Kelvin M. Klann
e796ba1349
ci: allow running workflows manually
...
Add `on.workflow_dispatch`.
See:
* https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatch
* https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
2023-09-26 12:24:14 -03:00
glitsj16
72edd9667b
youtubemusic-nativefier: fix include .local name ( #6020 )
2023-09-26 04:19:16 +00:00
glitsj16
20d43a6772
profiles: dpkg fix ( #6019 )
2023-09-26 04:18:28 +00:00
dependabot[bot]
91533c4394
build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04daf014b5...6a28655e3d
2023-09-25 17:22:34 +00:00
dependabot[bot]
bfacd86527
build(deps): bump actions/checkout from 4.0.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 17:22:23 +00:00
Kelvin M. Klann
f5534fb600
profiles: fix path of system-log-common.profile
...
This amends commit dd5539012#5996 )",
2023-09-23).
Commands used:
git mv \
etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile \
etc/profile-m-z/system-log-common.profile
rmdir etc/profile-m-z/profile-m-z/profile-m-z/
rmdir etc/profile-m-z/profile-m-z/
2023-09-23 01:02:34 -03:00
pirate486743186
d90cd8915e
create fluffychat.profile ( #6007 )
...
Co-authored-by: pirate486743186 <>
2023-09-23 01:44:33 +00:00
glitsj16
9690ce753b
mocp: hardening ( #6017 )
2023-09-23 01:43:43 +00:00
glitsj16
5de32c19d6
mocp: fix networking ( #6016 )
2023-09-23 01:43:13 +00:00
glitsj16
dd55390120
profiles: refactor log viewers ( #5996 )
...
* profiles: refactor log viewers
Introduces system-log-common.profile as a common profile for existing
GUI log viewer applications.
* system-log-common: enable no3d
2023-09-23 01:42:08 +00:00
Kelvin M. Klann
27c3e97989
Merge pull request #5993 from kmk3/modif-keep-pipewire-group
...
modif: keep pipewire group unless nosound is used
2023-09-20 15:46:12 +00:00
Kelvin M. Klann
0091caf80c
modif: keep pipewire group unless nosound is used
...
This group is apparently used on Gentoo[1].
Currently only the "audio" supplementary group is kept.
Fixes #5992 .
See also commit f32938669#4851 .
[1] https://wiki.gentoo.org/wiki/PipeWire
Reported-by: @amano-kenji
2023-09-20 12:23:31 -03:00
archaon616
f90770fb83
steam.profile: Allow Factorio ( #6012 )
...
Add directories to config so Factorio runs correctly.
2023-09-19 18:04:31 +00:00
Frostbyte4664
fe5df9b5d5
Add blender-3.6 redirect ( #6013 )
2023-09-18 14:17:58 +00:00
glitsj16
e5aad6cdc0
gwenview: add Trash support ( #6001 )
2023-09-18 14:15:32 +00:00
Denis Subbotin
e57f1e4ef1
telegram.profile: allow ~/.local/share/telegram-desktop ( #5994 )
...
New TelegramWebApps uses another directory for saving local storage.
2023-09-18 14:15:17 +00:00
dependabot[bot]
8a82e400e8
build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.5 to 2.21.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](00e563ead9...04daf014b5
2023-09-18 13:29:44 +00:00
netblue30
eb5c97197b
speed up blacklists
2023-09-12 11:22:44 -04:00
dependabot[bot]
8caf747ab8
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...3df4ab11eb
2023-09-11 17:48:10 +00:00
Kelvin M. Klann
032aa1ff1b
Merge pull request #5987 from kmk3/profiles-fix-eol-comments
...
profiles: fix commented code and eol comments
2023-09-08 20:28:39 +00:00
Kelvin M. Klann
c6d33375cc
profiles: fix commented code and eol comments
...
Main changes:
* Remove the space after `#` for commented code lines to distinguish
them from normal comments
* Use `#` instead of `-` for comments at the end of the line so that
commented code lines work after being uncommented
Commands used to search and replace:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed -E \
-e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \
-e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \
-e 's/^# (whitelist \\$)/#\\1/' \
-e 's/^(#[^ ].+) --? /\\1 # /' \
'{}')\" >'{}'"
Commands used to check for leftover entries:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile*
See also commit 30f9ad908#5942 .
2023-09-08 04:57:37 -03:00
glitsj16
9ab6b8746f
transgui: hardening ( #5989 )
2023-09-07 13:08:52 +00:00
Marek Küthe
4b8f1d2dca
VSCodium: Fix developing Arduino ( #5991 )
...
Closes https://github.com/netblue30/firejail/issues/5990
Arduino IDE: https://github.com/arduino/arduino-ide
PlatformIO: https://github.com/platformio
Signed-off-by: Marek Küthe <m.k@mk16.de>
2023-09-06 20:47:45 +00:00
Kelvin M. Klann
8e99a8c2e3
profiles: fix some comments
...
