| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As of this commit, these are not of much use. Though later if a generic
profile search/replace tool with built-in rules is to be added, the
tools in question could be used as a starting point.
src/tools/profcleaner.c was added on commit fe0f975f4 ("move
whitelist/blacklist to allow/deny", 2021-07-05).
src/tools/profcleaner.sh was added on commit ed02ab57b ("Create
profcleaner.sh", 2021-07-07) / PR #4389.
Relates to #4410.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
whitelist/nowhitelist/blacklist/noblacklist"
This reverts commit 45f2ba544e9934b49e03b17c0a638dddc3a44734.
Note: This is not a clean revert.
Note2: This also reverts the changes to src/firejail/profile.c from
commit fe0f975f4 ("move whitelist/blacklist to allow/deny", 2021-07-05).
Relates to #4410.
|
| |
|
|
|
|
| |
This reverts commit 1021fb9e5d32a48698c0c8c913d44a048b12db7f.
Relates to #4388 and #4410.
|
| | |
|
| |\
| |
| | |
Add CachyBrowser profile
|
| | | |
|
| |\ \
| | |
| | | |
Fix keeping certain groups with nogroups
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This amends commit b828a9047 ("Keep audio and video groups regardless of
nogroups", 2021-11-28) from PR #4725.
The commit above did not change the behavior (the groups are still not
kept). With this commit, it appears to work properly:
$ groups | grep audio >/dev/null && echo kept
kept
# with check_can_drop_all_groups == 0
$ firejail --quiet --noprofile --nogroups groups |
grep audio >/dev/null && echo kept
kept
# with check_can_drop_all_groups == 1
$ firejail --quiet --noprofile --nogroups groups |
grep audio >/dev/null && echo kept
$
Add a new check_can_drop_all_groups function to check whether the
supplementary groups can be safely dropped without potentially causing
issues with audio, 3D hardware acceleration or input (and maybe more).
It returns false if nvidia (and no `no3d`) is used or if (e)logind is
not running, as in either case the supplementary groups might be needed.
Note: With this, the behavior from before #4725 is restored on (e)logind
systems (when not using nvidia), as it makes the supplementary groups
always be dropped on such systems.
Note2: Even with the static variable, these checks still happen at least
twice. It seems that it happens once per translation unit (and I think
that it may happen more times if there are multiple processes involved).
This also amends (/kind of reverts) commit 6ddedeba0 ("Make nogroups
work on nvidia again", 2021-11-29) from PR #4725, as it restores the
nvidia check from it into the new check_can_drop_all_groups function.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This amends commit 11418a46c ("dns fixes", 2019-10-31).
fwarning already prints "Warning: " at the beginning.
Kind of relates to commit 6ddedeba0 ("Make nogroups work on nvidia
again", 2021-11-29) / PR #4725, which removed code affected by this.
Command used to find the duplicates:
git grep -i -F 'fwarning("Warning:' -- src
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To not be confused with arg_nogroups, as in the vast majority of cases
drop_privs is called with either 0 or 1 rather than arg_nogroups. The
rename makes it clearer that what the parameter does is to drop all
groups without exception, unlike arg_nogroups, which may have certain
groups be kept.
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This amends commit ebe4c93f2 ("profstats cleanup", 2021-12-01) / #4730.
This is the second paragraph verbatim of one of the GPL license notices
recommended by GNU[1]:
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
On all but one (external) file (and on src/profstats/main.c), the notice
uses the same spacing:
$ git grep -I -F 'FITNESS FOR A PARTICULAR PURPOSE. See' | wc -l
156
$ git grep -I -F 'FITNESS FOR A PARTICULAR PURPOSE. See'
m4/ax_check_compile_flag.m4:# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
src/profstats/main.c: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
[1] https://www.gnu.org/licenses/gpl-howto.en.html
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Keep some groups regardless of nogroups and restore nogroups on nvidia
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove workaround from commit 623e68216 ("temporary fix for
nvidia/nogroups/noroot issue (#3644, #841)", 2020-10-02) and from commit
cb460c32c ("more nvidia (#3644)", 2020-10-03).
The handling of the "render" and "video" groups is separate from
`nogroups` now, so disabling `nogroups` on nvidia shouldn't be necessary
anymore. See the previous 2 commits for details.
See also the discussion on PR #4632.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Mappings of command -> group that this commit adds:
* no3d -> render
* noprinters -> lp
* nodvd -> cdrom (Debian[1] and Gentoo[2]), optical (Arch[3])
* noinput -> input
Mappings that were considered but that are not added:
* notv -> ? (unknown group)
* nou2f -> ? (devices are apparently owned by root; see #4603)
Based on @rusty-snake's suggestion:
https://github.com/netblue30/firejail/issues/4603#issuecomment-944046299
See the previous commit ("Keep audio and video groups regardless of
nogroups") for details.
Relates to #2042 and #4632.
