about summary refs log tree commit diff
path: root/pkgs/os-specific/linux/firejail/default.nix
AgeCommit message (Collapse)AuthorFilesLines
2024-06-04treewide: remove unused fetchpatch argumentsSigmanificient1-1/+0
2023-02-19firejail: Fix double-dash usage on non-POSIX shellsJonas Heinrich1-0/+6
2023-01-17firejail: 0.9.70 -> 0.9.72Jonas Heinrich1-2/+2
2022-06-11firejail: 0.9.68 -> 0.9.70Jonas Heinrich1-37/+2
2022-06-08firejail: patches for CVE-2022-31214Stig Palmquist1-0/+23
https://seclists.org/oss-sec/2022/q2/188
2022-05-09firejail: Fix opengl support for various appsJonas Heinrich1-0/+6
2022-05-07firejail: Fix resolve binary paths in user environmentJonas Heinrich1-0/+7
2022-02-07firejail: 0.9.66 -> 0.9.68Zane van Iperen1-5/+2
Fixes #153430
2022-01-19firejail: add apparmor supportReed Riley1-2/+22
2022-01-19firejail: improve local profile customization supportReed Riley1-1/+1
2022-01-19firejail: remove deprecated flag, see: ↵Reed Riley1-5/+0
https://github.com/netblue30/firejail/commit/4909fa7efce4a36bd16e7bf80c9642b93c262ddf
2021-09-19firejail: Remove symlink check patchJonas Heinrich1-0/+3
2021-06-30firejail: 0.9.64.4 -> 0.9.66R. RyanTM1-2/+2
2021-02-07firejail: 0.9.64.2 -> 0.9.64.40x4A6F1-2/+2
2021-01-28firejail: 0.9.64 -> 0.9.64.20x4A6F1-24/+15
2021-01-24treewide: fix double quoted strings in meta.descriptionvolth1-1/+1
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
2021-01-17pkgs/os-specific: stdenv.lib -> libBen Siraphob1-4/+4
2020-11-27firejail: fix -overlay and -build functionality on NixOSRoosembert Palacios1-0/+9
- The `-overlay` flag runs the specified binary inside an OverlayFS, since the /nix store may be in a different mount point than the user home, this patch explicitly bind mounts it so it's available inside the overlay. - profile builder: firejail provides facilities to build a new profiles. To do so, it execute the helper binary `fbuilder`, which in turn will execute firejail back with different options. This patch makes it use the binary available in PATH instead of the one produced at compile time. The compiled firejail binary doesn't have the necessary permissions, so the firejail NixOS module wraps it in a SUID wrapper available on PATH at runtime. Signed-off-by: Roosembert Palacios <roosemberth@posteo.ch>
2020-11-22firejail: fixing the 'xdg-dbus-proxy' dependencysnicket21001-1/+5
xdg-dbus-proxy path is hardcoded in the common.h file in the firejail source code. if this binary is not found, dbus filtering capabilities of firejail get limited i.e. you can only entirely disable or entirely enable dbus communication.
2020-11-08firejail: 0.9.62 -> 0.9.64snicket21001-15/+2
2020-08-10nixos/tests: add test for firejailStig Palmquist1-1/+3
2020-08-09firejail: add patches to fix CVE-2020-17367 and CVE-2020-17368Stig Palmquist1-1/+14
2020-04-10treewide: Per RFC45, remove all unquoted URLsMichael Reilly1-1/+1
2020-03-27firejail: local profile handling fixedsnicket21001-3/+20
made it possible to place local profiles in `~/.config/firejail`, as well as in `/etc/firejail`.
2020-01-20firejail: updated the homepage addresssnicket21001-1/+1
2020-01-18firejail: 0.9.60 -> 0.9.62snicket21001-2/+2
2020-01-11firejail: local profile handling fixedsnicket21001-2/+2
The sed expression wasn't really catching anything (as local profiles are included in the provided set of profiles by `include aaa.local` and not by `include xx/firejail/aaa.local` as the sed expression used to expect). As a result, it was not possible to create local profiles in any accessible location. This fix makes it possible to create them in `/etc/firejail/` which seems pretty standard.
