diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-04 16:46:54 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-05-04 16:46:54 -0400 |
commit | 8988842c1bec4a41c09591e47771bf30247a5539 (patch) | |
tree | 274a62e6959ee23dee1084edb21b3abc6ae9f657 /src/fbuilder/build_profile.c | |
parent | Merge pull request #4209 from davidebeatrici/private-dev-input-support-and-no... (diff) | |
download | firejail-8988842c1bec4a41c09591e47771bf30247a5539.tar.gz firejail-8988842c1bec4a41c09591e47771bf30247a5539.tar.zst firejail-8988842c1bec4a41c09591e47771bf30247a5539.zip |
--build fixes
Diffstat (limited to 'src/fbuilder/build_profile.c')
-rw-r--r-- | src/fbuilder/build_profile.c | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 0c1b57384..100630eb9 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -160,24 +160,21 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
160 | 160 | ||
161 | fprintf(fp, "### home directory whitelisting\n"); | 161 | fprintf(fp, "### home directory whitelisting\n"); |
162 | build_home(trace_output, fp); | 162 | build_home(trace_output, fp); |
163 | fprintf(fp, "\n"); | ||
164 | 163 | ||
165 | fprintf(fp, "### filesystem\n"); | 164 | fprintf(fp, "\n### /usr/share:\n"); |
166 | fprintf(fp, "### /usr/share:\n"); | ||
167 | build_share(trace_output, fp); | 165 | build_share(trace_output, fp); |
168 | fprintf(fp, "### /var:\n"); | 166 | fprintf(fp, "\n### /var:\n"); |
169 | build_var(trace_output, fp); | 167 | build_var(trace_output, fp); |
170 | fprintf(fp, "### /bin:\n"); | 168 | fprintf(fp, "\n### /bin:\n"); |
171 | build_bin(trace_output, fp); | 169 | build_bin(trace_output, fp); |
172 | fprintf(fp, "### /dev:\n"); | 170 | fprintf(fp, "\n### /dev:\n"); |
173 | build_dev(trace_output, fp); | 171 | build_dev(trace_output, fp); |
174 | fprintf(fp, "### /etc:\n"); | 172 | fprintf(fp, "\n### /etc:\n"); |
175 | build_etc(trace_output, fp); | 173 | build_etc(trace_output, fp); |
176 | fprintf(fp, "### /tmp:\n"); | 174 | fprintf(fp, "\n### /tmp:\n"); |
177 | build_tmp(trace_output, fp); | 175 | build_tmp(trace_output, fp); |
178 | fprintf(fp, "\n"); | ||
179 | 176 | ||
180 | fprintf(fp, "### security filters\n"); | 177 | fprintf(fp, "\n### security filters\n"); |
181 | fprintf(fp, "caps.drop all\n"); | 178 | fprintf(fp, "caps.drop all\n"); |
182 | fprintf(fp, "nonewprivs\n"); | 179 | fprintf(fp, "nonewprivs\n"); |
183 | fprintf(fp, "seccomp\n"); | 180 | fprintf(fp, "seccomp\n"); |
@@ -189,13 +186,11 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
189 | fprintf(fp, "# Yama security module prevents creation of a whitelisted seccomp filter\n"); | 186 | fprintf(fp, "# Yama security module prevents creation of a whitelisted seccomp filter\n"); |
190 | else | 187 | else |
191 | build_seccomp(strace_output, fp); | 188 | build_seccomp(strace_output, fp); |
192 | fprintf(fp, "\n"); | ||
193 | 189 | ||
194 | fprintf(fp, "### network\n"); | 190 | fprintf(fp, "\n### network\n"); |
195 | build_protocol(trace_output, fp); | 191 | build_protocol(trace_output, fp); |
196 | fprintf(fp, "\n"); | ||
197 | 192 | ||
198 | fprintf(fp, "### environment\n"); | 193 | fprintf(fp, "\n### environment\n"); |
199 | fprintf(fp, "shell none\n"); | 194 | fprintf(fp, "shell none\n"); |
200 | 195 | ||
201 | if (!arg_debug) { | 196 | if (!arg_debug) { |