aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* Give fbuilder full original environmentLibravatar Topi Miettinen2021-08-16
| | | | Closes: #4460
* Move disable-passwordmgr.inc into disable-common.inc/disable-programs.inc ↵Libravatar rusty-snake2021-08-12
| | | | follow up
* fix man firejail-profileLibravatar rusty-snake2021-08-09
| | | | | machine-id is not affected by --disable-network and matches in "User Environment" as well.
* Respect quiet if no dbus-user (filter|none) is setLibravatar rusty-snake2021-08-05
|
* Add --ids-* to zsh completionLibravatar rusty-snake2021-07-31
|
* private-lib: fix double symlinkLibravatar netblue302021-07-30
|
* removed dependency on strace for --build option; added seccomp by default ↵Libravatar netblue302021-07-29
| | | | for --build run
* Merge pull request #4419 from glitsj16/ncdu2Libravatar netblue302021-07-28
|\ | | | | add ncdu2 redirect profile
| * add firecfg support for ncdu2Libravatar glitsj162021-07-26
| |
* | remove compile warningsLibravatar netblue302021-07-28
| |
* | Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302021-07-28
|\ \
| * | Add support for ignore to profcleaner.shLibravatar rusty-snake2021-07-28
| |/
* / intrusion detection systemLibravatar netblue302021-07-28
|/
* Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2021-07-24
|\
| * Complete 42a03511d0877690276da83bf548635d7e8ca693Libravatar Fred Barclay2021-07-23
| | | | | | | | | | | | | | | | Add ms-edge-beta paths to disable-programs.inc Support firecfg Adding to release notes (already added to README.md)
| * output options: expand ~Libravatar smitsohu2021-07-21
| |
| * new profilesLibravatar rusty-snake2021-07-20
| |
| * Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302021-07-14
| |\
| | * tmpfs mounts: also clear MS_REMOUNT flag (#4387)Libravatar smitsohu2021-07-13
| | |
| * | Removing blacklisted files from top level /etc directory if the filse were ↵Libravatar netblue302021-07-14
| |/ | | | | | | blacklisted
| * profcleaner.sh: Change "# CMD" and "#CMD" tooLibravatar rusty-snake2021-07-09
| | | | | | | | See https://github.com/netblue30/firejail/commit/00cb8b611f0e35a56585061d689fbcca2af0566b#commitcomment-53262808
| * Merge pull request #4389 from rusty-snake/profcleaner.shLibravatar netblue302021-07-08
| |\ | | | | | | Create profcleaner.sh
| | * profcleaner.sh: Rename --all to --systemLibravatar rusty-snake2021-07-07
| | | | | | | | | [skip ci]
| | * Create profcleaner.shLibravatar rusty-snake2021-07-07
| | | | | | | | | | | | profcleaner.c is just sed, I was wondering why we need C for that.
| * | Merge pull request #4388 from rusty-snake/allow-deny-zshLibravatar netblue302021-07-08
| |\ \ | | | | | | | | allow/deny in zsh completion
| | * | allow/deny in zsh completionLibravatar rusty-snake2021-07-07
| | |/
| * / Fix clionLibravatar Vladislav Nepogodin2021-07-07
| |/ | | | | | | | | Add new clion-eap profile Fix broken clion profile
| * allow/deny fbuilderLibravatar netblue302021-07-05
| |
| * move whitelist/blacklist to allow/denyLibravatar netblue302021-07-05
| |
| * deprecated whitelist=yes/no in /etc/firejail/firejail.configLibravatar netblue302021-07-04
| |
| * allow/deny help and man pagesLibravatar netblue302021-07-03
| |
| * allow/noallow/deny/nodeny aliases for ↵Libravatar netblue302021-07-03
| | | | | | | | whitelist/nowhitelist/blacklist/noblacklist
| * deprecated --disable-whitelist at compile timeLibravatar netblue302021-07-03
| |
| * Merge pull request #4365 from lxeiqr/sndio-fixLibravatar netblue302021-07-01
| |\ | | | | | | Fix sndio support
| | * Convert spaces to tabs in firejail/fs.cLibravatar lxeiqr2021-06-20
| | |
| | * Whitelist /tmp/sndio in private-tmpLibravatar lxeiqr2021-06-20
| | |
| * | Merge pull request #4376 from kmk3/gcov-add-nop-functionsLibravatar netblue302021-06-27
| |\ \ | | | | | | | | gcov: use no-op functions if not enabled
| | * | gcov: use no-op functions if not enabledLibravatar Kelvin M. Klann2021-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of wrapping every gcov function call in an ifdef. Note: The usage of `((void)0)` is based on section 7.2 of the C99 standard (N1256)[1] [2]: > 7.2 Diagnostics <assert.h> > > 1 The header <assert.h> defines the assert macro and refers to another > macro, > > NDEBUG > > which is not defined by <assert.h>. If NDEBUG is defined as a macro > name at the point in the source file where <assert.h> is included, the > assert macro is defined simply as > > #define assert(ignore) ((void)0) See also assert.h(0p) from POSIX.1-2017[3]. Note: This is a continuation of commit b408b20c7 ("gcov: fix build failure with gcc 11.1.0") / PR #4373. [1] http://www.open-std.org/JTC1/SC22/WG14/www/docs/n1256.pdf [2] https://port70.net/~nsz/c/c99/n1256.html#7.2 [3] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/assert.h.html
