netblue30
673fbd8116
Merge branch 'master' of ssh://github.com/netblue30/firejail
2025-01-12 17:20:01 -05:00
netblue30
56566fd415
merges
2025-01-12 17:19:34 -05:00
netblue30
ff770369a9
Merge pull request #6590 from amano-kenji/tremc
...
New profile: tremc
2025-01-12 17:15:58 -05:00
netblue30
7c59aea1f7
Merge pull request #6586 from amano-kenji/monero
...
New profile: monero-wallet-cli
2025-01-12 17:14:36 -05:00
netblue30
f666560ba8
Merge pull request #6584 from amano-kenji/buku
...
New profile: buku
2025-01-12 17:13:07 -05:00
netblue30
b2a17264a6
Merge pull request #6583 from amano-kenji/aria2
...
New profile: aria2p/aria2rpc
2025-01-12 17:12:28 -05:00
netblue30
26c0f8ae71
Merge pull request #6592 from powerjungle/feat/run-firejail-in-sandbox-for-testing
...
feature: build: add --disable-sandbox-check configure flag
2025-01-12 16:41:08 -05:00
Kelvin M. Klann
4a31419eab
refactor: deduplicate definition of RUN_FIREJAIL_NAME_DIR
...
Reuse the definition from src/include/rundefs.h.
Related commits:
* 07c05e8a557ffc35a8
2025-01-12 11:01:16 -03:00
Kelvin M. Klann
187488a2dc
modif: clarify error messages in profile.c ( #6605 )
...
Relates to #3478 #3798 #6604 .
2025-01-11 00:46:56 +00:00
Kelvin M. Klann
92137f8087
ci: check-profiles: fix git diff not running
...
This amends commit c222b7f69#6593 )", 2024-12-28).
2025-01-06 20:39:45 -03:00
amano-kenji
9aaf505431
profiles: refactor com.github.johnfactotum.Foliate into foliate.profile ( #6582 )
...
On Gentoo Linux, there is `/usr/bin/foliate` instead of
`/usr/bin/com.github.johnfactotum.Foliate`.
2025-01-06 16:42:30 +00:00
Kelvin M. Klann
4782399ea8
profiles: singularity: fix profile path
...
Commands used to check for issues:
$ git ls-files 'etc/profile-a-l/' | grep 'etc/profile-a-l/[m-z]'
etc/profile-a-l/singularity.profile
$ git ls-files 'etc/profile-m-z/' | grep 'etc/profile-a-l/[a-l]'
$
Command used to fix the path:
$ git mv \
etc/profile-a-l/singularity.profile \
etc/profile-m-z/singularity.profile
Relates to #6463 .
2025-01-04 11:55:29 -03:00
Kelvin M. Klann
7b47c82d6b
build: sort.py: ignore empty files
...
Currently it adds a newline to empty files.
Before:
$ : >foo.profile
$ contrib/sort.py foo.profile
sort.py: checking 1 profile(s)...
foo.profile:(fixed whitespace)
[ Fixed ] foo.profile
$ od -A n -t x1 foo.profile
0a
After:
$ : >foo.profile
$ contrib/sort.py foo.profile
sort.py: checking 1 profile(s)...
$
This amends commit c222b7f69#6593 )", 2024-12-28).
2025-01-04 11:33:12 -03:00
Kelvin M. Klann
8c28f0e386
bugfix: update syscalls.list
...
Commands used to update it:
touch src/include/syscall_aarch64.h # potentially needed
make syntax
This amends commit 508cd6a6c#6574 )",
2024-12-21).
2025-01-04 01:03:12 -03:00
Kelvin M. Klann
20cbb3fb74
RELNOTES: add bugfix, build and profile items
...
Relates to #6578 #6579 #6593 #6594 #6598 .
2025-01-03 22:43:59 -03:00
Peter Zmanovsky
edfa7f18e0
bugfix: fix possible memory leak in fs_home.c ( #6598 )
2025-01-04 01:32:50 +00:00
dependabot[bot]
db1ea0bdcf
build(deps): bump github/codeql-action from 3.27.5 to 3.28.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.27.5 to 3.28.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f09c1c0a94...48ab28a6f5
2025-01-01 15:00:06 +00:00
amano.kenji
92f39fdf4a
New profile: buku
...
https://github.com/jarun/buku
2024-12-30 13:45:03 +00:00
powerjungle
108327c5a0
feature: build: add --disable-sandbox-check configure flag
...
