profiles: fix commented code and eol comments

Main changes:

* Remove the space after `#` for commented code lines to distinguish
  them from normal comments
* Use `#` instead of `-` for comments at the end of the line so that
  commented code lines work after being uncommented

Commands used to search and replace:

    arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
      LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
    arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
      LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
    git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \
      sh -c "printf '%s\n' \"\$(sed -E \
        -e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \
        -e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \
        -e 's/^# (whitelist \\$)/#\\1/' \
        -e 's/^(#[^ ].+) --? /\\1 # /' \
        '{}')\" >'{}'"

Commands used to check for leftover entries:

    arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
      LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
    arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
      LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
    git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile*

See also commit 30f9ad908 ("build: improve comments in firecfg.config",
2023-08-05) / PR #5942.

1 files changed, 25 insertions, 25 deletions

diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index 667f9c557..74587c992 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -34,36 +34,36 @@ include globals.local
 noblacklist /sbin
 noblacklist /usr/sbin
 noblacklist /etc/init.d
-# noblacklist /var/opt
+#noblacklist /var/opt
 
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
 
 include disable-common.inc
-# include disable-devel.inc
-# include disable-exec.inc
-# include disable-interpreters.inc
+#include disable-devel.inc
+#include disable-exec.inc
+#include disable-interpreters.inc
 include disable-programs.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
 
-# include whitelist-runuser-common.inc
-# include whitelist-usr-share-common.inc
-# include whitelist-var-common.inc
+#include whitelist-runuser-common.inc
+#include whitelist-usr-share-common.inc
+#include whitelist-var-common.inc
 
 # people use to install servers all over the place!
 # apparmor runs executable only from default system locations
-# apparmor
+#apparmor
 caps
-# ipc-namespace
+#ipc-namespace
 machine-id
-# netfilter /etc/firejail/webserver.net
+#netfilter /etc/firejail/webserver.net
 no3d
 nodvd
-# nogroups
+#nogroups
 noinput
 nonewprivs
-# noroot
+#noroot
 nosound
 notv
 nou2f
@@ -74,22 +74,22 @@ tab # allow tab completion
 
 disable-mnt
 private
-# private-bin program
-# private-cache
+#private-bin program
+#private-cache
 private-dev
 # see /usr/share/doc/firejail/profile.template for more common private-etc paths.
-# private-etc alternatives
-# private-lib
-# private-opt none
+#private-etc alternatives
+#private-lib
+#private-opt none
 private-tmp
-# writable-run-user
-# writable-var
-# writable-var-log
+#writable-run-user
+#writable-var
+#writable-var-log
 
 dbus-user none
-# dbus-system none
+#dbus-system none
 
-# deterministic-shutdown
-# memory-deny-write-execute
-# read-only ${HOME}
-# restrict-namespaces
+#deterministic-shutdown
+#memory-deny-write-execute
+#read-only ${HOME}
+#restrict-namespaces