Fred Barclay
e697a78fc9
Merge pull request #4948 from crocket/master
...
Improve dino.profile.
2022-02-19 20:51:08 -06:00
crocket
2f7f51dc81
dino.profile: Allow functionalities that require dbus.
2022-02-20 11:35:10 +09:00
glitsj16
ba437e7bab
drop private-dev from wireshark.profile ( #4958 )
...
* drop private-dev from wireshark.profile
* add comment about private-dev in wireshark.profile
Add a comment as suggested in https://github.com/netblue30/firejail/pull/4958#issuecomment-1044732769 .
2022-02-18 17:00:22 +00:00
glitsj16
b995f145ec
add onionshare redirects ( #4957 )
...
* Create onionshare.profile
* Create onionshare-cli.profile
* add onionshare redirects to firecfg.config
2022-02-18 16:58:46 +00:00
Kelvin M. Klann
271edbbcf5
man.profile: remove read-only tmp to fix mandoc ( #4950 )
...
Having `read-only /tmp` yields the following:
$ man ls
[...]
man: /usr/share/man/man1/ls.1.gz: SYSERR: mkstemp: /tmp/man.XXXXxxxxxx: Read-only file system
[...]
It also causes the pager (e.g.: less(1)) to not be called, which means
that the entire man page is just printed all at once on the terminal.
Environment: mandoc 1.14.6-1 on Artix Linux.
Fixes #4927 .
Reported-by: @hyder365
2022-02-16 18:19:46 +01:00
Kelvin M. Klann
b2c954ae0c
RELNOTES: add bugfix/ci/docs
...
Relates to #4912 #4916 #4930 #4933 .
2022-02-16 01:22:17 -03:00
netblue30
6f266dbd80
Merge pull request #4933 from kmk3/disable-nogroups-msg
...
Disable/comment message about nogroups being ignored
2022-02-14 10:14:20 -05:00
netblue30
d9e563d320
Merge pull request #4920 from Fred-Barclay/secpol_update
...
Update security policy for 0.9.68 release
2022-02-14 09:49:01 -05:00
netblue30
ad30845f3e
Merge pull request #4943 from netblue30/dependabot/github_actions/github/codeql-action-1.1.0
...
Bump github/codeql-action from 1.0.31 to 1.1.0
2022-02-14 09:47:13 -05:00
dependabot[bot]
7dc3985e9f
Bump github/codeql-action from 1.0.31 to 1.1.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.31 to 1.1.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1a927e9307...474bbf07f9
2022-02-14 06:14:55 +00:00
Kelvin M. Klann
1db6740812
Disable/comment message about nogroups being ignored
...
Added on commit 7abce0b4c#4732 .
As reported by @rusty-snake on #4930 , conflicting messages are printed
when using whitelist-run-common.inc with nogroups:
$ cat test.profile
include whitelist-run-common.inc
nogroups
$ firejail --profile=./test.profile groups
Reading profile ./test.profile
Reading profile /etc/firejail/whitelist-run-common.inc
Parent pid 1234, child pid 1235
Warning: logind not detected, nogroups command ignored <--- is a lie
Warning: cleaning all supplementary groups
Child process initialized in 30.00 ms
rusty-snake <---- running `groups` outside of the sandbox shows more so groups are actually cleaned
Parent is shutting down, bye...
This probably happens because wrc causes /run/systemd to be hidden in
the sandbox and because check_can_drop_all_groups is called multiple
times, seemingly both before and after the whitelisting goes into
effect. So disable the message about nogroups being ignored, but keep
the message about cleaning all supplementary groups (which is unlikely
to be printed unless it really happens).
Fixes #4930 .
2022-02-11 18:08:09 -03:00
netblue30
03395e10bf
Merge pull request #4918 from smitsohu/tests2
...
testing: fix expect matching of numbers
2022-02-09 13:03:10 -05:00
smitsohu
7578e86ef8
testing: fix expect matching of numbers
...
The sandbox timestamp should not be available for matching
when output is already expected from the next command
(this is only a problem if numeric output if expected from the
first command in the sandbox).
A possible alternative would be to flush the expect output buffer
with 'expect "*"' after the sandbox is up.
2022-02-09 18:30:45 +01:00
rusty-snake
fd3cd98d8d
Fix iridium.profile
...
0319fbd#4917
2022-02-09 17:28:29 +00:00
Fred Barclay
dae6c65005
Merge pull request #4915 from kmk3/keepassx-restore-nou2f
...
keepassx: restore nou2f
2022-02-09 10:42:59 -06:00
Fred Barclay
a33b39c4bb
Update security policy for 0.9.68 release
...
Additional fixes:
Ubuntu 16.04 ais EOL. This means that Firejail 0.9.38 is (to
reasonable knowledge) not supported by any mainstream distros.
Ubuntu 21.04 is also EOL.
2022-02-09 10:31:47 -06:00
netblue30
d18aec7101
fix --disable-private-home compile option
2022-02-08 17:50:46 -05:00
netblue30
e90314618b
Merge branch 'master' of ssh://github.com/netblue30/firejail
2022-02-08 10:30:46 -05:00
netblue30
86a57917aa
fix --private-cwd, issue #4910
2022-02-08 10:30:22 -05:00
glitsj16
ad56b37c72
Refer to firejail.config in configuration files ( #4916 )
...
* fix globalcfg help string
* fix --disable-globalcfg explanation
2022-02-08 14:31:36 +00:00
Kelvin M. Klann
f8060a0612
keepassx: restore nou2f
...
I could not find anything to confirm that keepassx supports hardware
keys. And as mentioned by @rusty-snake[1]:
> The yubikey support in kpxc seems to be based on
> https://github.com/kylemanna/keepassx /
> https://github.com/keepassx/keepassx/pull/52
> which was never merged. For me it looks like kpx never got official
> support for it.
