forked from netblue30/firejail
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
luarocks #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes the following "implicit declaration" warning (13 occurrences in total) when building with gcov support: $ pacman -Q gcc10 gcc10 1:10.2.0-3 $ CC=gcc-10 && export CC $ ./configure --prefix=/usr --enable-apparmor --enable-gcov >/dev/null $ make >/dev/null appimage.c: In function ‘appimage_set’: appimage.c:140:2: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration] 140 | __gcov_flush(); | ^~~~~~~~~~~~ interface.c: In function ‘print_sandbox’: interface.c:149:3: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration] 149 | __gcov_flush(); | ^~~~~~~~~~~~ netstats.c: In function ‘netstats’: netstats.c:246:4: warning: implicit declaration of function ‘__gcov_flush’ [-Wimplicit-function-declaration] 246 | __gcov_flush(); | ^~~~~~~~~~~~ [...] Note: The commands above were executed from makepkg, while building firejail-git from the AUR. Note2: gcc-10 was used because the build fails with the current gcc version (11.1.0) on Artix Linux. The failure happens because __gcov_flush was removed on gcc 11.1.0[1]; this will be addressed later. Note3: The following command helped find the affected files: $ git grep -Fl __gcov -- src [1] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=811b7636cb8c10f1a550a76242b5666c7ae36da2
gcov: add missing gcov.h includes
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* downgrade error to warning, smiliar to read-write option; this simplifies use of tmpfs option in general purpose profiles, for example we don't need to worry about links people put in their homedir * update manpage
* firecfg.config alpine * Create alpinef.profile * Create alpine.profile * disable-programs.inc alpine * workaround in comment * Update etc/profile-a-l/alpine.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> * deactivating whitelists in ${HOME} * comment Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
allow access to pkgconfig
Address netblue30#3872 with changes in pipewire for Firefox and Chromium
telegram: Enable private-bin
users, and fldd in particular, might have no read permission on the firejail executable, make that ok by running fldd as root
don't try to read /usr/bin/firejail if private-bin removed it from the sandbox filesystem
Trim excess whitespace
- Allow org.freedesktop.secrets, fixes netblue30#4584 - Improve comments about notifications and systray
* cheese - fix: dbus-user.own org.gnome.Cheese - fix: whitelist /usr/share/gstreamer-1.0 - fix: include allow-python3.inc - hardening: include disable-shell.inc - hardening: include whitelist-run-common.inc and whitelist /run/udev/data - hardening: whitelist /usr/libexec/gstreamer-1.0/gst-plugin-scanner - hardening: noinput - hardening: nosound - hardening: seccomp.block-secondary - hardening: private-dev * geekbench (closes netblue30#4576) - fix: noblacklist /sbin and noblacklist /usr/sbin - fix: noblacklist, blacklist, mkdir, whitelist, read-write ${HOME}/.geekbench5 - fix: comment/remove private-bin, private-lib, private-opt * inkscape - add quiet for cli usage * musixmatch (netblue30#4518) - allow chroot * pandoc - fix: include allow-bin-sh.inc - fix: drop private-bin - hardening: include whitelist-runuser-common.inc - hardening: seccomp.block-secondary
add more EUID improvements
In order UPnP to work netlink protocol must be enabled.
Correct amule.profile for upnp
Enables recursive remounting on very old kernels, which has some relevance for SailfishOS community ports.
Read mount id also on legacy kernels
DO NOT MERGE! Please review. MERGE BLOCKER: firecfg does not create the necessary symlink in /usr/local/bin /usr/bin/luarocks however is a proper working binary. Another annoyance from this: Neovim has a package manager called packer, which pollutes $HOME with manifest-5-[1-4].zip and a pile of .rockspec and .src.rock files.
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
noblacklist in allow-lua.inc must corresponds to blacklist section for lua in disable-interpreters.inc
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* disable /run/user/userid * use well tested whitelist-usr-share-common.inc * use disable-X11.inc
* dont break various application sandboxes with noblacklist /usr/include/lua* Instead insert it manually for luarocks. * remove redundant `blacklist /usr/share/lua` from disable-interpreters.inc
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
/etc/texmf
netblue30/firejail#3481 - pandoc needs access to /etc/texmfnetns
configuration directive in .profile or .local files netblue30/firejail#3846Error: invalid --debug command line option
if quiet-by-default is set in firejail.config netblue30/firejail#4168)