Changes:
* Turn very long end-of-line comments into normal comments
* Turn multi-line end-of-line comments into normal comments
* Fix a comment being below instead of above the relevant entry
* Turn some comments that look like code into end-of-line comments
2023-09-06 04:01:27 -03:00
Kelvin M. Klann
ce6fb3a8dd
build: add missing dbus/x11 commands to arg1 list
...
Fix the list generation and run `make syntax`.
Relates to #5627 .
2023-09-06 03:19:32 -03:00
DefaultUser
f355533ab6
neochat: Allow netlink ( #5986 )
...
The latest Neochat package on Arch (23.08.0-2, with libquotient
0.8.1.1-1) crashes otherwise.
2023-09-06 06:10:40 +00:00
kzsa
6bab3f13ad
wusc: add /usr/share/locale-langpack (LC_MESSAGES) ( #5981 )
...
Fixes #5974 .
2023-09-06 06:10:29 +00:00
haarp
95998519dd
discord-common.profile: harden & allow notifications ( #5978 )
...
What works:
- Basic functionality
- Receiving notifications
- Voice communication
- Watching streams
What wasn't tested:
- Casting streams
- Opening links
- Tracking/displaying "current activity" as status message
- Apparmor
Notes:
- Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to
connect to the bus: Failed to connect to socket
/run/firejail/mnt/dbus/system: Permission denied`). I don't know what
business it has with the system dbus, and didn't notice any problems
due to that.
- I had one crash after 2h of watching a stream. Probably unrelated.
Fixes #5971 .
2023-09-06 06:09:24 +00:00
Kelvin M. Klann
679ab2ebcc
RELNOTES: add bugfix and ci items
...
Relates to #5965 #5976 #5984 .
2023-08-30 13:28:56 -03:00
Kelvin M. Klann
c82a526aba
Merge pull request #5984 from kmk3/ci-fix-dependabot-dup
...
ci: fix dependabot duplicated workflow runs
2023-08-30 16:24:01 +00:00
Kelvin M. Klann
e77ab07b7b
Merge pull request #5976 from topimiettinen/fix-5965
...
Fix wrong syscall names for s390_pci_mmio_{read,write}
2023-08-30 16:23:43 +00:00
Kelvin M. Klann
0cc56a71a5
ci: fix dependabot duplicated workflow runs
...
Every workflow is being executed twice for dependabot: Once when its
branch is pushed to this repository and again when a PR is opened for
it.
For example, see the checks in #5979 ("29 checks passed").
This happens because both `on.push` and `on.pull_request` are specified
in the workflow files.
There does not seem to be a simple and generic way to avoid such
duplicated runs directly in GitHub Actions (such as preventing the same
check from running for the same exact commit)[1], so just ignore the
dependabot branches on push for now.
See also and commit 5871b08a4#5815 .
[1] https://github.com/orgs/community/discussions/26276
2023-08-28 20:47:35 -03:00
dependabot[bot]
f235c8f6c7
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-08-28 22:22:25 +00:00
dependabot[bot]
e4e215340e
build(deps): bump github/codeql-action from 2.21.2 to 2.21.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.2 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.21.2...00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-28 22:16:21 +00:00
Kelvin M. Klann
7e91a0414c
tests: disable broken wget tests in utils/sysutils
...
They are taking longer than the 30s timeout[1] [2]:
runner@fv-az246-621:~/work/firejail/firejail/test/sysutils$
<ysutils$ firejail --ignore=quiet wget -q debian.org
Reading profile /etc/firejail/wget.profile
[...]
Child process initialized in 115.54 ms
TESTING ERROR 2
runner@fv-az1234-541:~/work/firejail/firejail/test/utils$
<irejail --build wget --output-document=~ debian.org
[...]
Resolving www.debian.org (www.debian.org)... 128.31.0.62
Connecting to www.debian.org (www.debian.org)|128.31.0.62|:443... connected.
TESTING ERROR 13
[1] https://github.com/kmk3/firejail/actions/runs/6005119423/job/16287436840
[2] https://github.com/kmk3/firejail/actions/runs/6005314148/job/16287794321
2023-08-28 19:03:09 -03:00
Kelvin M. Klann
d5c90b7416
tests: disable wget test in utils/trace.exp
...
It is apparently getting in the way of the rm test[1]:
runner@fv-az1417-728:~/work/firejail/firejail/test/utils$
<ail/test/utils$ firejail --trace wget -q debian.org
5:wget:exec /usr/local/bin/wget:0
5:wget:stat64 /etc/wgetrc:0
5:wget:fopen64 /etc/wgetrc:0x561585600510
5:wget:stat64 /home/runner/.wgetrc:-1
OK
[...]
firejail --trace rm index.html
5:wget:connect 4 128.31.0.62 port 443:0
[...]
