diff options
Diffstat (limited to 'src/fbuilder')
-rw-r--r-- | src/fbuilder/build_fs.c | 1 | ||||
-rw-r--r-- | src/fbuilder/build_profile.c | 5 | ||||
-rw-r--r-- | src/fbuilder/build_seccomp.c | 2 |
3 files changed, 5 insertions, 3 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 4766337ff..d3bf247f1 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -286,6 +286,7 @@ static char *dev_skip[] = { | |||
286 | "/dev/pts", | 286 | "/dev/pts", |
287 | "/dev/ptmx", | 287 | "/dev/ptmx", |
288 | "/dev/log", | 288 | "/dev/log", |
289 | "/dev/shm", | ||
289 | 290 | ||
290 | "/dev/aload", // old ALSA devices, not covered in private-dev | 291 | "/dev/aload", // old ALSA devices, not covered in private-dev |
291 | "/dev/dsp", // old OSS device, deprecated | 292 | "/dev/dsp", // old OSS device, deprecated |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 941f43562..f3115646a 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -30,7 +30,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
30 | exit(1); | 30 | exit(1); |
31 | } | 31 | } |
32 | 32 | ||
33 | char trace_output[] = "/tmp/firejail-trace.XXXXXX"; | 33 | char trace_output[] = TRACE_OUTPUT; |
34 | int tfile = mkstemp(trace_output); | 34 | int tfile = mkstemp(trace_output); |
35 | if(tfile == -1) | 35 | if(tfile == -1) |
36 | errExit("mkstemp"); | 36 | errExit("mkstemp"); |
@@ -147,7 +147,8 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
147 | fprintf(fp, "\n"); | 147 | fprintf(fp, "\n"); |
148 | 148 | ||
149 | fprintf(fp, "#disable-mnt\t# no access to /mnt, /media, /run/mount and /run/media\n"); | 149 | fprintf(fp, "#disable-mnt\t# no access to /mnt, /media, /run/mount and /run/media\n"); |
150 | build_bin(trace_output, fp); | 150 | if (!arg_appimage) |
151 | build_bin(trace_output, fp); | ||
151 | fprintf(fp, "#private-cache\t# run with an empty ~/.cache directory\n"); | 152 | fprintf(fp, "#private-cache\t# run with an empty ~/.cache directory\n"); |
152 | build_dev(trace_output, fp); | 153 | build_dev(trace_output, fp); |
153 | build_etc(trace_output, fp); | 154 | build_etc(trace_output, fp); |
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c index 7b4727e1a..b772de45f 100644 --- a/src/fbuilder/build_seccomp.c +++ b/src/fbuilder/build_seccomp.c | |||
@@ -190,7 +190,7 @@ void build_protocol(const char *fname, FILE *fp) { | |||
190 | if (net == 0) | 190 | if (net == 0) |
191 | fprintf(fp, "net none\n"); | 191 | fprintf(fp, "net none\n"); |
192 | else { | 192 | else { |
193 | fprintf(fp, "# net eth0\n"); | 193 | fprintf(fp, "#net eth0\n"); |
194 | fprintf(fp, "netfilter\n"); | 194 | fprintf(fp, "netfilter\n"); |
195 | } | 195 | } |
196 | } | 196 | } |