8 files changed, 18 insertions, 20 deletions

diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 60e414755..f46fdea35 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -230,6 +230,7 @@ wire
 wireshark
 xchat
 xed
+Xephyr
 xfburn
 xfce4-dict
 xfce4-notes
@@ -239,6 +240,7 @@ xonotic-glx
 xonotic-sdl
 xpdf
 xplayer
+xpra
 xreader
 xviewer
 youtube-dl
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 9e5c31c32..86ca422ae 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2174,7 +2174,7 @@ int main(int argc, char **argv) {
         
         // prog_index could still be -1 if no program was specified
         if (prog_index == -1 && arg_shell_none) {
-                fprintf(stderr, "shell=none configured, but no program specified\n");
+                fprintf(stderr, "Error: shell=none configured, but no program specified\n");
                 exit(1);
         }
 
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 9221aaa99..05f5abe2a 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -230,8 +230,5 @@ void run_no_sandbox(int argc, char **argv) {
 
         arg_quiet = 1;
 
-  // we don't want to run a shell, otherwise it will be recursively
-  arg_shell_none = 1;
-
         start_application();
 }
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index c515accc0..9ae2aa5b4 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1089,12 +1089,8 @@ void profile_read(const char *fname) {
         }
 
         // check file
-        if (strlen(fname) == 0) {
-                fprintf(stderr, "Error: invalid profile file\n");
-                exit(1);
-        }
         invalid_filename(fname);
-        if (is_dir(fname) || is_link(fname) || strstr(fname, "..")) {
+        if (strlen(fname) == 0 || is_dir(fname)) {
                 fprintf(stderr, "Error: invalid profile file\n");
                 exit(1);
         }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index d8880b924..3ff104d26 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -43,7 +43,7 @@
 #ifdef HAVE_APPARMOR
 #include <sys/apparmor.h>
 #endif
-
+#include <syscall.h>
 
 static int monitored_pid = 0;
 static void sandbox_handler(int sig){
@@ -907,7 +907,7 @@ int sandbox(void* sandbox_arg) {
         // set seccomp //todo: push it down after drop_privs and/or configuring noroot
 #ifdef HAVE_SECCOMP
         // install protocol filter
-#ifdef SYS_SOCKET
+#ifdef SYS_socket
         if (cfg.protocol) {
                 if (arg_debug)
                         printf("Install protocol filter: %s\n", cfg.protocol);
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 0f7ea56b6..f1d45adef 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -568,6 +568,7 @@ void x11_start_xephyr(int argc, char **argv) {
                 (void) rv;
         }
 
+        assert(display_str);
         setenv("DISPLAY", display_str, 1);
         // run attach command
         jail = fork();
@@ -785,6 +786,7 @@ void x11_start_xpra(int argc, char **argv) {
                 _exit(1);
         }
 
+        assert(display_str);
         setenv("DISPLAY", display_str, 1);
 
         // build jail command
@@ -798,7 +800,7 @@ void x11_start_xpra(int argc, char **argv) {
         }
         firejail_argv[pos] = NULL;
 
-        assert(pos < (argc+2));
+        assert((int) pos < (argc+2));
         assert(!firejail_argv[pos]);
 
         // start jail
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c
index 57ce2f8e0..4a0fadb3c 100644
--- a/src/fseccomp/protocol.c
+++ b/src/fseccomp/protocol.c
@@ -60,6 +60,7 @@ static char *protocol[] = {
         NULL
 };
 
+#ifdef SYS_socket
 static struct sock_filter protocol_filter_command[] = {
         WHITELIST(AF_UNIX),
         WHITELIST(AF_INET),
@@ -67,6 +68,7 @@ static struct sock_filter protocol_filter_command[] = {
         WHITELIST(AF_NETLINK),
         WHITELIST(AF_PACKET)
 };
+#endif
 // Note: protocol[] and protocol_filter_command are synchronized
 
 // command length
@@ -75,6 +77,7 @@ struct sock_filter whitelist[] = {
 };
 unsigned whitelist_len = sizeof(whitelist) / sizeof(struct sock_filter);
 
+#ifdef SYS_socket
 static struct sock_filter *find_protocol_domain(const char *p) {
         int i = 0;
         while (protocol[i] != NULL) {
@@ -85,7 +88,7 @@ static struct sock_filter *find_protocol_domain(const char *p) {
 
         return NULL;
 }       
-
+#endif
 
 void protocol_print(void) {
 #ifndef SYS_socket
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt
index 979d4fc06..55b60dcac 100644
--- a/src/man/firecfg.txt
+++ b/src/man/firecfg.txt
@@ -20,16 +20,14 @@ The integration covers:
 .br
 
 .br
-- programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE, MATE and XFCE
+- programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE
 desktop managers are supported in this moment
 .RE
 
-This brings us as very close to full desktop integration.
-
-To set it up, run "sudo firecfg" after installing
-Firejail software, and logout/login for the integration to take effect. "sudo firecfg" should also be run after
-you install new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin
-will be created. For a list of programs supported by default run "ls /etc/firejail".
+To set it up, run "sudo firecfg" after installing Firejail software.
+The same command should also be run after
+installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin
+will be created. For a full list of programs supported by default run "cat /usr/lib/firejail/firecfg.config".
 
 For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR.