aboutsummaryrefslogtreecommitdiffstats
path: root/src/fbuilder/build_profile.c
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2021-05-04 16:46:54 -0400
committerLibravatar netblue30 <netblue30@protonmail.com>2021-05-04 16:46:54 -0400
commit8988842c1bec4a41c09591e47771bf30247a5539 (patch)
tree274a62e6959ee23dee1084edb21b3abc6ae9f657 /src/fbuilder/build_profile.c
parentMerge pull request #4209 from davidebeatrici/private-dev-input-support-and-no... (diff)
downloadfirejail-8988842c1bec4a41c09591e47771bf30247a5539.tar.gz
firejail-8988842c1bec4a41c09591e47771bf30247a5539.tar.zst
firejail-8988842c1bec4a41c09591e47771bf30247a5539.zip
--build fixes
Diffstat (limited to 'src/fbuilder/build_profile.c')
-rw-r--r--src/fbuilder/build_profile.c23
1 files changed, 9 insertions, 14 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
index 0c1b57384..100630eb9 100644
--- a/src/fbuilder/build_profile.c
+++ b/src/fbuilder/build_profile.c
@@ -160,24 +160,21 @@ void build_profile(int argc, char **argv, int index, FILE *fp) {
160 160
161 fprintf(fp, "### home directory whitelisting\n"); 161 fprintf(fp, "### home directory whitelisting\n");
162 build_home(trace_output, fp); 162 build_home(trace_output, fp);
163 fprintf(fp, "\n");
164 163
165 fprintf(fp, "### filesystem\n"); 164 fprintf(fp, "\n### /usr/share:\n");
166 fprintf(fp, "### /usr/share:\n");
167 build_share(trace_output, fp); 165 build_share(trace_output, fp);
168 fprintf(fp, "### /var:\n"); 166 fprintf(fp, "\n### /var:\n");
169 build_var(trace_output, fp); 167 build_var(trace_output, fp);
170 fprintf(fp, "### /bin:\n"); 168 fprintf(fp, "\n### /bin:\n");
171 build_bin(trace_output, fp); 169 build_bin(trace_output, fp);
172 fprintf(fp, "### /dev:\n"); 170 fprintf(fp, "\n### /dev:\n");
173 build_dev(trace_output, fp); 171 build_dev(trace_output, fp);
174 fprintf(fp, "### /etc:\n"); 172 fprintf(fp, "\n### /etc:\n");
175 build_etc(trace_output, fp); 173 build_etc(trace_output, fp);
176 fprintf(fp, "### /tmp:\n"); 174 fprintf(fp, "\n### /tmp:\n");
177 build_tmp(trace_output, fp); 175 build_tmp(trace_output, fp);
178 fprintf(fp, "\n");
179 176
180 fprintf(fp, "### security filters\n"); 177 fprintf(fp, "\n### security filters\n");
181 fprintf(fp, "caps.drop all\n"); 178 fprintf(fp, "caps.drop all\n");
182 fprintf(fp, "nonewprivs\n"); 179 fprintf(fp, "nonewprivs\n");
183 fprintf(fp, "seccomp\n"); 180 fprintf(fp, "seccomp\n");
@@ -189,13 +186,11 @@ void build_profile(int argc, char **argv, int index, FILE *fp) {
189 fprintf(fp, "# Yama security module prevents creation of a whitelisted seccomp filter\n"); 186 fprintf(fp, "# Yama security module prevents creation of a whitelisted seccomp filter\n");
190 else 187 else
191 build_seccomp(strace_output, fp); 188 build_seccomp(strace_output, fp);
192 fprintf(fp, "\n");
193 189
194 fprintf(fp, "### network\n"); 190 fprintf(fp, "\n### network\n");
195 build_protocol(trace_output, fp); 191 build_protocol(trace_output, fp);
196 fprintf(fp, "\n");
197 192
198 fprintf(fp, "### environment\n"); 193 fprintf(fp, "\n### environment\n");
199 fprintf(fp, "shell none\n"); 194 fprintf(fp, "shell none\n");
200 195
201 if (!arg_debug) { 196 if (!arg_debug) {
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 23:35:06 +0000