Revert "allow/deny fbuilder"

This reverts commit 4438f14.

Also, partially revert related commit e4307b4 ("fix whitelist/allow in
make test-utils") to keep the tests working.

The profiles are being generated using aliases, which are not used on
the profiles in the repository.  So generate them using the normal
commands for consistency.  See also commit dd13595 ("Revert
"allow/deny help and man pages"") / PR netblue30#4502.

Relates to netblue30#4410.

Misc: I noticed this on issue netblue30#4592.

src/fbuilder/build_fs.c

@@ -182,12 +182,12 @@ static void var_callback(char *ptr) {
 void build_var(const char *fname, FILE *fp) {
 	assert(fname);
 
-	var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "allow /var/");
+	var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/");
 	process_files(fname, "/var", var_callback);
 
 	// always whitelist /var
 	if (var_out)
-		filedb_print(var_out, "allow /var/", fp);
+		filedb_print(var_out, "whitelist /var/", fp);
 	fprintf(fp, "include whitelist-var-common.inc\n");
 }
 
@@ -222,12 +222,12 @@ static void share_callback(char *ptr) {
 void build_share(const char *fname, FILE *fp) {
 	assert(fname);
 
-	share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "allow /usr/share/");
+	share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "whitelist /usr/share/");
 	process_files(fname, "/usr/share", share_callback);
 
 	// always whitelist /usr/share
 	if (share_out)
-		filedb_print(share_out, "allow /usr/share/", fp);
+		filedb_print(share_out, "whitelist /usr/share/", fp);
 	fprintf(fp, "include whitelist-usr-share-common.inc\n");
 }
 

src/fbuilder/build_home.c

@@ -140,7 +140,7 @@ void build_home(const char *fname, FILE *fp) {
 	assert(fname);
 
 	// load whitelist common
-	db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "allow ${HOME}/");
+	db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "whitelist ${HOME}/");
 
 	// find user home directory
 	struct passwd *pw = getpwuid(getuid());
@@ -168,7 +168,7 @@ void build_home(const char *fname, FILE *fp) {
 
 	// print the out list if any
 	if (db_out) {
-		filedb_print(db_out, "allow ${HOME}/", fp);
+		filedb_print(db_out, "whitelist ${HOME}/", fp);
 		fprintf(fp, "include whitelist-common.inc\n");
 	}
 	else

test/utils/build.exp

@@ -13,7 +13,7 @@ after 100
 send -- "firejail --build cat ~/_firejail-test-file\r"
 expect {
 	timeout {puts "TESTING ERROR 0\n";exit}
-	"allow $\{HOME\}/_firejail-test-file"
+	"whitelist $\{HOME\}/_firejail-test-file"
 }
 expect {
 	timeout {puts "TESTING ERROR 1\n";exit}