| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Description: D-Bus debugger for GNOME
https://gitlab.gnome.org/GNOME/d-spy
From [1]:
> D-Feet is no longer maintained. Please use d-spy
[1] https://wiki.gnome.org/Apps/DFeet
|
| |
|
|
| |
Signed-off-by: Tavi <tavi@divested.dev>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
landlock.h may not be available on the system (such as with older
versions of Linux API headers), so only try to include it if
`HAVE_LANDLOCK` is defined.
This fixes the following error from `build_debian_package` (which uses
`debian:buster`) on GitLab CI[1]:
$ ./mkdeb.sh --enable-fatal-warnings
[...]
gcc [...] -c ../../src/firejail/landlock.c -o ../../src/firejail/landlock.o
../../src/firejail/landlock.c:22:10: fatal error: linux/landlock.h: No such file or directory
#include <linux/landlock.h>
^~~~~~~~~~~~~~~~~~
compilation terminated.
This amends commit a05ae97af ("landlock: amend empty functions and
comments", 2024-04-08) / PR #6305.
Relates to #6078.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/6743161059
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are reports of firejail sandboxed applications occasionally
taking a long time (12 seconds) to start up. When this happens, it
affects all sandboxed applications until the device is rebooted.
The reason for the slowdown seems to be a timing hazard in the way
remounts under /run/firejail are handled. This gets triggered when
multiple firejail processes are launched in parallel as part of user
session bring up and results in some, dozens, hundreds, or even
thousands of stray /run/firejail/xxx mounts. The amount of mount
points then affects every mount operation that is done during sandbox
filesystem construction.
To stop this from happening, arrange it so that only one firejail
process at time is inspecting and/or modifying mountpoints under
/run/firejail by doing:
1. Create /run/firejail directory (without locking)
2. Create and obtain a lock for /run/firejail/firejail-run.lock
3. Setup files, directories and mounts under /run/firejail
4. Release /run/firejail/firejail-run.lock
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* Centralize flock handling in preproc.c
* Add debug and error logging
* Abort if anything fails
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | |
| |
| |
| | |
To enable using them outside of src/firejail/main.c.
|
| | | |
|
| |/ |
|
| |
|
| |
https://github.com/axel-download-accelerator/axel
|
| |\
| |
| | |
docs: warn about limitations of landlock
|
| | |
| |
| |
| |
| |
| | |
And mark it as experimental.
Relates to #6078.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* Always declare public landlock functions, regardless of
`HAVE_LANDLOCK`
* Make the other public landlock functions (besides `ll_add_profile`)
also be empty when `HAVE_LANDLOCK` is not defined
* Clarify related comments
This amends commit 8259f66e1 ("landlock fix for old kernel versions",
2024-04-06).
For clarity, landlock-common.inc is included by default.profile and the
issue that the aforementioned commit fixes is that if profile.c is built
without the part that parses landlock commands (that is, when
`HAVE_LANDLOCK` is not defined), using default.profile would cause
firejail to abort due to "invalid lines".
Note that the issue would only occur when firejail is built with an
older kernel (or with --disable-landlock), not when simply running on an
older kernel.
See also commit b02a7a337 ("landlock: remove empty functions",
2023-12-07).
Relates to #6078.
|
| |/ |
|
| |
|
|
|
| |
Description: GitHub's official command-line tool.
https://github.com/cli/cli
|
| |
|
|
|
| |
Description: QEMU frontend without libvirt.
https://github.com/thanoulis/tqemu
|
| |
|
|
|
|
| |
Description: Python GTK3 application to view and clean metadata in
files, using mat2.
https://gitlab.com/rmnvgr/metadata-cleaner
|
| |
|
| |
Co-authored-by: exponential <echo ZXhwb25lbnRpYWxtYXRyaXhAcHJvdG9ubWFpbC5jb20K | base64 -d>
|
| |
|
|
|
|
|
|
|
|
| |
Description: Encrypted messenger.
https://github.com/oxen-io/session-desktop/
https://aur.archlinux.org/packages/session-desktop
https://aur.archlinux.org/packages/session-desktop-bin
https://aur.archlinux.org/packages/session-desktop-appimage
Note: The AUR packages all work with the profiles.
|
| |
|
|
|
| |
Description: Automatic TV episode file renamer.
https://github.com/dbr/tvnamer
|
| |
|
|
|
|
|
| |
Description: Full Screen text editor heavily inspired by Q10 and
JDarkRoom.
https://code.google.com/p/textroom/
https://aur.archlinux.org/packages/textroom
|
| |
|
|
|
|
| |
Description: Encrypted sharing of files, folders, and text between
devices.
https://github.com/Jacalz/rymdport
|
| |
|
|
|
| |
Description: An open source cross-platform alternative to AirDrop.
https://github.com/localsend/localsend
|
| |
|
|
|
|
|
| |
Description: Plain tool to validate and compare .editorconfig files.
https://github.com/aegoroff/editorconfiger
https://aur.archlinux.org/packages/editorconfiger
https://aur.archlinux.org/packages/editorconfiger-bin
|
| |
|
|
|
| |
Description: Ebook reader application.
https://koreader.rocks/
|
| |
|
|
|
|
| |
Description: CLI encryption tool
https://github.com/brxken128/dexios
https://aur.archlinux.org/packages/dexios-bin
|
| |
|
|
|
|
| |
Description: Checks and fixes URLs in code and documentation.
