From 94bb78856bb3f953fc79684622a28552d02b9d11 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 25 Sep 2017 09:12:37 -0400
Subject: fix nginx and apache2, possible fix for #1534

---
 etc/disable-common.inc | 3 ++-
 etc/server.profile     | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'etc')

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index abce0fe57..d943950d4 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -120,7 +120,8 @@ blacklist /var/lib/mysql/mysql.sock
 blacklist /var/lib/mysqld/mysql.sock
 blacklist /var/lib/pacman
 blacklist /var/lib/upower
-blacklist /var/log
+# blacklist /var/log - a virtual /var/log directory (mostly empty) is buid up by default for
+#          every sandbox, unless --writeble-var-log switch is activated
 blacklist /var/mail
 blacklist /var/opt
 blacklist /var/run/acpid.socket
diff --git a/etc/server.profile b/etc/server.profile
index edd4666e1..860e0056d 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -13,7 +13,6 @@ blacklist /tmp/.X11-unix
 
 noblacklist /sbin
 noblacklist /usr/sbin
-# noblacklist /var/log
 # noblacklist /var/opt
 
 include /etc/firejail/disable-common.inc
@@ -29,6 +28,8 @@ notv
 novideo
 seccomp
 
+# netfilter /etc/firejail/webserver.net
+
 # disable-mnt
 private
 # private-bin program
-- 
cgit v1.2.3-70-g09d2