>
> keepass seems to support hw keys (via plugin).
Also of note is the PR that added yubikey support to keepassxc:
https://github.com/keepassxreboot/keepassxc/pull/127
This partially reverts commit 09ac1a73e#4903 . See also commit 91b04172bCloses #4883 .
[1] https://github.com/netblue30/firejail/issues/4883#issuecomment-1031172309
2022-02-07 17:14:09 -03:00
Reiner Herrmann
918fa1ea9e
Merge pull request #4912 from netblue30/ci_centos
...
CI: replace centos (EOL) with almalinux
2022-02-07 20:07:48 +00:00
Reiner Herrmann
fad13024e2
CI: drop hostnames workaround
2022-02-07 20:00:56 +01:00
Reiner Herrmann
6ee7447c7d
CI: replace centos (EOL) with almalinux
2022-02-07 19:50:37 +01:00
netblue30
6800bf4770
Merge pull request #4911 from netblue30/ci_changelog
...
push changelog date, so that it's different from the previous one
2022-02-07 13:43:51 -05:00
netblue30
50eed80e10
Merge pull request #4908 from netblue30/dependabot/github_actions/github/codeql-action-1.0.31
...
Bump github/codeql-action from 1.0.30 to 1.0.31
2022-02-07 13:42:59 -05:00
Reiner Herrmann
40cb132782
push changelog date, so that it's different from the previous one
...
otherwise the gitlab CI will complain
2022-02-07 19:25:37 +01:00
netblue30
5753400f0a
fix private-cwd for hyperrogue - issue 4910 (Debian 11, Mint, Ubuntu
2022-02-07 13:23:03 -05:00
netblue30
dc798922c1
fix profstats install
2022-02-07 09:06:18 -05:00
netblue30
04dbdf838f
update README.md
2022-02-07 08:49:03 -05:00
dependabot[bot]
8faaca8525
Bump github/codeql-action from 1.0.30 to 1.0.31
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.30 to 1.0.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8b37404d56...1a927e9307
2022-02-07 06:16:39 +00:00
Kelvin M. Klann
91b04172b1
keepass*: fix typo in private-dev note
...
s/nou2f/private-dev/
This amends commit 8a718ff4a
2022-02-06 19:57:23 -03:00
netblue30
4a2aeb0696
moving to 0.9.69
2022-02-06 08:48:08 -05:00
netblue30
0845233a63
0.9.68 testing
2022-02-06 08:02:38 -05:00
netblue30
5b8348080d
rel 0.9.68 testing
2022-02-06 07:28:02 -05:00
netblue30
b4730248f6
Merge pull request #4903 from kmk3/keepass-rm-nou2f
...
keepass*: remove nou2f & add note about private-dev
2022-02-06 07:25:12 -05:00
Kelvin M. Klann
6d5f39982e
RELNOTES: add new command checklist and issue template rework
...
Relates to #4413 #4479 #4515 #4561 .
2022-02-06 01:41:51 -03:00
Kelvin M. Klann
96b598638d
RELNOTES: add pr related to PATH_MAX bugfix
...
Relates to #4606 .
2022-02-06 01:09:54 -03:00
Kelvin M. Klann
384e2ffb57
RELNOTES: add AppArmor base abstraction support and disable-proc.inc
...
Relates to #3226 #4521 #4628 .
2022-02-06 00:08:21 -03:00
Kelvin M. Klann
dcd28c3a95
RELNOTES: add ci section with SHA pinning and dependabot
...
And move the profile checks item to the ci section.
Relates to #2739 #4643 #4774 .
2022-02-05 23:51:14 -03:00
Kelvin M. Klann
f08f73564f
RELNOTES: add build-related items
...
Relates to #4594 #4695 #4712 .
2022-02-05 23:38:25 -03:00
Kelvin M. Klann
e9228dea7d
RELNOTES: add com.github.tchx84.Flatseal profile
...
Relates to #4724 .
2022-02-05 22:47:29 -03:00
Kelvin M. Klann
25a0fa7d6a
RELNOTES: add pipewire in --nosound and ci profile checks
...
Relates to #2739 #4643 #4855 .
2022-02-05 22:41:12 -03:00
smitsohu
70f2cd167f
fix joining of sandboxes without shell
...
regressed in c764520b5a
2022-02-06 01:58:22 +01:00
Kelvin M. Klann
8a718ff4a7
keepass*: note that private-dev blocks access to new hardware keys
...
Which may be surprising to some users (see #4883 ).
Fixes #4883 .
2022-02-05 21:47:58 -03:00
Kelvin M. Klann
09ac1a73e8
keepass*: remove nou2f
...
At least keepassxc supports U2F and password managers seem like they
would be a common use case for it.
See the discussion on #4883 .
2022-02-05 21:44:51 -03:00
Kelvin M. Klann
b8c4d27d71
RELNOTES: add bugfix for symlinks on private-bin + globs
...
Relates to #4626 .
2022-02-05 21:23:25 -03:00
Kelvin M. Klann
ef850c2ec8
RELNOTES: add unset TMP if it doesn't exist
...
Relates to #4151 .
2022-02-05 19:33:37 -03:00
Kelvin M. Klann
813dab7027
RELNOTES: add missing issue references
...
Interestingly, some really old issues were fixed in this release (#408
is from 2016).
Relates to #408 #928 #3042 .
2022-02-05 19:21:07 -03:00
netblue30
c7c11eba68
Merge pull request #4902 from kmk3/relnotes-organize
...
Organize relnotes
2022-02-05 10:40:02 -05:00
