4 files changed, 21 insertions, 5 deletions

diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 04c586f79..0a4c8a483 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -212,7 +212,6 @@ static char *usage_str =
         "    --private-srv=file,directory - build a new /srv in a temporary filesystem.\n"
         "    --profile=filename|profile_name - use a custom profile.\n"
         "    --profile.print=name|pid - print the name of profile file.\n"
-        "    --profile-path=directory - use this directory to look for profile files.\n"
         "    --protocol=protocol,protocol,protocol - enable protocol filter.\n"
         "    --protocol.print=name|pid - print the protocol filter.\n"
 #ifdef HAVE_FILE_TRANSFER
diff --git a/src/fnettrace/static-ip-map b/src/fnettrace/static-ip-map
index c630b6688..e310354af 100644
--- a/src/fnettrace/static-ip-map
+++ b/src/fnettrace/static-ip-map
@@ -1586,11 +1586,13 @@
 16.162.0.0/15 Amazon
 16.168.0.0/15 Amazon
 16.170.0.0/15 Amazon
+18.32.0.0/11 Amazon
 18.60.0.0/15 Amazon
-18.64.0.0/14 Amazon
+18.64.0.0/10 Amazon
 18.100.0.0/15 Amazon
 18.102.0.0/16 Amazon
 18.116.0.0/14 Amazon
+18.128.0.0/9 Amazon
 18.130.0.0/16 Amazon
 18.132.0.0/14 Amazon
 18.136.0.0/16 Amazon
diff --git a/src/fseccomp/namespaces.c b/src/fseccomp/namespaces.c
index 3df23dcff..8254b54ef 100644
--- a/src/fseccomp/namespaces.c
+++ b/src/fseccomp/namespaces.c
@@ -133,7 +133,8 @@ void deny_ns(const char *fname, const char *list) {
                 RETURN_ALLOW
 #endif
         };
-        write_to_file(fd, filter, sizeof(filter));
+        if (sizeof(filter))
+                write_to_file(fd, filter, sizeof(filter));
 
         filter_end_blacklist(fd);
 
@@ -188,7 +189,21 @@ void deny_ns_32(const char *fname, const char *list) {
                 RETURN_ALLOW
 #endif
         };
-        write_to_file(fd, filter, sizeof(filter));
+
+        // For Debian 10 and older, the size of the filter[] array will be 0.
+        // The following filter will end up being generated:
+        //
+        //     FILE: /run/firejail/mnt/seccomp/seccomp.namespaces.32
+        //       line OP JT JF K
+        //     =================================
+        //       0000: 20 00 00 00000004 ld data.architecture
+        //       0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002)
+        //       0002: 06 00 00 7fff0000 ret ALLOW
+        //       0003: 20 00 00 00000000 ld data.syscall-number
+        //       0004: 06 00 00 7fff0000 ret ALLOW
+        //
+        if (sizeof(filter))
+                write_to_file(fd, filter, sizeof(filter));
 
         filter_end_blacklist(fd);
 
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 39c81312c..e5020e37e 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -3064,7 +3064,7 @@ Example:
 .br
 $ firejail \-\-noprofile \-\-whitelist=~/.mozilla
 .br
-$ firejail \-\-whitelist=/tmp/.X11-unix --whitelist=/dev/null
+$ firejail \-\-whitelist=/tmp/.X11-unix \-\-whitelist=/dev/null
 .br
 $ firejail "\-\-whitelist=/home/username/My Virtual Machines"
 .br