3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

48 commits

Author SHA1 Message Date
0x4A6F 75351261fc
firejail: 0.9.64.2 -> 0.9.64.4 2021-02-07 23:40:58 +00:00
0x4A6F 2451c4d1d6
firejail: 0.9.64 -> 0.9.64.2 2021-01-28 19:42:59 +00:00
volth bc0d605cf1 treewide: fix double quoted strings in meta.description
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
2021-01-24 19:56:59 +07:00
Ben Siraphob 16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Roosembert Palacios 831c700c5d
firejail: fix -overlay and -build functionality on NixOS
- The `-overlay` flag runs the specified binary inside an OverlayFS,
  since the /nix store may be in a different mount point than the user
  home, this patch explicitly bind mounts it so it's available inside
  the overlay.

- profile builder: firejail provides facilities to build a new profiles.
  To do so, it execute the helper binary `fbuilder`, which in turn will
  execute firejail back with different options. This patch makes it use
  the binary available in PATH instead of the one produced at compile time.
  The compiled firejail binary doesn't have the necessary permissions,
  so the firejail NixOS module wraps it in a SUID wrapper available on
  PATH at runtime.

Signed-off-by: Roosembert Palacios <roosemberth@posteo.ch>
2020-11-27 23:14:58 +01:00
snicket2100 ffeb2af920 firejail: fixing the 'xdg-dbus-proxy' dependency
xdg-dbus-proxy path is hardcoded in the common.h file in the firejail
source code. if this binary is not found, dbus filtering capabilities
of firejail get limited i.e. you can only entirely disable or entirely
enable dbus communication.
2020-11-22 13:35:09 +01:00
snicket2100 cd1c5633af firejail: 0.9.62 -> 0.9.64 2020-11-08 23:25:59 +01:00
Stig Palmquist 15c53cf0fa
nixos/tests: add test for firejail 2020-08-10 06:54:26 +02:00
Stig Palmquist e15cab8e9c
firejail: add patches to fix CVE-2020-17367 and CVE-2020-17368 2020-08-09 15:08:29 +02:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
snicket2100 a63f6a7d47 firejail: local profile handling fixed
made it possible to place local profiles in `~/.config/firejail`,
as well as in `/etc/firejail`.
2020-03-27 18:34:52 +01:00
snicket2100 a43a5479a5 firejail: updated the homepage address 2020-01-20 23:07:18 +01:00
snicket2100 d914e9d1db firejail: 0.9.60 -> 0.9.62 2020-01-18 11:56:07 +01:00
snicket2100 0778f0aee6 firejail: local profile handling fixed
The sed expression wasn't really catching anything (as local profiles are
included in the provided set of profiles by `include aaa.local` and not by
`include xx/firejail/aaa.local` as the sed expression used to expect).
As a result, it was not possible to create local profiles in any
accessible location. This fix makes it possible to create them in
`/etc/firejail/` which seems pretty standard.
2020-01-11 20:49:48 +01:00
Will Dietz aadd2a6bc7
firejail: 0.9.58.2 -> 0.9.60 2019-05-28 19:22:56 -05:00
R. RyanTM 9944d2e91d firejail: 0.9.58 -> 0.9.58.2
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/firejail/versions
2019-03-01 21:47:37 -08:00
R. RyanTM 0e28f3c318 firejail: 0.9.56 -> 0.9.58
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/firejail/versions
2019-02-06 01:55:03 -08:00
Ivan Kozik 9314c6a563 firejail: disable parallel building
firejail was frequently failing to build on my Hydra machine at -j16, and
the error looked like a typical parallel build problem:

