| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
feature: expand simple macros in more commands
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This includes macros such as `${HOME}` and `${RUNUSER}`.
Commands:
* --chroot=
* --netfilter=
* --netfilter6=
* --trace=
Closes #6032.
Reported-by: @michelesr
|
| |\ \
| |/
|/| |
feature: firecfg: add firecfg.d & add ignore command
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ignore command (`!PROGRAM`), as suggested by @WhyNotHugo[1].
It prevents firecfg from creating a symlink for the given program.
Also, document the paths used and the config file syntax.
Note that `/etc/firejail/firecfg.d/*.conf` files are parsed before
/etc/firejail/firecfg.config, so the former can ignore/override any item
in the latter.
Closes #2097.
[1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
|
| | |
| |
| |
| |
| |
| | |
As suggested by @WhyNotHugo[1].
[1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
|
| | |
| |
| |
| |
| |
| | |
Instead of using asprintf + free.
Also, use LIBDIR instead of hardcoded "/usr/lib" for fzenity.
|
| | |
| |
| |
| |
| |
| |
| | |
Changes:
* fix inconsistent indentation/braces
* add missing free
|
| | | |
|
| |\ \
| | |
| | | |
Lookup xauth in PATH.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Don't use hardcoded `/usr/bin/xauth`,
iterate over directories inside PATH instead.
This fixes https://github.com/netblue30/firejail/issues/6006
|
| |\ \ \
| | | |
| | | | |
fcopy: Use lstat when copy directory.
|
| | | | |
| | | |
| | | |
| | | | |
When copying directories use lstat when reading info about source files.
|
| | |/ /
|/| |
| | |
| | |
| | | |
The most generic way is to use `intmax_t`
because we dont't know what is the "parent" type of `off_t`.
This fixes https://github.com/netblue30/firejail/issues/5982 .
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* disable-programs.inc: add support for tiny-rdm
* Create tiny-rdm.profile
* firecfg.config: add support for tiny-rdm
|
| | | |
| | |
| | |
| | | |
to run these options
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create termshark.profile
* firecfg.config: add termshark support
* termshark: CLI hardening
|
| |\ \ \
| | | |
| | | | |
New profile: tidal-hifi
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
modified src/firecfg/firecfg.config to add tidal-hifi
created etc/profile-m-z/tidal-hifi.profile
closes: #6008
Apply suggestions from code review
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
* disable-programs.inc: add lettura support
* Create lettura.profile
* firecfg.config: add lettura
|
| | | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| |\ \ \
| | | |
| | | | |
modif: keep pipewire group unless nosound is used
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This group is apparently used on Gentoo[1].
Currently only the "audio" supplementary group is kept.
Fixes #5992.
See also commit f32938669 ("Keep vglusers group unless no3d is used
(virtualgl)", 2022-01-07) / PR #4851.
[1] https://wiki.gentoo.org/wiki/PipeWire
Reported-by: @amano-kenji
|
| | | | | |
|
| |/ / / |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fix the list generation and run `make syntax`.
Relates to #5627.
|
| | | |
| | |
| | |
| | | |
Closes #5965
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
| | |
| |
| |
| |
| |
| |
| | |
Change the old .txt paths into the new .in paths.
This amends commit 76bd5ad0f ("build: simplify code related to man
pages", 2023-07-12) / PR #5898.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes the following errors:
$ make codespell
[...]
codespell --ignore-regex "UE|creat|doas|shotcut|ether" src test
src/firemon/procevent.c:188: duble ==> double
src/fnettrace/main.c:30: postive ==> positive
src/fnettrace/main.c:30: defiend ==> defined
src/fnettrace/main.c:482: isplay ==> display
make: *** [Makefile:371: codespell] Error 65
$ codespell --version
2.2.5
Added in the following commits:
* bef5d86a1 ("increase socket buffer size for firemon, bug #2700",
2019-09-29)
* c4962789f ("nettrace stats", 2023-08-08)
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | | |
* firecfg.config: add support for clac
* Create clac.profile
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the CI check does not consider certain special characters
(such as `-`) when sorting due to `sort -d`.
So remove `-d`, sort firecfg using `LC_ALL=C` and enforce that order.
Also add `sort -u` to check for duplicates.
This also allows the CI check to ignore normal comments (lines starting
with `# `) anywhere in the file.
Relates to #4643.
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove the space after `#` for commented code and use `#` instead of `-`
for comments at the end of the line.
Commands used to search and replace:
$ f=src/firecfg/firecfg.config; printf '%s\n' "$(sed -E \
-e '3,9999s/^# /#/' \
-e '3,9999s/^#([^ ]+) --? /#\1 # /' \
"$f")" >"$f"
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create reader.profile
* firecfg.config: add reader support
* reader: integrate review suggestions
- blacklist whole ${RUNUSER}
- drop x11 none
* reader: fix 'x11 none'
|
| | |
| |
| |
| |
| | |
* firecfg.config: add daisy support
* Create daisy.profile
|
| |/ |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is breaking build-clang on CI[1]:
make -C src/fnetlock/
make[1]: Entering directory '/home/runner/work/firejail/firejail/src/fnetlock'
clang-14 [...] -c main.c -o main.o
main.c:97:11: error: variable 'bw' set but not used [-Werror,-Wunused-but-set-variable]
unsigned bw = 0; // bandwidth calculations
^
1 error generated.
make[1]: *** [../../src/prog.mk:16: main.o] Error 1
make: *** [Makefile:58: src/fnetlock/fnetlock] Error 2
Added on commit 8e4b847cd ("split nettrace executable ^Cto netrace and
netlock", 2023-07-25).
[1]: https://github.com/netblue30/firejail/actions/runs/5669072674/job/15361026508
Cc: @netblue30
|
| |/ |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
* disable-programs.inc: add sniffnet support
* Create sniffnet.profile
* firecfg.config: add sniffnet support
|
| | | |
|
| | | |
|
| |/ |
|
netblue30
Kelvin M. Klann
Dmitry Chestnykh
Alexander Gerasiov
glitsj16
jtrv
pirate486743186
Frostbyte4664
Topi Miettinen