4 files changed, 24 insertions, 10 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 17e5a8140..9bff960cb 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -966,8 +966,15 @@ static void run_builder(int argc, char **argv) {
         exit(1);
 }
 
-void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) {}
+void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) {
+        (void) fd;
+        (void) syscall;
+        (void) arg;
+        (void) ptrarg;
+        (void) native;
+}
 
+#ifdef HAVE_SECCOMP
 static int check_postexec(const char *list) {
         char *prelist, *postlist;
 
@@ -978,6 +985,7 @@ static int check_postexec(const char *list) {
         }
         return 0;
 }
+#endif
 
 //*******************************************
 // Main program
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index b0a48591e..612ece85d 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -324,14 +324,12 @@ int seccomp_filter_keep(bool native) {
         if (arg_debug)
                 printf("Build keep seccomp filter\n");
 
-        const char *command, *filter, *postexec_filter, *list;
+        const char *filter, *postexec_filter, *list;
         if (native) {
-                command = "keep";
                 filter = RUN_SECCOMP_CFG;
                 postexec_filter = RUN_SECCOMP_POSTEXEC;
                 list = cfg.seccomp_list_keep;
         } else {
-                command = "keep32";
                 filter = RUN_SECCOMP_32;
                 postexec_filter = RUN_SECCOMP_POSTEXEC_32;
                 list = cfg.seccomp_list_keep32;
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index 7bb4fd0cd..8b7c68434 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -25,7 +25,13 @@ static void usage(void) {
 }
 
 int arg_quiet = 0;
-void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) {}
+void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) {
+        (void) fd;
+        (void) syscall;
+        (void) arg;
+        (void) ptrarg;
+        (void) native;
+}
 
 int main(int argc, char **argv) {
 #if 0
diff --git a/src/profstats/main.c b/src/profstats/main.c
index ac02c69bc..29acdc7bd 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -68,9 +68,9 @@ static void usage(void) {
         printf("   --private-dev - print profiles without private-dev\n");
         printf("   --private-tmp - print profiles without private-tmp\n");
         printf("   --seccomp - print profiles without seccomp\n");
-        printf("   --memory-deny-write-execute - profile without it\n");
+        printf("   --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
         printf("   --whitelist-var - print profiles without \"include whitelist-var-common.inc\"\n");
-        printf("   --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\"\n");
+        printf("   --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\" or \"blacklist ${RUNUSER}\"\n");
         printf("   --whitelist-usrshare - print profiles without \"include whitelist-usr-share-common.inc\"\n");
         printf("   --debug\n");
         printf("\n");
@@ -111,9 +111,10 @@ void process_file(const char *fname) {
                         cnt_noexec++;
                 else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0)
                         cnt_whitelistvar++;
-                else if (strncmp(ptr, "include whitelist-runuser-common.inc", 32) == 0)
+                else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 ||
+                        strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0)
                         cnt_whitelistrunuser++;
-                else if (strncmp(ptr, "include whitelist-usr-share-common.inc", 32) == 0)
+                else if (strncmp(ptr, "include whitelist-usr-share-common.inc", 38) == 0)
                         cnt_whitelistusrshare++;
                 else if (strncmp(ptr, "include disable-common.inc", 26) == 0)
                         cnt_ssh++;
@@ -271,7 +272,8 @@ int main(int argc, char **argv) {
         printf("    private-tmp\t\t\t%d\n", cnt_privatetmp);
         printf("    whitelist var\t\t%d   (include whitelist-var-common.inc)\n", cnt_whitelistvar);
         printf("    whitelist run/user\t\t%d   (include whitelist-runuser-common.inc)\n", cnt_whitelistrunuser);
-        printf("    whitelist usr/share\t\t%d   (include whitelist-usr-share-common.inc)\n", cnt_whitelistusrshare);
+        printf("    whitelist usr/share\t\t%d   (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare);
+        printf("\t\t\t\t\tor blacklist ${RUNUSER})\n");
         printf("    net none\t\t\t%d\n", cnt_netnone);
         printf("\n");
         return 0;