diff options
| author |  netblue30 <netblue30@yahoo.com> | 2020-09-01 16:10:19 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2020-09-01 16:10:19 -0400 |
| commit | 46473c5699fbe3105de8ad00c60a4ba447d9c784 (patch) | |
| tree | 49c0d9aab86cbdf05e79e57c8be9f91b4629e8ce | |
| parent | shell none: avoid syscalls after seccomp_install_filters (diff) | |
| download | firejail-46473c5699fbe3105de8ad00c60a4ba447d9c784.tar.gz firejail-46473c5699fbe3105de8ad00c60a4ba447d9c784.tar.zst firejail-46473c5699fbe3105de8ad00c60a4ba447d9c784.zip | |
fshaper.sh fix (#3620)
| -rw-r--r-- | Makefile.in | 1 | ||||
| -rwxr-xr-x | src/fshaper/fshaper.sh | 30 |
2 files changed, 21 insertions, 10 deletions
diff --git a/Makefile.in b/Makefile.in index 890ba1b0a..6ed22b007 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -109,6 +109,7 @@ endif | |||
| 109 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) | 109 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) |
| 110 | # non-dumpable plugins | 110 | # non-dumpable plugins |
| 111 | install -m 0711 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS_NON_DUMPABLE) | 111 | install -m 0711 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS_NON_DUMPABLE) |
| 112 | install -m 0711 -t $(DESTDIR)$(libdir)/firejail src/fshaper/fshaper.sh | ||
| 112 | ifeq ($(HAVE_CONTRIB_INSTALL),yes) | 113 | ifeq ($(HAVE_CONTRIB_INSTALL),yes) |
| 113 | # contrib scripts | 114 | # contrib scripts |
| 114 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail contrib/*.py contrib/*.sh | 115 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail contrib/*.py contrib/*.sh |
diff --git a/src/fshaper/fshaper.sh b/src/fshaper/fshaper.sh index 936a23512..ef76813ea 100755 --- a/src/fshaper/fshaper.sh +++ b/src/fshaper/fshaper.sh | |||
| @@ -3,6 +3,16 @@ | |||
| 3 | # Copyright (C) 2014-2020 Firejail Authors | 3 | # Copyright (C) 2014-2020 Firejail Authors |
| 4 | # License GPL v2 | 4 | # License GPL v2 |
| 5 | 5 | ||
| 6 | TCFILE="" | ||
| 7 | if [ -x "/usr/sbin/tc" ]; then | ||
| 8 | TCFILE="/usr/sbin/tc" | ||
| 9 | elif [ -x "/sbin/tc" ]; then | ||
| 10 | TCFILE="/sbin/tc"; | ||
| 11 | else | ||
| 12 | echo "Error: traffic control utility (tc) not found"; | ||
| 13 | exit 1 | ||
| 14 | fi | ||
| 15 | |||
| 6 | usage() { | 16 | usage() { |
| 7 | echo "Usage:" | 17 | echo "Usage:" |
| 8 | echo " fshaper.sh --status" | 18 | echo " fshaper.sh --status" |
| @@ -11,8 +21,8 @@ usage() { | |||
| 11 | } | 21 | } |
| 12 | 22 | ||
| 13 | if [ "$1" = "--status" ]; then | 23 | if [ "$1" = "--status" ]; then |
| 14 | /sbin/tc -s qdisc ls | 24 | $TCFILE -s qdisc ls |
| 15 | /sbin/tc -s class ls | 25 | $TCFILE -s class ls |
| 16 | exit | 26 | exit |
| 17 | fi | 27 | fi |
| 18 | 28 | ||
| @@ -25,8 +35,8 @@ if [ "$1" = "--clear" ]; then | |||
| 25 | 35 | ||
| 26 | DEV=$2 | 36 | DEV=$2 |
| 27 | echo "Removing bandwidth limits" | 37 | echo "Removing bandwidth limits" |
| 28 | /sbin/tc qdisc del dev $DEV root 2> /dev/null > /dev/null | 38 | $TCFILE qdisc del dev $DEV root 2> /dev/null > /dev/null |
| 29 | /sbin/tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null | 39 | $TCFILE qdisc del dev $DEV ingress 2> /dev/null > /dev/null |
| 30 | exit | 40 | exit |
| 31 | 41 | ||
| 32 | fi | 42 | fi |
| @@ -34,7 +44,7 @@ fi | |||
| 34 | if [ "$1" = "--set" ]; then | 44 | if [ "$1" = "--set" ]; then |
| 35 | DEV=$2 | 45 | DEV=$2 |
| 36 | echo "Removing bandwidth limit" | 46 | echo "Removing bandwidth limit" |
| 37 | /sbin/tc qdisc del dev $DEV ingress #2> /dev/null > /dev/null | 47 | $TCFILE qdisc del dev $DEV ingress #2> /dev/null > /dev/null |
| 38 | 48 | ||
| 39 | if [ $# -ne 4 ]; then | 49 | if [ $# -ne 4 ]; then |
| 40 | echo "Error: missing parameters" | 50 | echo "Error: missing parameters" |
| @@ -54,16 +64,16 @@ if [ "$1" = "--set" ]; then | |||
| 54 | echo "Upload speed ${OUT}kbps" | 64 | echo "Upload speed ${OUT}kbps" |
| 55 | 65 | ||
| 56 | echo "cleaning limits" | 66 | echo "cleaning limits" |
| 57 | /sbin/tc qdisc del dev $DEV root 2> /dev/null > /dev/null | 67 | $TCFILE qdisc del dev $DEV root 2> /dev/null > /dev/null |
| 58 | /sbin/tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null | 68 | $TCFILE qdisc del dev $DEV ingress 2> /dev/null > /dev/null |
| 59 | 69 | ||
| 60 | echo "configuring tc ingress" | 70 | echo "configuring tc ingress" |
| 61 | /sbin/tc qdisc add dev $DEV handle ffff: ingress #2> /dev/null > /dev/null | 71 | $TCFILE qdisc add dev $DEV handle ffff: ingress #2> /dev/null > /dev/null |
| 62 | /sbin/tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ | 72 | $TCFILE filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ |
| 63 | 0.0.0.0/0 police rate ${IN}kbit burst 10k drop flowid :1 #2> /dev/null > /dev/null | 73 | 0.0.0.0/0 police rate ${IN}kbit burst 10k drop flowid :1 #2> /dev/null > /dev/null |
| 64 | 74 | ||
| 65 | echo "configuring tc egress" | 75 | echo "configuring tc egress" |
| 66 | /sbin/tc qdisc add dev $DEV root tbf rate ${OUT}kbit latency 25ms burst 10k #2> /dev/null > /dev/null | 76 | $TCFILE qdisc add dev $DEV root tbf rate ${OUT}kbit latency 25ms burst 10k #2> /dev/null > /dev/null |
| 67 | exit | 77 | exit |
| 68 | fi | 78 | fi |
| 69 | 79 | ||