mainline merge: fix netfilter-default functionality in /etc/firejail/firejail.config

author: netblue30 <netblue30@yahoo.com> 2019-01-09 09:27:12 -0500
committer: netblue30 <netblue30@yahoo.com> 2019-01-09 09:27:12 -0500
commit: 2aec49709bdebcf4e32d540f4e92cfe033170f12 (patch)
tree: 5b4e267ede8844e538425ead641e45b6cdc1b18f
parent: from mainline: Correctly set address length in arp frames (diff)
download: firejail-2aec49709bdebcf4e32d540f4e92cfe033170f12.tar.gz
firejail-2aec49709bdebcf4e32d540f4e92cfe033170f12.tar.zst
firejail-2aec49709bdebcf4e32d540f4e92cfe033170f12.zip
2 files changed, 12 insertions, 4 deletions
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index ed2d019ab..22c8392a0 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -69,8 +69,12 @@ void netfilter(const char *fname) {
        if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644))
                errExit("set_perms");
-        if (fname == NULL)
+        if (fname == NULL) {
-                sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
+                if (netfilter_default)
+                        sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, netfilter_default, SBOX_STDIN_FILE);
+                else
+                        sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
+        }
        else
                sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE);
diff --git a/status b/status
index 84ec18951..fb8d548b7 100644
--- a/status
+++ b/status
@@ -1,5 +1,9 @@
-2019: Jan 2
-done: Correctly set address length in arp frames
+Jan 9: fix netfilter-default functionality in /etc/firejail/firejail.config
+Jan 8: test caps join
+Jan 8: testing seccomp/join
+Jan 8:  fix join/seccomp #2296
+Jan 2: Correctly set address length in arp frames
 Nov 6: mainline merge
 done: removed transfer.sh support from travis build
author	netblue30 <netblue30@yahoo.com>	2019-01-09 09:27:12 -0500
committer	netblue30 <netblue30@yahoo.com>	2019-01-09 09:27:12 -0500
commit	2aec49709bdebcf4e32d540f4e92cfe033170f12 (patch)
tree	5b4e267ede8844e538425ead641e45b6cdc1b18f
parent	from mainline: Correctly set address length in arp frames (diff)
download	firejail-2aec49709bdebcf4e32d540f4e92cfe033170f12.tar.gz firejail-2aec49709bdebcf4e32d540f4e92cfe033170f12.tar.zst firejail-2aec49709bdebcf4e32d540f4e92cfe033170f12.zip

diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index ed2d019ab..22c8392a0 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c
@@ -69,8 +69,12 @@ void netfilter(const char *fname) {
69	if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644))	69	if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644))
70	errExit("set_perms");	70	errExit("set_perms");
71		71
72	if (fname == NULL)	72	if (fname == NULL) {
73	sbox_run(SBOX_USER\| SBOX_CAPS_NONE \| SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);	73	if (netfilter_default)
		74	sbox_run(SBOX_USER\| SBOX_CAPS_NONE \| SBOX_SECCOMP, 3, PATH_FNETFILTER, netfilter_default, SBOX_STDIN_FILE);
		75	else
		76	sbox_run(SBOX_USER\| SBOX_CAPS_NONE \| SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
		77	}
74	else	78	else
75	sbox_run(SBOX_USER\| SBOX_CAPS_NONE \| SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE);	79	sbox_run(SBOX_USER\| SBOX_CAPS_NONE \| SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE);
76		80


diff --git a/status b/status index 84ec18951..fb8d548b7 100644 --- a/status +++ b/status
@@ -1,5 +1,9 @@
1	2019: Jan 2	1
2	done: Correctly set address length in arp frames	2	Jan 9: fix netfilter-default functionality in /etc/firejail/firejail.config
		3	Jan 8: test caps join
		4	Jan 8: testing seccomp/join
		5	Jan 8: fix join/seccomp #2296
		6	Jan 2: Correctly set address length in arp frames
3		7
4	Nov 6: mainline merge	8	Nov 6: mainline merge
5	done: removed transfer.sh support from travis build	9	done: removed transfer.sh support from travis build