Commit Graph

50 Commits

Author SHA1 Message Date
Jonas Heinrich
defe183dad firejail: Remove symlink check patch 2021-09-19 11:55:30 +02:00
R. RyanTM
91466bb62a firejail: 0.9.64.4 -> 0.9.66 2021-06-30 02:28:53 +00:00
0x4A6F
75351261fc
firejail: 0.9.64.2 -> 0.9.64.4 2021-02-07 23:40:58 +00:00
0x4A6F
2451c4d1d6
firejail: 0.9.64 -> 0.9.64.2 2021-01-28 19:42:59 +00:00
volth
bc0d605cf1 treewide: fix double quoted strings in meta.description
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
2021-01-24 19:56:59 +07:00
Ben Siraphob
16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Roosembert Palacios
831c700c5d
firejail: fix -overlay and -build functionality on NixOS
- The `-overlay` flag runs the specified binary inside an OverlayFS,
  since the /nix store may be in a different mount point than the user
  home, this patch explicitly bind mounts it so it's available inside
  the overlay.

- profile builder: firejail provides facilities to build a new profiles.
  To do so, it execute the helper binary `fbuilder`, which in turn will
  execute firejail back with different options. This patch makes it use
  the binary available in PATH instead of the one produced at compile time.
  The compiled firejail binary doesn't have the necessary permissions,
  so the firejail NixOS module wraps it in a SUID wrapper available on
  PATH at runtime.

Signed-off-by: Roosembert Palacios <roosemberth@posteo.ch>
2020-11-27 23:14:58 +01:00
snicket2100
ffeb2af920 firejail: fixing the 'xdg-dbus-proxy' dependency
xdg-dbus-proxy path is hardcoded in the common.h file in the firejail
source code. if this binary is not found, dbus filtering capabilities
of firejail get limited i.e. you can only entirely disable or entirely
enable dbus communication.
2020-11-22 13:35:09 +01:00
snicket2100
cd1c5633af firejail: 0.9.62 -> 0.9.64 2020-11-08 23:25:59 +01:00
Stig Palmquist
15c53cf0fa
nixos/tests: add test for firejail 2020-08-10 06:54:26 +02:00
Stig Palmquist
e15cab8e9c
firejail: add patches to fix CVE-2020-17367 and CVE-2020-17368 2020-08-09 15:08:29 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
snicket2100
a63f6a7d47 firejail: local profile handling fixed
made it possible to place local profiles in `~/.config/firejail`,
as well as in `/etc/firejail`.
2020-03-27 18:34:52 +01:00
snicket2100
a43a5479a5 firejail: updated the homepage address 2020-01-20 23:07:18 +01:00
snicket2100
d914e9d1db firejail: 0.9.60 -> 0.9.62 2020-01-18 11:56:07 +01:00
snicket2100
0778f0aee6 firejail: local profile handling fixed
The sed expression wasn't really catching anything (as local profiles are
included in the provided set of profiles by `include aaa.local` and not by
`include xx/firejail/aaa.local` as the sed expression used to expect).
As a result, it was not possible to create local profiles in any
accessible location. This fix makes it possible to create them in
`/etc/firejail/` which seems pretty standard.
2020-01-11 20:49:48 +01:00
Will Dietz
aadd2a6bc7
firejail: 0.9.58.2 -> 0.9.60 2019-05-28 19:22:56 -05:00
R. RyanTM
9944d2e91d firejail: 0.9.58 -> 0.9.58.2
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/firejail/versions
2019-03-01 21:47:37 -08:00
R. RyanTM
0e28f3c318 firejail: 0.9.56 -> 0.9.58
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/firejail/versions
2019-02-06 01:55:03 -08:00
Ivan Kozik
9314c6a563 firejail: disable parallel building
firejail was frequently failing to build on my Hydra machine at -j16, and
the error looked like a typical parallel build problem:

<3>make[1]: Entering directory '/build/firejail-0.9.56/src/fcopy'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"'   -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"'  -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME  -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk   -c main.c -o main.o
<3>gcc  -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fcopy main.o
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fcopy'
<3>make -C src/fldd
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/fldd'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"'   -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"'  -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME  -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk   -c main.c -o main.o
<3>gcc  -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fldd main.o ../lib/ldd_utils.o
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fldd'
<3>make -C src/libpostexecseccomp
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/libpostexecseccomp'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security  -c libpostexecseccomp.c -o libpostexecseccomp.o
<3>gcc -pie -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -o libpostexecseccomp.so libpostexecseccomp.o -ldl
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/libpostexecseccomp'
<3>src/fseccomp/fseccomp default seccomp
<3>src/fsec-optimize/fsec-optimize seccomp
<3>/nix/store/6abyjgibafsbhlc7v7lab50mb3dj81jg-bash-4.4-p23/bin/bash: src/fsec-optimize/fsec-optimize: No such file or directory
<3>make: *** [Makefile:43: filters] Error 127
<3>builder for '/nix/store/30srqmpqrjyr11nhx4jbpr84m9pnmyv5-firejail-0.9.56.drv' failed with exit code 2
2018-12-17 06:41:44 +00:00
c0bw3b
0ea604ac1d Treewide: use https for SourceForge 2018-11-24 19:58:03 +01:00
Peter Hoeg
04bbb2ab6b firejail: override files should be in /etc/firejail 2018-10-03 16:08:39 +08:00
R. RyanTM
dd33a9dc0b firejail: 0.9.54 -> 0.9.56
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/firejail/versions
2018-09-20 14:31:57 -07:00
R. RyanTM
b1890946af firejail: 0.9.52 -> 0.9.54
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/firejail/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firejail had a zero exit code or showed the expected version
- /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firemon passed the binary check.
- /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firecfg passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 2 of 3 passed binary check by having the new version present in output.
- found 0.9.54 with grep in /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54
- directory tree listing: https://gist.github.com/3fb76054296d9e45fea3c47ae6a9f03f
- du listing: https://gist.github.com/a732bad0be0159f527ca4e8c532400ed
2018-05-17 07:32:04 -07:00
adisbladis
c2f57b0099
firejail: 0.9.50 -> 0.9.52 2018-01-18 02:24:24 +08:00
adisbladis
0af15f6f45
firejail: 0.9.48 -> 0.9.50 2017-11-06 17:21:03 +08:00
mimadrid
09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Silvan Mosberger
f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Johannes Frankenau
fcf7b6761b firejail: 0.9.44.10 -> 0.9.48 2017-07-25 14:30:36 +02:00
Will Dietz
707145a955 firejail: don't try to set setuid bit 2017-06-28 14:31:47 -05:00
Michael Raskin
c4bdec77a0 firejail: 0.9.44.8 -> 0.9.44.10 2017-04-10 00:14:34 +02:00
Michael Raskin
a9e55a2a8e firejail: 0.9.44.4 -> 0.9.44.8 2017-02-01 19:28:45 +01:00
Michael Raskin
9653be493a firejail: 0.9.44.2 -> 0.9.44.4 2017-01-08 13:58:24 +01:00
Michael Raskin
11bfe01846 firejail: 0.9.42 -> 0.9.44.2 2017-01-02 20:18:47 +01:00
Michael Raskin
11bc6ea4ae firejail: 0.9.42-rc1 -> 0.9.42 2016-09-12 13:01:34 +02:00
Michael Raskin
b893d84d53 firejail: 0.9.40-rc1 -> 0.9.42-rc1 2016-08-11 17:57:35 +02:00
Michael Raskin
80db55610c firejail: 0.9.38 -> 0.9.40 2016-04-13 14:47:04 +02:00
Michael Raskin
4f45082915 firejail: 0.9.36 -> 0.9.38 2016-02-14 21:17:07 +01:00
Michael Raskin
0f9a361064 firejail: 0.9.26 -> 0.9.36 2016-01-01 12:30:17 +03:00
Tuomas Tynkkynen
91cbd8a3b2 firejail: Fix source URL
This particular sf.net mirror is down.
2015-07-12 21:12:06 +02:00
Michael Raskin
c25495bcff Update firejail 2015-05-10 13:36:44 +03:00
Michael Raskin
93bf2f8ba9 Update firejail 2015-04-05 20:27:25 +03:00
Michael Raskin
8fcc960e6e Update firejail 2015-03-09 01:03:01 +03:00
Michael Raskin
5477ccdb7f Update firejail 2015-02-01 18:41:32 +03:00
Michael Raskin
5997e7edfa Firejail: 0.9.16 → 0.9.18 2014-12-21 11:14:25 +03:00
Michael Raskin
f3b947bfeb Update Firejail 2014-11-02 23:51:58 +03:00
Michael Raskin
e5c90ad374 Update firejail 2014-10-06 02:43:57 +04:00
Michael Raskin
ea12fb639b Update Firejail 2014-09-24 13:32:46 +04:00
Michael Raskin
bddcee7747 Update Firejail 2014-08-31 18:20:06 +04:00
Michael Raskin
fba7d7c4b8 Add Firejail cheap-sandbox-building package 2014-08-18 02:18:33 +04:00