2019-05-28firejail: 0.9.58.2 -> 0.9.60Will Dietz1-4/+3
2019-03-01firejail: 0.9.58 -> 0.9.58.2R. RyanTM1-4/+4
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/firejail/versions
2019-02-06firejail: 0.9.56 -> 0.9.58R. RyanTM1-4/+4
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/firejail/versions
2018-12-17firejail: disable parallel buildingIvan Kozik1-1/+3
firejail was frequently failing to build on my Hydra machine at -j16, and the error looked like a typical parallel build problem: <3>make[1]: Entering directory '/build/firejail-0.9.56/src/fcopy' <3>gcc -ggdb -O2 -DVERSION='"0.9.56"' -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"' -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -c main.c -o main.o <3>gcc -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fcopy main.o <3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fcopy' <3>make -C src/fldd <3>make[1]: Entering directory '/build/firejail-0.9.56/src/fldd' <3>gcc -ggdb -O2 -DVERSION='"0.9.56"' -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"' -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -c main.c -o main.o <3>gcc -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fldd main.o ../lib/ldd_utils.o <3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fldd' <3>make -C src/libpostexecseccomp <3>make[1]: Entering directory '/build/firejail-0.9.56/src/libpostexecseccomp' <3>gcc -ggdb -O2 -DVERSION='"0.9.56"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security -c libpostexecseccomp.c -o libpostexecseccomp.o <3>gcc -pie -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -o libpostexecseccomp.so libpostexecseccomp.o -ldl <3>make[1]: Leaving directory '/build/firejail-0.9.56/src/libpostexecseccomp' <3>src/fseccomp/fseccomp default seccomp <3>src/fsec-optimize/fsec-optimize seccomp <3>/nix/store/6abyjgibafsbhlc7v7lab50mb3dj81jg-bash-4.4-p23/bin/bash: src/fsec-optimize/fsec-optimize: No such file or directory <3>make: *** [Makefile:43: filters] Error 127 <3>builder for '/nix/store/30srqmpqrjyr11nhx4jbpr84m9pnmyv5-firejail-0.9.56.drv' failed with exit code 2
2018-11-24Treewide: use https for SourceForgec0bw3b1-1/+1
2018-10-03firejail: override files should be in /etc/firejailPeter Hoeg1-0/+8
2018-09-20firejail: 0.9.54 -> 0.9.56R. RyanTM1-4/+4
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/firejail/versions
2018-05-17firejail: 0.9.52 -> 0.9.54R. RyanTM1-4/+4
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/firejail/versions. These checks were done: - built on NixOS - Warning: no invocation of /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firejail had a zero exit code or showed the expected version - /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firemon passed the binary check. - /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firecfg passed the binary check. - 2 of 3 passed binary check by having a zero exit code. - 2 of 3 passed binary check by having the new version present in output. - found 0.9.54 with grep in /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54 - directory tree listing: https://gist.github.com/3fb76054296d9e45fea3c47ae6a9f03f - du listing: https://gist.github.com/a732bad0be0159f527ca4e8c532400ed
2018-01-18firejail: 0.9.50 -> 0.9.52adisbladis1-4/+4
2017-11-06firejail: 0.9.48 -> 0.9.50adisbladis1-4/+4
2017-08-03Update homepage attributes: http -> httpsmimadrid1-1/+1
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated https://repology.org/repository/nix_stable/problems
2017-08-01pkgs: refactor needless quoting of homepage meta attribute (#27809)Silvan Mosberger1-1/+1
* pkgs: refactor needless quoting of homepage meta attribute A lot of packages are needlessly quoting the homepage meta attribute (about 1400, 22%), this commit refactors all of those instances. * pkgs: Fixing some links that were wrongfully unquoted in the previous commit * Fixed some instances
2017-07-25firejail: 0.9.44.10 -> 0.9.48Johannes Frankenau1-4/+11
2017-06-28firejail: don't try to set setuid bitWill Dietz1-1/+1
2017-04-10firejail: 0.9.44.8 -> 0.9.44.10Michael Raskin1-4/+4
2017-02-01firejail: 0.9.44.4 -> 0.9.44.8Michael Raskin1-4/+4
2017-01-08firejail: 0.9.44.2 -> 0.9.44.4Michael Raskin1-4/+4
2017-01-02firejail: 0.9.42 -> 0.9.44.2Michael Raskin1-6/+4
2016-09-12firejail: 0.9.42-rc1 -> 0.9.42Michael Raskin1-3/+4
2016-08-11firejail: 0.9.40-rc1 -> 0.9.42-rc1Michael Raskin1-4/+4
2016-04-13firejail: 0.9.38 -> 0.9.40Michael Raskin1-4/+4
2016-02-14firejail: 0.9.36 -> 0.9.38Michael Raskin1-5/+7
2016-01-01firejail: 0.9.26 -> 0.9.36Michael Raskin1-4/+4
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-01 20:23:10 +0000