diff options
Diffstat (limited to 'src/fbuilder/build_profile.c')
| -rw-r--r-- | src/fbuilder/build_profile.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index ea9e9a4a0..adc00e67b 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
| @@ -131,18 +131,21 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 131 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { | 131 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { |
| 132 | if (fp == stdout) | 132 | if (fp == stdout) |
| 133 | printf("--- Built profile beings after this line ---\n"); | 133 | printf("--- Built profile beings after this line ---\n"); |
| 134 | fprintf(fp, "############################################\n"); | 134 | fprintf(fp, "# Firejail profile for %s\n", argv[index]); |
| 135 | fprintf(fp, "# %s profile\n", argv[index]); | 135 | fprintf(fp, "# Persistent local customizations\n"); |
| 136 | fprintf(fp, "############################################\n"); | 136 | fprintf(fp, "#include %s.local\n", argv[index]); |
| 137 | fprintf(fp, "# Persistent global definitions\n"); | 137 | fprintf(fp, "# Persistent global definitions\n"); |
| 138 | fprintf(fp, "# include /etc/firejail/globals.local\n"); | 138 | fprintf(fp, "#include globals.local\n"); |
| 139 | fprintf(fp, "\n"); | 139 | fprintf(fp, "\n"); |
| 140 | 140 | ||
| 141 | fprintf(fp, "### basic blacklisting\n"); | 141 | fprintf(fp, "### basic blacklisting\n"); |
| 142 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); | 142 | fprintf(fp, "include disable-common.inc\n"); |
| 143 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); | 143 | fprintf(fp, "# include disable-devel.inc\n"); |
| 144 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); | 144 | fprintf(fp, "# include disable-exec.inc\n"); |
| 145 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); | 145 | fprintf(fp, "# include disable-interpreters.inc\n"); |
| 146 | fprintf(fp, "include disable-passwdmgr.inc\n"); | ||
| 147 | fprintf(fp, "# include disable-programs.inc\n"); | ||
| 148 | fprintf(fp, "# include disable-xdg.inc\n"); | ||
| 146 | fprintf(fp, "\n"); | 149 | fprintf(fp, "\n"); |
| 147 | 150 | ||
| 148 | fprintf(fp, "### home directory whitelisting\n"); | 151 | fprintf(fp, "### home directory whitelisting\n"); |
| @@ -150,12 +153,19 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 150 | fprintf(fp, "\n"); | 153 | fprintf(fp, "\n"); |
| 151 | 154 | ||
| 152 | fprintf(fp, "### filesystem\n"); | 155 | fprintf(fp, "### filesystem\n"); |
| 153 | build_tmp(trace_output, fp); | 156 | fprintf(fp, "# /usr/share:\n"); |
| 154 | build_dev(trace_output, fp); | 157 | build_share(trace_output, fp); |
| 155 | build_etc(trace_output, fp); | 158 | fprintf(fp, "# /var:\n"); |
| 156 | build_var(trace_output, fp); | 159 | build_var(trace_output, fp); |
| 160 | fprintf(fp, "\n"); | ||
| 161 | fprintf(fp, "# $PATH:\n"); | ||
| 157 | build_bin(trace_output, fp); | 162 | build_bin(trace_output, fp); |
| 158 | build_share(trace_output, fp); | 163 | fprintf(fp, "# /dev:\n"); |
| 164 | build_dev(trace_output, fp); | ||
| 165 | fprintf(fp, "# /etc:\n"); | ||
| 166 | build_etc(trace_output, fp); | ||
| 167 | fprintf(fp, "# /tmp:\n"); | ||
| 168 | build_tmp(trace_output, fp); | ||
| 159 | fprintf(fp, "\n"); | 169 | fprintf(fp, "\n"); |
| 160 | 170 | ||
| 161 | fprintf(fp, "### security filters\n"); | 171 | fprintf(fp, "### security filters\n"); |