<3>make[1]: Entering directory '/build/firejail-0.9.56/src/fcopy'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"'   -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"'  -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME  -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk   -c main.c -o main.o
<3>gcc  -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fcopy main.o
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fcopy'
<3>make -C src/fldd
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/fldd'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"'   -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"'  -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME  -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk   -c main.c -o main.o
<3>gcc  -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fldd main.o ../lib/ldd_utils.o
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fldd'
<3>make -C src/libpostexecseccomp
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/libpostexecseccomp'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security  -c libpostexecseccomp.c -o libpostexecseccomp.o
<3>gcc -pie -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -o libpostexecseccomp.so libpostexecseccomp.o -ldl
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/libpostexecseccomp'
<3>src/fseccomp/fseccomp default seccomp
<3>src/fsec-optimize/fsec-optimize seccomp
<3>/nix/store/6abyjgibafsbhlc7v7lab50mb3dj81jg-bash-4.4-p23/bin/bash: src/fsec-optimize/fsec-optimize: No such file or directory
<3>make: *** [Makefile:43: filters] Error 127
<3>builder for '/nix/store/30srqmpqrjyr11nhx4jbpr84m9pnmyv5-firejail-0.9.56.drv' failed with exit code 2
2018-12-17 06:41:44 +00:00
c0bw3b 0ea604ac1d Treewide: use https for SourceForge 2018-11-24 19:58:03 +01:00
Peter Hoeg 04bbb2ab6b firejail: override files should be in /etc/firejail 2018-10-03 16:08:39 +08:00
R. RyanTM dd33a9dc0b firejail: 0.9.54 -> 0.9.56
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/firejail/versions
2018-09-20 14:31:57 -07:00
R. RyanTM b1890946af firejail: 0.9.52 -> 0.9.54
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/firejail/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firejail had a zero exit code or showed the expected version
- /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firemon passed the binary check.
- /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54/bin/firecfg passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 2 of 3 passed binary check by having the new version present in output.
- found 0.9.54 with grep in /nix/store/5zjr9idl48c08apan8gh45wh971i49i9-firejail-0.9.54
- directory tree listing: https://gist.github.com/3fb76054296d9e45fea3c47ae6a9f03f
- du listing: https://gist.github.com/a732bad0be0159f527ca4e8c532400ed
2018-05-17 07:32:04 -07:00
adisbladis c2f57b0099
firejail: 0.9.50 -> 0.9.52 2018-01-18 02:24:24 +08:00
adisbladis 0af15f6f45
firejail: 0.9.48 -> 0.9.50 2017-11-06 17:21:03 +08:00
mimadrid 09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Silvan Mosberger f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Johannes Frankenau fcf7b6761b firejail: 0.9.44.10 -> 0.9.48 2017-07-25 14:30:36 +02:00
Will Dietz 707145a955 firejail: don't try to set setuid bit 2017-06-28 14:31:47 -05:00
Michael Raskin c4bdec77a0 firejail: 0.9.44.8 -> 0.9.44.10 2017-04-10 00:14:34 +02:00
Michael Raskin a9e55a2a8e firejail: 0.9.44.4 -> 0.9.44.8 2017-02-01 19:28:45 +01:00
Michael Raskin 9653be493a firejail: 0.9.44.2 -> 0.9.44.4 2017-01-08 13:58:24 +01:00
Michael Raskin 11bfe01846 firejail: 0.9.42 -> 0.9.44.2 2017-01-02 20:18:47 +01:00
Michael Raskin 11bc6ea4ae firejail: 0.9.42-rc1 -> 0.9.42 2016-09-12 13:01:34 +02:00
Michael Raskin b893d84d53 firejail: 0.9.40-rc1 -> 0.9.42-rc1 2016-08-11 17:57:35 +02:00
Michael Raskin 80db55610c firejail: 0.9.38 -> 0.9.40 2016-04-13 14:47:04 +02:00
Michael Raskin 4f45082915 firejail: 0.9.36 -> 0.9.38 2016-02-14 21:17:07 +01:00
Michael Raskin 0f9a361064 firejail: 0.9.26 -> 0.9.36 2016-01-01 12:30:17 +03:00
Tuomas Tynkkynen 91cbd8a3b2 firejail: Fix source URL
This particular sf.net mirror is down.
2015-07-12 21:12:06 +02:00
Michael Raskin c25495bcff Update firejail 2015-05-10 13:36:44 +03:00
Michael Raskin 93bf2f8ba9 Update firejail 2015-04-05 20:27:25 +03:00
Michael Raskin 8fcc960e6e Update firejail 2015-03-09 01:03:01 +03:00
Michael Raskin 5477ccdb7f Update firejail 2015-02-01 18:41:32 +03:00
Michael Raskin 5997e7edfa Firejail: 0.9.16 → 0.9.18 2014-12-21 11:14:25 +03:00
Michael Raskin f3b947bfeb Update Firejail 2014-11-02 23:51:58 +03:00
Michael Raskin e5c90ad374 Update firejail 2014-10-06 02:43:57 +04:00
Michael Raskin ea12fb639b Update Firejail 2014-09-24 13:32:46 +04:00
Michael Raskin bddcee7747 Update Firejail 2014-08-31 18:20:06 +04:00
Michael Raskin fba7d7c4b8 Add Firejail cheap-sandbox-building package 2014-08-18 02:18:33 +04:00