From eb01b2602cc57f4bc4587ca1fc4fa69ebd8761bd Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Thu, 24 Nov 2016 08:36:30 -0500
Subject: ssh fix

---
 etc/disable-common.inc | 3 ---
 etc/ssh-agent.profile  | 1 +
 etc/ssh.profile        | 1 +
 src/firejail/fs.c      | 9 +++++++--
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 0dad8b385..f18b0d396 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -165,9 +165,6 @@ blacklist ${PATH}/newgrp
 blacklist ${PATH}/newuidmap
 blacklist ${PATH}/pkexec
 blacklist ${PATH}/sg
-blacklist ${PATH}/rsh
-blacklist ${PATH}/rlogin
-blacklist ${PATH}/rcp
 blacklist ${PATH}/crontab
 blacklist ${PATH}/ksu
 blacklist ${PATH}/chsh
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index 485bd8f3b..548ede37d 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -2,6 +2,7 @@
 quiet
 noblacklist ~/.ssh
 noblacklist /tmp/ssh-*
+noblacklist /etc/ssh
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
diff --git a/etc/ssh.profile b/etc/ssh.profile
index d3558ead3..b7a8ed2b9 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -2,6 +2,7 @@
 quiet
 noblacklist ~/.ssh
 noblacklist /tmp/ssh-*
+noblacklist /etc/ssh
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 8c776bad5..6f9b5a60c 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -111,8 +111,12 @@ static void disable_file(OPERATION op, const char *filename) {
 				fprintf(stderr, "Warning: %s directory link was not blacklisted\n", filename);
 		}
 		else {
-			if (arg_debug)
-				printf("Disable %s\n", fname);
+			if (arg_debug) {
+				if (strcmp(filename, fname))
+					printf("Disable %s (requesterd %s)\n", fname, filename);
+				else
+					printf("Disable %s\n", fname);
+			}
 			else if (arg_debug_blacklists) {
 				printf("Disable %s", fname);
 				if (op == BLACKLIST_FILE)
@@ -120,6 +124,7 @@ static void disable_file(OPERATION op, const char *filename) {
 				else
 					printf(" - no logging\n");
 			}
+			
 			if (S_ISDIR(s.st_mode)) {
 				if (mount(RUN_RO_DIR, fname, "none", MS_BIND, "mode=400,gid=0") < 0)
 					errExit("disable file");
-- 
cgit v1.2.3-70-g09d2