7 files changed, 9 insertions, 5 deletions

diff --git a/README b/README
index f6bc037c4..3af0c8756 100644
--- a/README
+++ b/README
@@ -660,6 +660,7 @@ veloute (https://github.com/veloute)
         - added standardnotes profile
         - added flameshot profile
         - added jdownloader profile
+        - fixed discord profile
 Vincent43 (https://github.com/Vincent43)
         - apparmor enhancements
 vismir2 (https://github.com/vismir2)
diff --git a/configure b/configure
index 1efa588a5..a7ef3a392 100755
--- a/configure
+++ b/configure
@@ -3832,7 +3832,7 @@ fi
 
 # set sysconfdir
 if test "$prefix" = /usr; then
-        sysconfdir="/etc"
+        test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc"
 fi
 
 ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile"
diff --git a/configure.ac b/configure.ac
index f01bf2199..d1b827fef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -183,7 +183,7 @@ AC_SUBST(HAVE_SECCOMP_H)
 
 # set sysconfdir
 if test "$prefix" = /usr; then
-        sysconfdir="/etc"
+        test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc"
 fi
 
 AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index b835ce401..babef37b1 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -26,7 +26,7 @@ seccomp
 
 private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh
 private-dev
-private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies
+private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf
 private-tmp
 
 noexec ${HOME}
diff --git a/etc/evince.profile b/etc/evince.profile
index 2ade9c6f6..ea46ccc40 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -40,7 +40,7 @@ private-bin evince,evince-previewer,evince-thumbnailer
 private-dev
 private-etc fonts
 
-private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*
+private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv
 
 private-tmp
 
diff --git a/etc/firejail-default b/etc/firejail-default
index c4107270c..88bf9aa44 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -47,6 +47,9 @@ owner /{,run/firejail/mnt/oroot/}{,var/}run/user/[0-9]*/orcexec.* w,
 
 owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w,
 
+# Allow writing to removable media
+owner /{,var/}run/media/** w,
+
 # Allow logging Firejail blacklist violations to journal
 /{,var/}run/systemd/journal/socket w,
 /{,var/}run/systemd/journal/dev-log w,
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 2d4640430..6dd4a7e2d 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -430,7 +430,7 @@ void fs_whitelist(void) {
 
                         // if 1 the file was not found; mount an empty directory
                         if (!nowhitelist_flag) {
-                                if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) {
+                                if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') {
                                         if(!arg_private)
                                                 home_dir = 1;
                                 }