commented out private-etc in firefox profile, fixed whitelisting problems for /srv directory

2 files changed, 5 insertions, 2 deletions

diff --git a/etc/firefox.profile b/etc/firefox.profile
index 80cdb6ab0..551e1aa90 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -76,7 +76,10 @@ tracelog
 # firefox requires a shell to launch on Arch. We can possibly remove sh though.
 # private-bin firefox,which,sh,dbus-launch,dbus-send,env,sh,bash
 private-dev
-private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
+
+# private-etc below works fine on most distributions. There are some problems on CentOS.
+# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
+
 private-tmp
 
 noexec ${HOME}
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 6e766f996..bfc773374 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -413,7 +413,7 @@ void fs_whitelist(void) {
                                 else if (strncmp(new_name, "/opt/", 5) == 0)
                                         opt_dir = 1;
                                 else if (strncmp(new_name, "/srv/", 5) == 0)
-                                        opt_dir = 1;
+                                        srv_dir = 1;
                         }
 
                         entry->data = EMPTY_STRING;