various fixes

9 files changed, 37 insertions, 6 deletions

diff --git a/README b/README
index c242faa85..aaf05e673 100644
--- a/README
+++ b/README
@@ -100,6 +100,7 @@ avoidr (https://github.com/avoidr)
         - hostname support in profile file
         - Google Chrome profile rework
         - added cmus profile
+        - man page fixes
 Bruno Nova (https://github.com/brunonova)
         - whitelist fix
         - bash arguments fix
diff --git a/etc/cmus.profile b/etc/cmus.profile
index bfefd3100..72b43a70f 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -15,4 +15,3 @@ noroot
 private-bin cmus
 private-etc group
 shell none
-noroot
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 660085194..89064d816 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -4,6 +4,7 @@ blacklist ${HOME}/.remmina
 blacklist ${HOME}/.tconn
 blacklist ${HOME}/.FBReader
 blacklist ${HOME}/.wine
+blacklist ${HOME}/.config/cmus
 
 # HTTP / FTP / Mail
 blacklist ${HOME}/.icedove
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 0269ff585..a66e10e0f 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1268,8 +1268,8 @@ int main(int argc, char **argv) {
                                 fprintf(stderr, "Error: invalid private-bin option\n");
                                 exit(1);
                         }
-                        fs_check_bin_list();
                         arg_private_bin = 1;
+                        fs_check_bin_list();
                 }
                 else if (strcmp(argv[i], "--private-tmp") == 0) {
                         arg_private_tmp = 1;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index d7ea4a550..d2894d463 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -385,8 +385,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
         // private /bin list of files
         if (strncmp(ptr, "private-bin ", 12) == 0) {
                 cfg.bin_private_keep = ptr + 12;
-                fs_check_bin_list();
                 arg_private_bin = 1;
+                fs_check_bin_list();
                 return 0;
         }
 
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 732ebf27e..ccddeb888 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -227,8 +227,14 @@ static void start_application(void) {
                         }
                 }
 
+                if (cfg.original_program_index == 0) {
+                        fprintf(stderr, "Error: --shell=none configured, but no program specified\n");
+                        exit(1);
+                }
+
                 if (!arg_command && !arg_quiet)
                         printf("Child process initialized\n");
+
                 execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);
         }
         //****************************************
diff --git a/test/firefox-x11.exp b/test/firefox-x11.exp
index c82408896..8bc7fbd25 100755
--- a/test/firefox-x11.exp
+++ b/test/firefox-x11.exp
@@ -4,7 +4,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-send -- "firejail --name=test --x11 --net=br0 firefox www.gentoo.org\r"
+send -- "firejail --name=test --x11 --net=br0 firefox -no-remote www.gentoo.org\r"
 sleep 10
 
 spawn $env(SHELL)
@@ -18,6 +18,10 @@ expect {
         "firefox" {puts "firefox detected\n";}
         "iceweasel" {puts "iceweasel detected\n";}
 }
+expect {
+        timeout {puts "TESTING ERROR 3.2\n";exit}
+        "no-remote"
+}
 sleep 1
 send -- "firejail --name=blablabla\r"
 expect {
@@ -34,6 +38,10 @@ expect {
         " iceweasel" {puts "iceweasel detected\n";}
 }
 expect {
+        timeout {puts "TESTING ERROR 5.0\n";exit}
+        "no-remote"
+}
+expect {
         timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
         "Seccomp:       2"
 }
@@ -49,6 +57,10 @@ expect {
         " iceweasel" {puts "iceweasel detected\n";}
 }
 expect {
+        timeout {puts "TESTING ERROR 6.0\n";exit}
+        "no-remote"
+}
+expect {
         timeout {puts "TESTING ERROR 6.1\n";exit}
         "CapBnd:"
 }
diff --git a/test/firefox.exp b/test/firefox.exp
index c2e64e04f..d531cf977 100755
--- a/test/firefox.exp
+++ b/test/firefox.exp
@@ -4,7 +4,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-send -- "firejail firefox www.gentoo.org\r"
+send -- "firejail firefox -no-remote www.gentoo.org\r"
 expect {
         timeout {puts "TESTING ERROR 0\n";exit}
         "Reading profile /etc/firejail/firefox.profile"
@@ -26,6 +26,10 @@ expect {
         "firefox" {puts "firefox detected\n";}
         "iceweasel" {puts "iceweasel detected\n";}
 }
+expect {
+        timeout {puts "TESTING ERROR 3.2\n";exit}
+        "no-remote"
+}
 sleep 1
 send -- "firejail --name=blablabla\r"
 expect {
@@ -42,6 +46,10 @@ expect {
         " iceweasel" {puts "iceweasel detected\n";}
 }
 expect {
+        timeout {puts "TESTING ERROR 5.0\n";exit}
+        "no-remote"
+}
+expect {
         timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
         "Seccomp:       2"
 }
@@ -57,6 +65,10 @@ expect {
         " iceweasel" {puts "iceweasel detected\n";}
 }
 expect {
+        timeout {puts "TESTING ERROR 6.0\n";exit}
+        "no-remote"
+}
+expect {
         timeout {puts "TESTING ERROR 6.1\n";exit}
         "CapBnd:"
 }
diff --git a/test/test-profile.exp b/test/test-profile.exp
index 89fe9c10a..a03e8db31 100755
--- a/test/test-profile.exp
+++ b/test/test-profile.exp
@@ -10,7 +10,7 @@ if { $argc != 1 } {
         exit
 }
 
-send -- "firejail --profile=$argv\r"
+send -- "firejail --profile=$argv /bin/bash\r"
 expect {
         timeout {puts "TESTING ERROR 0\n";exit}
         "Child process initialized"