fbuilder tweaks

3 files changed, 5 insertions, 3 deletions

diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index 4766337ff..d3bf247f1 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -286,6 +286,7 @@ static char *dev_skip[] = {
         "/dev/pts",
         "/dev/ptmx",
         "/dev/log",
+        "/dev/shm",
 
         "/dev/aload",   // old ALSA devices, not covered in private-dev
         "/dev/dsp",             // old OSS device, deprecated
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
index 941f43562..f3115646a 100644
--- a/src/fbuilder/build_profile.c
+++ b/src/fbuilder/build_profile.c
@@ -30,7 +30,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) {
                 exit(1);
         }
 
-        char trace_output[] = "/tmp/firejail-trace.XXXXXX";
+        char trace_output[] = TRACE_OUTPUT;
         int tfile = mkstemp(trace_output);
         if(tfile == -1)
                 errExit("mkstemp");
@@ -147,7 +147,8 @@ void build_profile(int argc, char **argv, int index, FILE *fp) {
                 fprintf(fp, "\n");
 
                 fprintf(fp, "#disable-mnt\t# no access to /mnt, /media, /run/mount and /run/media\n");
-                build_bin(trace_output, fp);
+                if (!arg_appimage)
+                        build_bin(trace_output, fp);
                 fprintf(fp, "#private-cache\t# run with an empty ~/.cache directory\n");
                 build_dev(trace_output, fp);
                 build_etc(trace_output, fp);
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c
index 7b4727e1a..b772de45f 100644
--- a/src/fbuilder/build_seccomp.c
+++ b/src/fbuilder/build_seccomp.c
@@ -190,7 +190,7 @@ void build_protocol(const char *fname, FILE *fp) {
         if (net == 0)
                 fprintf(fp, "net none\n");
         else {
-                fprintf(fp, "# net eth0\n");
+                fprintf(fp, "#net eth0\n");
                 fprintf(fp, "netfilter\n");
         }
 }