:
$ /bin/bash -c -- 'echo test'
test
$ /bin/fish -c -- 'echo test'
fish: Unknown command: --
fish:
--
^
Fixes #5599.
Relates to #3434.
Reported-by: @iltep64
Reported-by: @ferreum
|
netblue30
Kelvin M. Klann
glitsj16
David Fetter
layderv
Antoine Catton