This flag disables the code which checks whether the current instance of
firejail is running within a sandbox like LXC, chroot or firejail itself.
If we want to develop firejail inside of a sandbox, to keep the "host system"
clean of unnecessary installed dependencies and changes to the system,
we might want to force firejail to run normally, so that we can test different
profiles inside of the sandbox. This is only meant for people who are working
on the firejail code, not someone attempting to run firejail inside of a
sandbox as a user, because it needs to run as root and it can escape the
sandbox easily.
2024-12-30 00:26:50 +00:00
powerjungle
102d760fa7
chore: build: call autoreconf to match new autoconf version
2024-12-29 22:50:06 +00:00
Kelvin M. Klann
df6620c11c
build: sort.py: quote diff lines ( #6594 )
...
To make it clearer when only whitespace was fixed on a given line.
Before:
$ printf 'private-bin a,b \n' >foo.profile
$ ./contrib/sort.py -n foo.profile
sort.py: checking 1 profile(s)...
foo.profile:1:-private-bin a,b
foo.profile:1:+private-bin a,b
After:
$ printf 'private-bin a,b \n' >foo.profile
$ ./contrib/sort.py -n foo.profile
sort.py: checking 1 profile(s)...
foo.profile:1:-'private-bin a,b '
foo.profile:1:+'private-bin a,b'
See commit 53ff8e0ad#6556 .
2024-12-29 12:06:14 +00:00
Kelvin M. Klann
c222b7f692
build: sort.py: fix whitespace in entire profile ( #6593 )
...
Changes:
* Strip whitespace at the beginning
* Strip whitespace at the end
* Ensure exactly one newline at the end
* Strip extraneous newlines
Also, for clarity print the git diff in the sort.py ci job, since the
specific lines changed are not printed by the sort.py script in this
case (as whitespace is fixed in the entire profile at once).
Command used to search and replace:
./contrib/sort.py etc/inc/*.inc etc/profile*/*.profile
This is a follow-up to #6556 .
Update contrib/sort.py
2024-12-28 16:00:14 +00:00
powerjungle
9bd077b39c
bugfix: parse --debug before using it ( #6579 )
...
The `arg_debug` flag is being set after some functions check for it,
such as `check_kernel_procs()`.
2024-12-28 15:41:56 +00:00
amano.kenji
a7bf93426f
New profile: monero-wallet-cli
2024-12-27 14:18:59 +00:00
amano.kenji
3b2706b9c3
New profile: tremc
...
https://github.com/tremc/tremc
2024-12-27 14:09:21 +00:00
amano.kenji
c869f11d55
New profile: aria2p/aria2rpc
...
https://github.com/pawamoy/aria2p is Command-line tool and library to interact with an aria2c daemon process with
JSON-RPC.
aria2rpc from https://github.com/aria2/aria2 is command line tool for connecting to a remote instance of aria2c
2024-12-27 13:32:12 +00:00
Lucas
afce4679bf
New profile: b3sum (blake3) ( #6577 )
...
https://github.com/BLAKE3-team/BLAKE3
2024-12-27 02:04:15 +00:00
Lucas
028d236b82
profiles: firecfg: fix sha384sum & add b2sum/cksum ( #6578 )
2024-12-27 01:50:04 +00:00
Kelvin M. Klann
f27775c5a8
profiles: obsidian: whitelist allowed paths
...
electron-common.profile and blink-common.profile already apply
whitelisting in the user home, so ensure that the allowed paths are
available as well.
Relates to #6314 .
2024-12-23 05:03:18 -03:00
Kelvin M. Klann
79c227f9e7
profiles: obsidian: remove gnutls from private-etc
...
It's included in the `@network` group since commit c8614b329#6314 .
2024-12-23 04:53:51 -03:00
Kelvin M. Klann
d8f44326ad
profiles: syncthing: remove noise and improve comments
...
Relates to #6536 .