| | * | gcov: fix indentationLibravatar Kelvin M. Klann2021-06-27
| | | |
| * | | Merge pull request #4375 from smitsohu/kcmpLibravatar netblue302021-06-27
| |\ \ \ | | | | | | | | | | remove kcmp from seccomp default drop list
| | * | | remove kcmp from seccomp default drop list (#3219)Libravatar smitsohu2021-06-26
| | | | |
| * | | | Merge pull request #4373 from kmk3/gcov-fix-build-gcc11Libravatar netblue302021-06-27
| |\ \ \ \ | | | |/ / | | |/| | gcov: fix build failure with gcc 11.1.0
| | * | | gcov: fix build failure with gcc 11.1.0Libravatar Kelvin M. Klann2021-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The build currently fails if gcov support is enabled: $ pacman -Q gcc gcc 11.1.0-1 $ ./configure --prefix=/usr --enable-apparmor --enable-gcov >/dev/null $ make >/dev/null [...] netstats.c: In function ‘netstats’: netstats.c:250:25: warning: implicit declaration of function ‘__gcov_flush’; did you mean ‘__gcov_dump’? [-Wimplicit-function-declaration] 250 | __gcov_flush(); | ^~~~~~~~~~~~ | __gcov_dump [...] /usr/bin/ld: netstats.o: in function `netstats': /tmp/firejail-git/src/firejail-git/src/firemon/netstats.c:250: undefined reference to `__gcov_flush' [...] collect2: error: ld returned 1 exit status make[1]: *** [Makefile:10: firemon] Error 1 make: *** [Makefile:42: src/firemon/firemon] Error 2 [...] This happens because __gcov_flush was removed on gcc 11.1.0[1] [2] [3]. See the following gcc commits: * d39f7dc8d5 ("Do locking for __gcov_dump and __gcov_reset as well.") * c0532db47d ("Use __gcov_dump and __gcov_reset in execv and fork context.") * 811b7636cb ("Remove __gcov_flush.") Its implementation did the following[4]: __gcov_lock (); __gcov_dump_int (); __gcov_reset_int (); __gcov_unlock (); As hinted in the commit messages above, the function is no longer needed because locking is now done inside each of __gcov_dump and __gcov_reset. So add an implementation of __gcov_flush (on a new gcov_wrapper.h file) for gcc >= 11.1.0, which just calls __gcov_dump and then __gcov_reset. Commands used to search and replace: $ git grep -Flz '#include <gcov.h>' -- '*.c' | xargs -0 -I '{}' sh -c \ "printf '%s\n' \"\`sed 's|<gcov\\.h>|\"../include/gcov_wrapper.h\"|' '{}'\`\" >'{}'" Note: This is the continuation of commit 31557e9c7 ("gcov: add missing gcov.h includes") / PR #4360. [1] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=d39f7dc8d558ca31a661b02d08ff090ce65e6652 [2] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=c0532db47d092430f8e8f497b2dc53343527bb13 [3] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=811b7636cb8c10f1a550a76242b5666c7ae36da2 [4] https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=libgcc/libgcov-interface.c;h=855e8612018d1c9caf90396a3271337aaefdb9b3#l86
* | | | | organize program startupLibravatar smitsohu2021-07-24
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes a number of smaller issues: * enable allow-debuggers option for Firejail login shells * dhcp: noblacklist /sbin and /usr/sbin also when configuring a Firejail login shell * don't print error when built with disable-suid: firejail --nonewprivs --quiet firejail * don't process appimage option twice * no unnecessary argument parsing when run via firecfg symbolic link * process quiet option earlier, so it is available to init_cfg
* | | | tweaksLibravatar smitsohu2021-06-26
| | | |
* | | | Merge pull request #4340 from smitsohu/kcmpLibravatar smitsohu2021-06-26
|\ \ \ \ | | |/ / | |/| | augment seccomp lists in firejail.config
| * | | seccomp man page updateLibravatar smitsohu2021-06-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * move everything related to modification of the default seccomp filter from --seccomp to --seccomp= entry * update errno descriptions
| * | | augment seccomp lists in firejail.configLibravatar smitsohu2021-06-20
| | | |
* | | | Merge pull request #4374 from smitsohu/euidLibravatar smitsohu2021-06-26
|\ \ \ \ | | | | | | | | | | fs_home.c: run more code with euid of the user
| * | | | fs_home.c: improve EUID switching, fix selinux relabelingLibravatar smitsohu2021-06-26
| | | | |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 23:17:02 +0000