-
Notifications
You must be signed in to change notification settings - Fork 570
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: firecfg: add firecfg.d & add ignore command #5876
Conversation
A few considerations: Instead of
It only compares up to the first space, so it considers To avoid confusion (if a program name has a space in it for whatever reason), Other than that, I'd say it's fairly straightforward. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might need to make it explicit in release notes that this introduces a dependency on zenity to the firejail package.
The zenity-related code is already there and is only executed if
It was added in the following commits:
This PR only moves such paths to constants; see commit 1f07de8 ("firecfg: |
@kmk3 Thank you for clearing up this zenity situation in such a detailed manner. |
Cool job! If you don't have anything coming, check it in! |
4b29fca
to
208d3fe
Compare
208d3fe
to
2822b51
Compare
Changes: * fix inconsistent indentation/braces * add missing free
Instead of using asprintf + free. Also, use LIBDIR instead of hardcoded "/usr/lib" for fzenity.
As suggested by @WhyNotHugo[1]. [1] netblue30#2097 (comment)
Add ignore command (`!PROGRAM`), as suggested by @WhyNotHugo[1]. It prevents firecfg from creating a symlink for the given program. Also, document the paths used and the config file syntax. Note that `/etc/firejail/firecfg.d/*.conf` files are parsed before /etc/firejail/firecfg.config, so the former can ignore/override any item in the latter. Closes netblue30#2097. [1] netblue30#2097 (comment)
2822b51
to
ef6cfb8
Compare
All merged, thanks! |
Currently it is only used when parsing the configuration files: * /etc/firecfg.d/*.conf * /etc/firecfg.config Use it when searching for profile filenames as well: * ~/.config/firejail/*.profile Relates to netblue30#5876.
Changes: * Export `in_ignorelist` function * Allow only building the ignorelist without setting the symlinks * Rename the functions to reflect the above * Add a function that parses all config files (`parse_config_all`) Also, make sure that `parse_config_all` only parses config files once, even if called multiple times. Relates to netblue30#5876.
Fixes netblue30#5245. Relates to netblue30#5876.
Changes: * Export `in_ignorelist` function * Allow only building the ignorelist without setting the symlinks * Rename the functions to reflect the above * Add a function that parses all config files (`parse_config_all`) Also, make sure that `parse_config_all` only parses config files once, even if called multiple times. Relates to netblue30#5876.
Closes netblue30#5245. Relates to netblue30#5876.
Main changes:
/etc/firejail/firecfg.d/*.conf
files are parsed before/etc/firejail/firecfg.config, so the former can ignore/override any item in the
latter.
!PROGRAM
)It prevents firecfg from creating a symlink for the given program.
Also, document the paths used and the config file syntax.
Suggested by @WhyNotHugo:
Closes #2097.