From 7a181426c5f7968bbd0c60d628a2e546813aaecf Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 24 Jun 2019 09:22:57 -0400 Subject: disable firetunnel at config time (#2793) --- src/common.mk.in | 3 ++- src/firejail/checkcfg.c | 8 ++++++++ src/firejail/main.c | 3 ++- 3 files changed, 12 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/common.mk.in b/src/common.mk.in index b9af977ae..1b6ad91a5 100644 --- a/src/common.mk.in +++ b/src/common.mk.in @@ -20,6 +20,7 @@ HAVE_WHITELIST=@HAVE_WHITELIST@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ +HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ HAVE_GCOV=@HAVE_GCOV@ @@ -28,7 +29,7 @@ C_FILE_LIST = $(sort $(wildcard *.c)) OBJS = $(C_FILE_LIST:.c=.o) BINOBJS = $(foreach file, $(OBJS), $file) -CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security +CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ EXTRA_CFLAGS +=@EXTRA_CFLAGS@ diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 7ca72bf30..b11d795a9 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -278,6 +278,14 @@ void print_compiletime_support(void) { #endif ); + printf("\t- firetunnel support is %s\n", +#ifdef HAVE_FIRETUNNEL + "enabled" +#else + "disabled" +#endif + ); + printf("\t- networking support is %s\n", #ifdef HAVE_NETWORK "enabled" diff --git a/src/firejail/main.c b/src/firejail/main.c index c50ed4dc4..2403cafa1 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1498,6 +1498,7 @@ int main(int argc, char **argv) { exit_err_feature("overlayfs"); } #endif +#ifdef HAVE_FIRETUNNEL else if (strcmp(argv[i], "--tunnel") == 0) { // try to connect to the default client side of the tunnel // if this fails, try the default server side of the tunnel @@ -1523,7 +1524,7 @@ int main(int argc, char **argv) { exit(1); } } - +#endif else if (strncmp(argv[i], "--profile=", 10) == 0) { // multiple profile files are allowed! -- cgit v1.2.3-70-g09d2 From c3e39d7c5999f200fa0ae86900ade30236ddcaff Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 26 Jun 2019 00:51:38 +0000 Subject: Silence xauth output in src/firejail/x11.c (#2796) * Fix typo's and install instructions for Arch * Try to silence xauth output Fixes https://github.com/netblue30/firejail/issues/2787. * Conditionally silence xauth output in x11 options --- src/firejail/x11.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 69a9a7bee..d3567af8d 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c @@ -310,7 +310,7 @@ void x11_start_xvfb(int argc, char **argv) { if (arg_debug) { size_t i = 0; - printf("\n*** Stating xvfb client:"); + printf("\n*** Starting xvfb client:"); while (jail_argv[i]!=NULL) { printf(" \"%s\"", jail_argv[i]); i++; @@ -838,7 +838,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { if (arg_debug) { if (n == 10) - printf("failed to stop xpra server gratefully\n"); + printf("failed to stop xpra server gracefully\n"); else printf("xpra server successfully stopped in %d secs\n", n); } @@ -1023,6 +1023,7 @@ void x11_start_xpra(int argc, char **argv) { if (!program_in_path("xpra")) { fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n"); fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); + fprintf(stderr, " Arch: sudo pacman -S xpra\n"); exit(0); } @@ -1056,6 +1057,8 @@ void x11_start(int argc, char **argv) { fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n"); fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n"); + fprintf(stderr, " Arch: sudo pacman -S xpra\n"); + fprintf(stderr, " Arch: sudo pacman -S xorg-server-xephyr\n"); exit(0); } } @@ -1087,7 +1090,8 @@ void x11_xorg(void) { struct stat s; if (stat("/usr/bin/xauth", &s) == -1) { fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n" - " Debian/Ubuntu/Mint: sudo apt-get install xauth\n"); + " Debian/Ubuntu/Mint: sudo apt-get install xauth\n" + " Arch: sudo pacman -S xorg-xauth\n"); exit(1); } if (s.st_uid != 0 && s.st_gid != 0) { @@ -1128,8 +1132,14 @@ void x11_xorg(void) { #ifdef HAVE_GCOV __gcov_flush(); #endif - execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname, + if (arg_debug) { + execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname, "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); + } + else { + execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname, + "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); + } _exit(127); } -- cgit v1.2.3-70-g09d2 From 0cec692346d412be494547881dbd580a48b5da88 Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Wed, 26 Jun 2019 17:30:41 +0200 Subject: whitespace fix --- src/firejail/x11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/firejail/x11.c b/src/firejail/x11.c index d3567af8d..3beef3986 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c @@ -1138,7 +1138,7 @@ void x11_xorg(void) { } else { execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname, - "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); + "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); } _exit(127); -- cgit v1.2.3-70-g09d2 From 5bad67a48618ad8039ba93291948f0e2cf8808c6 Mon Sep 17 00:00:00 2001 From: Fred Barclay Date: Wed, 26 Jun 2019 21:59:01 -0500 Subject: Add profile for jerry chess --- README.md | 3 ++- RELNOTES | 2 +- etc/disable-programs.inc | 1 + etc/jerry.profile | 41 +++++++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 5 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 etc/jerry.profile (limited to 'src') diff --git a/README.md b/README.md index f0cecd1e7..e1a79120a 100644 --- a/README.md +++ b/README.md @@ -115,4 +115,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe ## New profiles: -klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client +klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client, +jerry diff --git a/RELNOTES b/RELNOTES index 0a3a0a011..a00a27b32 100644 --- a/RELNOTES +++ b/RELNOTES @@ -4,7 +4,7 @@ firejail (0.9.61) baseline; urgency=low * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli - * new profiles: keepassxc-proxy, rhythmbox-client + * new profiles: keepassxc-proxy, rhythmbox-client, jerry -- netblue30 Sat, 1 Jun 2019 08:00:00 -0500 firejail (0.9.60) baseline; urgency=low diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fb7e02d0b..679a8c0a0 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -151,6 +151,7 @@ blacklist ${HOME}/.config/digikam blacklist ${HOME}/.config/digikamrc blacklist ${HOME}/.config/discord blacklist ${HOME}/.config/discordcanary +blacklist ${HOME}/.config/dkl blacklist ${HOME}/.config/dnox blacklist ${HOME}/.config/dolphinrc blacklist ${HOME}/.config/dragonplayerrc diff --git a/etc/jerry.profile b/etc/jerry.profile new file mode 100644 index 000000000..28eb4d207 --- /dev/null +++ b/etc/jerry.profile @@ -0,0 +1,41 @@ +# Firejail profile for jerry +# Description: Chess GUI +# This file is overwritten after every install/update +# Persistent local customizations +include jerry.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/dkl + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +caps.drop all +machine-id +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +novideo +protocol unix +seccomp +shell none +tracelog + +private-bin jerry,stockfish,sh,bash +private-dev +private-etc fonts,gtk-2.0,gtk-3.0 +private-tmp + +memory-deny-write-execute diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b4efa3add..b9f493969 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -286,6 +286,7 @@ inkview inox iridium iridium-browser +jerry jd-gui jdownloader jitsi -- cgit v1.2.3-70-g09d2 From 4fd4edbbedda85c4064b825aade14628cdafa160 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Thu, 27 Jun 2019 05:18:27 +0000 Subject: Fix placing of jerry --- src/firecfg/firecfg.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b9f493969..91dde21d2 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -286,9 +286,9 @@ inkview inox iridium iridium-browser -jerry jd-gui jdownloader +jerry jitsi k3b kaffeine -- cgit v1.2.3-70-g09d2 From 1cc468607637da1144b2d75be25dea348010c5d5 Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 27 Jun 2019 03:37:31 -0400 Subject: profiles: add two aliases for existing games --- etc/PPSSPPQt.profile | 10 ++++++++++ etc/neverputt.profile | 10 ++++++++++ src/firecfg/firecfg.config | 2 ++ 3 files changed, 22 insertions(+) create mode 100644 etc/PPSSPPQt.profile create mode 100644 etc/neverputt.profile (limited to 'src') diff --git a/etc/PPSSPPQt.profile b/etc/PPSSPPQt.profile new file mode 100644 index 000000000..84801ae24 --- /dev/null +++ b/etc/PPSSPPQt.profile @@ -0,0 +1,10 @@ +# Firejail profile for PPSSPPQt +# This file is overwritten after every install/update +# Persistent local customizations +include PPSSPPQt.local +# Persistent global definitions +include globals.local + + +# Redirect +include ppsspp.profile diff --git a/etc/neverputt.profile b/etc/neverputt.profile new file mode 100644 index 000000000..184496e58 --- /dev/null +++ b/etc/neverputt.profile @@ -0,0 +1,10 @@ +# Firejail profile for neverputt +# This file is overwritten after every install/update +# Persistent local customizations +include neverputt.local +# Persistent global definitions +include globals.local + + +# Redirect +include neverball.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 91dde21d2..10293cb8f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -20,6 +20,7 @@ Maelstrom Maps Mathematica Natron +PPSSPPQt QMediathekView QOwnNotes Telegram @@ -403,6 +404,7 @@ netactview nethack netsurf neverball +neverputt newsbeuter newsboat nheko -- cgit v1.2.3-70-g09d2