support allow-private-blacklist in profile files

2 files changed, 5 insertions, 1 deletions

diff --git a/RELNOTES b/RELNOTES
index 90e65f973..e7999f13a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -19,7 +19,7 @@ firejail (0.9.45) baseline; urgency=low
   * feature: private /opt directory (--private-opt, profile support)
   * feature: private /srv directory (--private-srv, profile support)
   * feature: spoof machine-id (--machine-id, profile support)
-  * feature: allow blacklists under --private (--allow-private-blacklist) - more work to come
+  * feature: allow blacklists under --private (--allow-private-blacklist)
   * feature: user-defined /etc/hosts file (--hosts-file, profile support)
   * feature: config support for firejail prompt in terminals
   * feature: AppImage type 2 support
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 2d49b60c0..d188f97a8 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -215,6 +215,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 arg_no3d = 1;
                 return 0;
         }
+        else if (strcmp(ptr, "allow-private-blacklist") == 0) {
+                arg_allow_private_blacklist = 1;
+                return 0;
+        }       
         else if (strcmp(ptr, "netfilter") == 0) {
 #ifdef HAVE_NETWORK
                 if (checkcfg(CFG_NETWORK))