Allow the folder that Day of the Tentacle Remastered uses to store save
files. Without adding them in the steam profile, save states don't work
in the game (or it didn't even start, don't remember exactly).
See https://www.pcgamingwiki.com/wiki/Day_of_the_Tentacle_Remastered
Probably it would also allow save games for other games done by
doublefine (https://store.steampowered.com/developer/doublefine), but I
have no other game from them and I have not checked it.
Clarify that even though Unix sockets are an IPC mechanism, IPC
namespaces do not affect them (see ipc_namespaces(7)).
Relates to #6928.
Reported-by: @tupo2
The start-mullvad-browser script uses readlink and realpath when
it is a symlink, so these need to be included as part of private-bin,
or the following error dialog appears, and the browser fails to start:
start-mullvad-browser cannot be run using a symlink on this operating system.
This problem is observed using Mullvad Browser 14.5.7 as packaged
for Fedora 42.
Repo: https://repository.mullvad.net/rpm/stable/mullvad.repo
Fedora script path: /usr/lib/mullvad-browser/start-mullvad-browser
Upstream: 2f802636b8/projects/browser/RelativeLink/start-browser (L202-207)
This directory is part of the gtk4 package (version 1:4.20.1-1) on Artix
Linux.
Add it just in case, as wusc already contains the same analogous paths
for gtk2 and gtk3.
This is a follow-up to #6907.
This is apparently needed by glycin/gdk-pixbuf2, which is used by many
programs, such as Firefox and GIMP.
Relates to #6906.
Reported-by: @myrslint
Suggsted-by: @myrslint
The base-2 units are more accurate, as `--rlimit-as=1K` is equivalent to
`--rlimit-as=1024`, not `--rlimit-as=1000`, for example.
This is a follow-up to #6891.
Relates to #4315.
Changes:
* Remove unrelated `strerror` output from some error messages
* Remove periods from some error messages
* Ensure that the invalid value is in the error message
* Ensure that the full command name is in the error message (instead of
just `rlimit` in some cases)
* Standardize output
* tests: Expect the full command name (and argument in some cases)
Examples:
Before:
$ firejail --quiet --noprofile --rlimit-cpu=-1 /bin/true
Error: invalid rlimit -1
$ firejail --quiet --noprofile --rlimit-nproc=-1 /bin/true
Error: invalid rlimit -1
$ firejail --quiet --noprofile --rlimit-as=-1 /bin/true
Error: invalid rlimit-as. Only use positive numbers and K, M or G suffix.: No such file or directory
After:
$ firejail --quiet --noprofile --rlimit-cpu=-1 /bin/true
Error: invalid rlimit-cpu: -1
$ firejail --quiet --noprofile --rlimit-nproc=-1 /bin/true
Error: invalid rlimit-nproc: -1
$ firejail --quiet --noprofile --rlimit-as=-1 /bin/true
Error: invalid rlimit-as: -1; use only positive numbers and K, M or G suffix
This is a follow-up to #6891.
Relates to #4315.
Note: They are already sorted in the following files:
* contrib/syntax/lists/profile_commands_arg1.list
* src/firejail/usage.c
* src/man/firejail-profile.5.in
* src/man/firejail.1.in
* src/zsh_completion/_firejail.in
* test/environment/rlimit-bad-profile.exp
* test/environment/rlimit-bad.exp
Related commits:
* 137985136 ("Baseline firejail 0.9.28", 2015-08-08)
* caefb7929 ("RLIMIT_AS", 2017-10-13) / PR #1604
* e8685de73 ("implemented --rlimit-cpu - set max CPU time for processes
running in the sandbox; for issue #1614, more to come...", 2017-10-24)
Add the specific rlimit command name to the filename.
Commands used to rename the files:
git mv rlimit-bad1.profile rlimit-bad-fsize.profile
git mv rlimit-bad2.profile rlimit-bad-nofile.profile
git mv rlimit-bad3.profile rlimit-bad-nproc.profile
git mv rlimit-bad4.profile rlimit-bad-sigpending.profile
Added on commit d30ae468d ("testing", 2016-11-19).
For better usability and because the proper suffixes (KiB, MiB and GiB)
are uppercase.
Affected commands:
* `rlimit-as`
* `rlimit-fsize`
Before:
$ firejail --quiet --noprofile --rlimit-as=100m /bin/true
$ firejail --quiet --noprofile --rlimit-as=100M /bin/true
Error: invalid rlimit-as. Only use positive numbers and k, m or g suffix.: No such file or directory
After:
$ firejail --quiet --noprofile --rlimit-as=100m /bin/true
$ firejail --quiet --noprofile --rlimit-as=100M /bin/true
Relates to #4315.
On each profile, ensure that the `blacklist` section is right above the
`include disable` section.
See etc/templates/profile.template.
Misc: This appears to affect about a third of the profiles that contain
`blacklist` entries:
$ git grep -El '^#?blacklist ' -- etc/profile* | wc -l
158
$ git diff --name-only f1381b342 | wc -l
49
Kind of relates to commit 04efbb276 ("profiles: replace x11 socket
blacklist with disable-X11.inc", 2024-03-22) / PR #6286.
Replace almost all debug `printf` calls with `debug_prctl` to reduce the
amount of duplication and `ifdefs`.
Note: There is one debug `printf` call that uses a different message
format, so it is left as is.
Command used to search and replace:
$ perl -0 -pi -e 's/#ifdef DEBUG_PRCTL\n(\s+)printf\("%s: %d, ([^\n]+)", __FUNCTION__, __LINE__([^\n]+)\n#endif/${1}debug_prctl("$2"$3/g; \
s/(debug_prctl\("event[^\n]+)/\t\t\t\t$1\n/g' \
src/firemon/procevent.c
Relates to #6792.
