diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-04-21 19:59:08 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-04-21 20:07:48 +0200 |
commit | e09724f53dad4dce14966f746bc18ce359133e51 (patch) | |
tree | d5c507880b5451b569895722385169e151666d21 /src/fbuilder/build_fs.c | |
parent | update issue template + add ICEauthority to wruc (diff) | |
download | firejail-e09724f53dad4dce14966f746bc18ce359133e51.tar.gz firejail-e09724f53dad4dce14966f746bc18ce359133e51.tar.zst firejail-e09724f53dad4dce14966f746bc18ce359133e51.zip |
update --build
The profile generated by --build are quite outdated. There are still a
lot of things left to do.
- fix #2150 (whitelist-common.inc is still opened from /etc/firejail)
- include wusc and wvc (todo: remove whitelists in wusc/wvc from the
generated profile.)
- fix parsing wc / use ${HOME} macro instead of ~
- update profile headers
- include all disable includes (mustly commented) in the output
- reorder the filesystem section
Diffstat (limited to 'src/fbuilder/build_fs.c')
-rw-r--r-- | src/fbuilder/build_fs.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index b08afb939..1b8231033 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -165,10 +165,12 @@ void build_var(const char *fname, FILE *fp) { | |||
165 | 165 | ||
166 | process_files(fname, "/var", var_callback); | 166 | process_files(fname, "/var", var_callback); |
167 | 167 | ||
168 | if (var_out == NULL) | 168 | if (var_out == NULL) { |
169 | fprintf(fp, "blacklist /var\n"); | 169 | fprintf(fp, "blacklist /var\n"); |
170 | else | 170 | } else { |
171 | filedb_print(var_out, "whitelist ", fp); | 171 | filedb_print(var_out, "whitelist ", fp); |
172 | fprintf(fp, "include whitelist-var-common.inc\n"); | ||
173 | } | ||
172 | } | 174 | } |
173 | 175 | ||
174 | 176 | ||
@@ -202,10 +204,12 @@ void build_share(const char *fname, FILE *fp) { | |||
202 | 204 | ||
203 | process_files(fname, "/usr/share", share_callback); | 205 | process_files(fname, "/usr/share", share_callback); |
204 | 206 | ||
205 | if (share_out == NULL) | 207 | if (share_out == NULL) { |
206 | fprintf(fp, "blacklist /usr/share\n"); | 208 | fprintf(fp, "blacklist /usr/share\n"); |
207 | else | 209 | } else { |
208 | filedb_print(share_out, "whitelist ", fp); | 210 | filedb_print(share_out, "whitelist ", fp); |
211 | fprintf(fp, "include whitelist-usr-share-common.inc\n"); | ||
212 | } | ||
209 | } | 213 | } |
210 | 214 | ||
211 | //******************************************* | 215 | //******************************************* |