diff options
author | root <root@debian> | 2016-04-25 09:54:17 -0400 |
---|---|---|
committer | root <root@debian> | 2016-04-25 09:54:17 -0400 |
commit | c92dc59bef0d34541c10fd535d91d876d214a5d8 (patch) | |
tree | 270bbadb3380ce0d144cb351f09062e40b4da456 | |
parent | cyberfox profile (diff) | |
download | firejail-c92dc59bef0d34541c10fd535d91d876d214a5d8.tar.gz firejail-c92dc59bef0d34541c10fd535d91d876d214a5d8.tar.zst firejail-c92dc59bef0d34541c10fd535d91d876d214a5d8.zip |
fixed interface/defaultgw problem
-rw-r--r-- | src/firejail/sandbox.c | 25 | ||||
-rwxr-xr-x | test/compile/compile.sh | 2 | ||||
-rwxr-xr-x | test/dist-compile/compile.sh | 2 |
3 files changed, 18 insertions, 11 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 3f3564295..4473e306c 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -539,6 +539,7 @@ int sandbox(void* sandbox_arg) { | |||
539 | //**************************** | 539 | //**************************** |
540 | // networking | 540 | // networking |
541 | //**************************** | 541 | //**************************** |
542 | int gw_cfg_failed = 0; // default gw configuration flag | ||
542 | if (arg_nonetwork) { | 543 | if (arg_nonetwork) { |
543 | net_if_up("lo"); | 544 | net_if_up("lo"); |
544 | if (arg_debug) | 545 | if (arg_debug) |
@@ -564,13 +565,6 @@ int sandbox(void* sandbox_arg) { | |||
564 | net_config_mac(cfg.bridge3.devsandbox, cfg.bridge3.macsandbox); | 565 | net_config_mac(cfg.bridge3.devsandbox, cfg.bridge3.macsandbox); |
565 | sandbox_if_up(&cfg.bridge3); | 566 | sandbox_if_up(&cfg.bridge3); |
566 | 567 | ||
567 | // add a default route | ||
568 | if (cfg.defaultgw) { | ||
569 | // set the default route | ||
570 | if (net_add_route(0, 0, cfg.defaultgw)) | ||
571 | fprintf(stderr, "Warning: cannot configure default route\n"); | ||
572 | } | ||
573 | |||
574 | // enable interfaces | 568 | // enable interfaces |
575 | if (cfg.interface0.configured && cfg.interface0.ip) { | 569 | if (cfg.interface0.configured && cfg.interface0.ip) { |
576 | if (arg_debug) | 570 | if (arg_debug) |
@@ -597,6 +591,15 @@ int sandbox(void* sandbox_arg) { | |||
597 | net_if_up(cfg.interface3.dev); | 591 | net_if_up(cfg.interface3.dev); |
598 | } | 592 | } |
599 | 593 | ||
594 | // add a default route | ||
595 | if (cfg.defaultgw) { | ||
596 | // set the default route | ||
597 | if (net_add_route(0, 0, cfg.defaultgw)) { | ||
598 | fprintf(stderr, "Warning: cannot configure default route\n"); | ||
599 | gw_cfg_failed = 1; | ||
600 | } | ||
601 | } | ||
602 | |||
600 | if (arg_debug) | 603 | if (arg_debug) |
601 | printf("Network namespace enabled\n"); | 604 | printf("Network namespace enabled\n"); |
602 | } | 605 | } |
@@ -612,8 +615,12 @@ int sandbox(void* sandbox_arg) { | |||
612 | printf("\n"); | 615 | printf("\n"); |
613 | if (any_bridge_configured() || any_interface_configured()) | 616 | if (any_bridge_configured() || any_interface_configured()) |
614 | net_ifprint(); | 617 | net_ifprint(); |
615 | if (cfg.defaultgw != 0) | 618 | if (cfg.defaultgw != 0) { |
616 | printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw)); | 619 | if (gw_cfg_failed) |
620 | printf("Default gateway configuration failed\n"); | ||
621 | else | ||
622 | printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw)); | ||
623 | } | ||
617 | if (cfg.dns1 != 0) | 624 | if (cfg.dns1 != 0) |
618 | printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1)); | 625 | printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1)); |
619 | if (cfg.dns2 != 0) | 626 | if (cfg.dns2 != 0) |
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index e3e9bef2b..c6b1d1928 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -15,7 +15,7 @@ arr[9]="TEST 9: compile file transfer disabled" | |||
15 | cleanup() { | 15 | cleanup() { |
16 | rm -f report* | 16 | rm -f report* |
17 | rm -fr firejail | 17 | rm -fr firejail |
18 | rm oc* om* | 18 | rm -f oc* om* |
19 | } | 19 | } |
20 | 20 | ||
21 | print_title() { | 21 | print_title() { |
diff --git a/test/dist-compile/compile.sh b/test/dist-compile/compile.sh index a9c1656ee..e0d29281b 100755 --- a/test/dist-compile/compile.sh +++ b/test/dist-compile/compile.sh | |||
@@ -15,7 +15,7 @@ arr[9]="TEST 9: compile file transfer disabled" | |||
15 | cleanup() { | 15 | cleanup() { |
16 | rm -f report* | 16 | rm -f report* |
17 | rm -fr firejail | 17 | rm -fr firejail |
18 | rm oc* om* | 18 | rm -f oc* om* |
19 | } | 19 | } |
20 | 20 | ||
21 | print_title() { | 21 | print_title() { |