https://github.com/nschloe/deadlink
https://aur.archlinux.org/packages/deadlink
|
| |
|
|
|
|
|
|
| |
Description: A CLI tool to download specific GitHub directories or
files.
https://github.com/alok8bb/cloneit
https://aur.archlinux.org/packages/cloneit-git
|
| |
|
|
|
| |
Description: Python script to check the status of a list of URLs.
https://github.com/Arthurdw/statusof
|
| |
|
|
|
|
| |
Description: A multi-threaded GTK application to fetch lyrics of
currently playing songs.
https://gitlab.com/bartwillems/lyriek
|
| |
|
|
|
|
|
|
|
|
| |
Description: Multi-threaded file-tree visualizer and disk usage
analyzer.
https://github.com/solidiquis/erdtree
https://archlinux.org/packages/extra/x86_64/erdtree/
Note: The repo and package are called `erdtree`, but the executable is
`erd`.
|
| |
|
|
|
|
|
|
| |
Description: Dynamic real-time view of running eBPF programs.
https://github.com/Netflix/bpftop
https://aur.archlinux.org/packages/bpftop
https://aur.archlinux.org/packages/bpftop-bin
https://aur.archlinux.org/packages/bpftop-git
|
| |
|
|
|
|
|
|
| |
Based on the discussion at #5063.
Misc: The `\&` is used to escape the dot in `.desktop` (see roff(7)).
This amends commit a9c851ee4 ("firecfg: use ignorelist also for .desktop
files", 2024-01-08) / PR #6153.
|
| | |
|
| |
|
|
|
|
|
| |
Simple screen recorder for Linux desktop, supports Wayland & Xorg.
https://github.com/dvershinin/green-recorder
https://aur.archlinux.org/packages/green-recorder
https://aur.archlinux.org/packages/green-recorder-git
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
build: reduce hardcoding and inconsistencies
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the number of make jobs used for the default build target are
hardcoded and the value used varies across files.
For consistency (and potentially better performance), use
`make -j "$(nproc)"` everywhere that `make -j` is currently used.
Kind of relates to commit 500d8f2d6 ("ci: run make in parallel where
applicable", 2023-08-14) / PR #5960.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.
So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.
Examples of filesystem and network access flags:
* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
remote port.
Relates to #6078.
|
| |/
|
|
| |
Relates to #6078.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow overriding the following tools at configure-time and build-time:
* codespell
* cppcheck
* gawk
* scan-build
For example, instead of hardcoding `gawk`, enable overriding it at
configure-time with:
./configure GAWK=/path/to/gawk
To override it for a single `make` invocation:
make GAWK=/path/to/gawk
Also, add default values for the programs that are not found (rather
than leaving the variables empty), to make error messages clearer when
trying to run them:
$ make CPPCHECK= cppcheck-old
[...]
force --error-exitcode=1 --enable=warning,performance .
make: force: No such file or directory
$ make CPPCHECK=cppcheck cppcheck-old
[...]
cppcheck --force --error-exitcode=1 --enable=warning,performance .
make: cppcheck: No such file or directory
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move most of the `errExit` macro into a new `_errExit` inline function
and use the former just to forward arguments to the latter.
This reduces the noise in the build output when using `-fanalyzer`, as
it causes the `errExit` macro to stop being expanded.
For example, the complete output of the following warning in
src/firejail/dbus.c is reduced from 243 lines to 141 lines (a ~41%
reduction):
$ pacman -Q gcc
gcc 13.2.1-5
$ ./configure --enable-apparmor --enable-analyzer >/dev/null &&
make clean >/dev/null && make >/dev/null
[...]
../../src/firejail/dbus.c: In function ‘dbus_proxy_start’:
../../src/firejail/dbus.c:311:36: warning: leak of file descriptor ‘dup2(output_fd, 1)’ [CWE-775] [-Wanalyzer-fd-leak]
311 | if (dup2(output_fd, STDOUT_FILENO) != STDOUT_FILENO)
[...]
‘dbus_create_user_dir’: event 5
|
|../../src/firejail/../include/common.h:42:25:
| 42 | #define errExit(msg) do { \
| | ^
| | |
| | (5) ...to here
../../src/firejail/dbus.c:239:17: note: in expansion of macro ‘errExit’
| 239 | errExit("asprintf");
| | ^~~~~~~
[...]
Relates to #6190.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently it is the only part of the build that prints to stderr on a
normal build, which makes it harder to keep just the warnings and errors
in the output:
$ ./configure >/dev/null && make clean >/dev/null &&
make -j "$(nproc)" >/dev/null
static ip map: input 5998, output 2490
Added on commit f3774678f ("compress static ip map for fnettrace at
compile time", 2023-07-06).
|
| |
|
|
|
|
|
|
|
| |
This amends commit 760f50f78 ("landlock: move commands into profile and
add landlock.enforce", 2023-11-17) / PR #6125.
Misc: This was noticed on #6203.
Relates to #6078.
|
| |\
| |
| | |
gnome-keyring: harden and add gnome-keyring-daemon.profile
|
| | | |
|
glitsj16
Tavi
netblue30
Kelvin M. Klann
Simo Piiroinen
pirate486743186
D357R0Y3R