5:wget:stat64 /home/runner/.wget-hsts:0
runner@fv-az1417-728:~/work/firejail/firejail/test/utils$ TESTING ERROR 9
[1] https://github.com/kmk3/firejail/actions/runs/6004405511/job/16284920616
2023-08-28 19:03:09 -03:00
Kelvin M. Klann
2dc28f636e
tests: fix wget test in utils/trace.exp
...
This should fix the following error[1]:
runner@fv-az1230-523:~/work/firejail/firejail/test/utils$
<ail/test/utils$ firejail --trace wget -q debian.org
[...]
5:wget:stat64 index.html:-1
5:wget:stat64 index.html:-1
5:wget:stat64 /home/runner/.netrc:-1
5:wget:socket AF_INET SOCK_STREAM IPPROTO_IP:4
5:wget:connect 4 151.101.66.132 port 80:0
5:wget:stat64 index.html:-1
5:wget:stat64 index.html:-1
5:wget:stat64 index.html:-1
[...]
TESTING ERROR 8.6
[1] https://github.com/kmk3/firejail/actions/runs/6004266783/job/16284476671
2023-08-28 19:03:09 -03:00
Kelvin M. Klann
486ef54287
tests: increase the timeouts in wget.exp and build.exp
...
To try to fix the following errors[1] [2]:
runner@fv-az298-480:~/work/firejail/firejail/test/utils$
<irejail --build wget --output-document=~ debian.org
[...]
Resolving www.debian.org (www.debian.org)... 128.31.0.62
Connecting to www.debian.org (www.debian.org)|128.31.0.62|:443... connected.
TESTING ERROR 13
runner@fv-az305-745:~/work/firejail/firejail/test/sysutils$
<ysutils$ firejail --ignore=quiet wget -q debian.org
[...]
Child process initialized in 106.89 ms
TESTING ERROR 2
[1] https://github.com/netblue30/firejail/actions/runs/5996420917/job/16278071977?pr=5979
[2] https://github.com/netblue30/firejail/actions/runs/5996420917/job/16278071219?pr=5979
2023-08-28 19:02:41 -03:00
Topi Miettinen
7e8ba3a8be
Fix wrong syscall names for s390_pci_mmio_{read,write}
...
Closes #5965
2023-08-26 21:48:44 +03:00
glitsj16
dd5ae0d8f4
profiles: patch fixes ( #5970 )
...
Commit 3077b2d1f3077b2d1ff
2023-08-25 01:55:52 +00:00
Kelvin M. Klann
2ad255432b
profiles: move ~/.rustup blacklist to disable-programs.inc ( #5969 )
...
Which also blacklists ~/.cargo.
Note that ~/.rustup is the only `${HOME}` entry in disable-devel.inc.
Added on commit 8d9b12d1c
2023-08-23 21:34:38 +00:00
Kelvin M. Klann
72c6df3af5
tests: properly fix fs/kmsg test
...
It was broken likely due to `private-dev` being added to default.profile
on commit 307dad54275cefd5b1
2023-08-23 12:02:24 -03:00
Kelvin M. Klann
962dedb7c7
disable-devel.inc: split packaging-related entries
...
`dh_*` and `fakeroot` can be used when building .deb packages; they are
not part of autoconf/automake.
2023-08-23 11:50:10 -03:00
Kelvin M. Klann
3f4f2cc244
disable-devel.inc: sort entries
...
And fix a few inconsistent comments.
2023-08-23 11:50:05 -03:00
glitsj16
8b5ca18127
profiles: move fakeroot blacklisting to disable-devel.inc ( #5968 )
...
As of commit 96beb335896beb3358c (r125237349)
2023-08-23 14:23:10 +00:00
Kelvin M. Klann
3fa94f04c1
RELNOTES: add build and ci items
...
Relates to #5942 #5955 #5956 #5960 .
2023-08-23 08:32:18 -03:00
Kelvin M. Klann
f549074a81
Merge pull request #5960 from kmk3/ci-split-jobs
...
ci: whitelist paths, reorganize workflows & speed-up tests
2023-08-23 11:21:02 +00:00
Kelvin M. Klann
ec504406b9
test: disable broken sysutils strings test
...
And limit the output of `diff` in the test to avoid logging thousands of
lines of a hexdump.
Likely broken by commit 3077b2d1fhttps://github.com/netblue30/firejail/actions/runs/5945120115/job/16123622451
2023-08-23 08:08:51 -03:00
netblue30
3077b2d1ff
update disable-devel.inc
2023-08-22 19:34:12 -04:00
netblue30
96beb3358c
a second round of blacklisting in disable-common.inc
2023-08-22 19:18:18 -04:00