2024-12-23 04:53:51 -03:00
Kelvin M. Klann
5799059e5b
profiles: syncthing: sort entries
...
Relates to #6536 .
2024-12-23 04:53:51 -03:00
Kelvin M. Klann
52a8d5cab1
profiles: prismlauncher: add dbus-user none
...
Relates to #6558 .
Suggested-by: @rusty-snake
2024-12-23 04:53:51 -03:00
Kelvin M. Klann
a1d4f514a0
profiles: prismlauncher: add missing comment and include
...
Relates to #6558 .
Suggested-by: @rusty-snake
2024-12-23 04:53:51 -03:00
Kelvin M. Klann
111ec6cf9d
RELNOTES: add profile items
...
Relates to #5648 #5905 .
2024-12-22 06:06:51 -03:00
Kelvin M. Klann
f98ee1ac6f
profiles: transmission-qt: clarify system tray support comment
...
This amends commit 4d00897f6#5905 .
Suggested-by: @rusty-snake
2024-12-22 06:02:27 -03:00
Kelvin M. Klann
5599719839
profiles: kmail/kontact: fix comments and commented code
...
Relates to #5905 .
Suggested-by: @rusty-snake
2024-12-22 05:54:00 -03:00
Kelvin M. Klann
6ff4e090db
profiles: kontact: blacklist paths
...
Added on commit 1e9232662#5905 .
Suggested-by: @rusty-snake
2024-12-22 05:54:00 -03:00
Kelvin M. Klann
0f2a93a3f7
profiles: kontact: sort noblacklist entries
...
Added on commit 1e9232662#5905 .
2024-12-22 05:54:00 -03:00
Kelvin M. Klann
967534675f
profiles: kontact: fix double include of globals.profile
...
See etc/templates/redirect_alias-profile.template.
This amends commit 1e9232662#5905 .
Suggested-by: @rusty-snake
2024-12-22 05:53:47 -03:00
Kelvin M. Klann
6aacf214b9
profiles: firecfg: disable ghostwriter
...
It's a markdown editor and commit 358fce3ed#5648 enabled whitelisting
in the user home, so disable it by default.
See commit bd8ed0b4e#6477 )",
2024-09-19).
Relates to #5648 .
2024-12-22 05:37:24 -03:00
Kelvin M. Klann
e142786bfd
RELNOTES: add feature, docs and profile items
...
Relates to #5821 #6192 #6407 #6525 #6565 #6571 #6574 .
2024-12-21 06:47:41 -03:00
Andrey Skvortsov
508cd6a6cf
feature: add aarch64 syscalls ( #6574 )
...
syscall_aarch64.h was generated from 6.12 kernel headers using the
following commands:
awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' \
< unistd_64.h | grep -v 'syscalls'
Closes #5821 .
Co-authored-by: Andrey Skvortsov <a.skvorcov@omp.ru>
2024-12-21 09:27:07 +00:00
Kelvin M. Klann
89cec6a9a2
profiles: ghostwriter: fix sorting in private-bin
...
Commands used to search and replace:
./contrib/sort.py etc/inc/*.inc etc/profile*/*.profile
This amends commit 358fce3ed#5648 .
2024-12-21 06:13:29 -03:00
Kelvin M. Klann
00ae2ea8ab
profiles: irssi: add irssi.conf to private-etc
...
Added on commit bed96d1ca#6549 .
2024-12-19 17:50:21 -03:00
netblue30
f358159795
merges
2024-12-18 09:44:45 -05:00
netblue30
93e02ba202
Merge pull request #5648 from glitsj16/self-ref-fixes
...
profiles: hardening and self-ref fixes
2024-12-18 09:37:11 -05:00
netblue30
7a8b7eb671
Merge pull request #5905 from Sadoon-AlBader/master
...
profiles: fix misc in kmail and transmission-qt & add kontact.profile
2024-12-18 09:33:10 -05:00
netblue30
43e1833446
Merge branch 'master' into master
2024-12-18 09:32:01 -05:00
netblue30
f5b7cd96b5
Merge pull request #6314 from konstantin1722/obsidian-profile
...
New profile: obsidian
2024-12-18 09:26:11 -05:00