[1] https://wiki.debian.org/SystemGroups
[2] https://api.gentoo.org/uid-gid.txt
[3] https://wiki.archlinux.org/title/Users_and_groups
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, on systems that use seat managers that do not implement
seat-based ACLs (such as seatd), sound is broken whenever `nogroups` is
used. This happens because without ACLs, access to the audio devices in
/dev is controlled by the standard group permissions and the "audio"
group is always dropped when `nogroups` is used. This patch makes the
"audio" and "video" groups be dropped if and only if `noaudio` and
`novideo` are in effect, respectively (and independently of `nogroups`).
See #4603 and the linked issues/discussions for details.
Note: This is a continuation of commit ea564eb74 ("Consider nosound and
novideo when keeping groups") / PR #4632.
Relates to #2042 and #4531.
|
| | | |
|
| | |
| |
| |
| | |
development
|
| |\ \
| | |
| | | |
Configure improvements2
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See commit 15d793838 ("Try to fix #2310 -- Can't create run directory
without suid-root", 2021-05-13) / PR #4273.
It is the only "HAVE_" option whose value is set by if/else on a
makefile. Also, it is set in different places to either "yes", "no",
blank or "-DHAVE_SUID". Set the value only on configure.ac and only to
either blank or to "-DHAVE_SUID".
Misc: The `ifeq ($(HAVE_SUID),-DHAVE_SUID)` comparison that this adds is
based on the existing `ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)`
comparison on Makefile.in.
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Consider nosound and novideo when keeping groups & misc refactors
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Even when `nogroups` is not used, avoid keeping the audio and video
groups when `nosound` and `novideo` are used, respectively.
Based on @rusty-snake's suggestion:
https://github.com/netblue30/firejail/issues/4603#issuecomment-944046299
Relates to #4603.
|
| | |
| |
| |
| | |
Check if new_groups already is full before trying to add to it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move the logic from clean_supplementary_groups into the following new
functions:
* find_group
* copy_group_ifcont
These will be reused later.
Misc: The latter function's signature is based on getgrouplist(2), which
is used on clean_supplementary_groups.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added on commit 137985136 ("Baseline firejail 0.9.28", 2015-08-08). See
also commit ad6bb83fa ("consolidate makefiles", 2018-03-31).
It is not used anywhere. And it looks like it has never been used
anywhere:
$ git log --oneline -Gpthread.h 137985136..master
$
Issue mentioned by @rusty-snake:
https://github.com/netblue30/firejail/issues/4642#issuecomment-955795463
|
| | |
| |
| |
| |
| |
| |
| | |
This amends commit b5de1d0f9 ("Fix inconsistent descriptions of
machine-id option").
Relates to #4689.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some places say that it "preserves" the file and other places say that
it "spoofs" the file. Based on the fs_machineid function on
src/firejail/fs_etc.c, the latter one is correct.
This amends commit d0cc960c9 ("spoof machine-id", 2016-12-05).
Fixes #4689.
Reported-by: @svc88
|
| | | |
|
| |\ \
| | |
| | | |
deterministic-shutdown option
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Add OpenStego profile
|
| | | | | |
|
| |/ / / |
|
| |\ \ \
| | | |
| | | | |
Make env/arg sanity check failure messages more useful
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This change doesn't alter any checks, but it gives more specific
errors when a sanity check of env vars or argv does not pass, which
can point to limits to raise or at least give us better detailed bug
reports.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
Bug: https://github.com/netblue30/firejail/issues/3678
Bug: https://github.com/netblue30/firejail/issues/3851
Bug: https://github.com/netblue30/firejail/issues/4633
|
| |\ \ \ \
| | | | |
| | | | | |
Fix TOCTOU/CodeQL CWE-367 warnings (easy ones + fs.c)
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Relates to #4503.
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This should fix all such warnings on the following files:
* src/fids/main.c
* src/firejail/seccomp.c
Misc: Besides the above reason, these are some of the more
straightforward TOCTOU warning fixes and they are done without any
additional refactor commits, so that's the reason for "easy ones".
List of TOCTOU warnings:
https://github.com/netblue30/firejail/security/code-scanning?query=id%3Acpp%2Ftoctou-race-condition
See https://cwe.mitre.org/data/definitions/367.html
Relates to #4503.
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This should make it easier for users, and distributions, to customize
which programs they want firejail to wrap. Also fixed some
firecfg.cfg -> firecfg.config references.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
Closes: https://github.com/netblue30/firejail/issues/408
Bug: https://github.com/netblue30/firejail/issues/2097
Bug: https://github.com/netblue30/firejail/issues/2829
Bug: https://github.com/netblue30/firejail/issues/3665
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Profile Checks
|
| | |/ / |
|
| | | |
| | |
| | |
| | |
| | | |
cannot create fslogger file as user,
so raise privs and create it as root
|
| |/ /
| |
| |
| |
| | |
possible because selinux_relabel_path
now raises privs itself where necessary
|
netblue30
Kelvin M. Klann
Vladislav Nepogodin
Hugo Osvaldo Barrera
glitsj16
smitsohu
Jan Sonntag
Hank Leininger
rusty-snake