From e09724f53dad4dce14966f746bc18ce359133e51 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Tue, 21 Apr 2020 19:59:08 +0200
Subject: update --build

The profile generated by --build are quite outdated. There are still a
lot of things left to do.

 - fix #2150 (whitelist-common.inc is still opened from /etc/firejail)
 - include wusc and wvc (todo: remove whitelists in wusc/wvc from the
   generated profile.)
 - fix parsing wc / use ${HOME} macro instead of ~
 - update profile headers
 - include all disable includes (mustly commented) in the output
 - reorder the filesystem section
---
 src/fbuilder/build_fs.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'src/fbuilder/build_fs.c')

diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index b08afb939..1b8231033 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -165,10 +165,12 @@ void build_var(const char *fname, FILE *fp) {
 
 	process_files(fname, "/var", var_callback);
 
-	if (var_out == NULL)
+	if (var_out == NULL) {
 		fprintf(fp, "blacklist /var\n");
-	else
+	} else {
 		filedb_print(var_out, "whitelist ", fp);
+		fprintf(fp, "include whitelist-var-common.inc\n");
+	}
 }
 
 
@@ -202,10 +204,12 @@ void build_share(const char *fname, FILE *fp) {
 
 	process_files(fname, "/usr/share", share_callback);
 
-	if (share_out == NULL)
+	if (share_out == NULL) {
 		fprintf(fp, "blacklist /usr/share\n");
-	else
+	} else {
 		filedb_print(share_out, "whitelist ", fp);
+		fprintf(fp, "include whitelist-usr-share-common.inc\n");
+	}
 }
 
 //*******************************************
-- 
cgit v1.2.3-70-g09d2