diff options
author | netblue30 <netblue30@yahoo.com> | 2016-06-04 11:55:09 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-06-04 11:55:09 -0400 |
commit | c8a8d07348ebce017f75b5a2682f056e8c661f5b (patch) | |
tree | 752095766e664a22a1cd38ad30759c6d73533821 | |
parent | fixed firejail symlink problem for --private-bin option (diff) | |
download | firejail-c8a8d07348ebce017f75b5a2682f056e8c661f5b.tar.gz firejail-c8a8d07348ebce017f75b5a2682f056e8c661f5b.tar.zst firejail-c8a8d07348ebce017f75b5a2682f056e8c661f5b.zip |
networking fixes
-rw-r--r-- | src/firejail/network_main.c | 7 | ||||
-rw-r--r-- | src/man/firejail.txt | 5 | ||||
-rw-r--r-- | test/network/README | 10 |
3 files changed, 15 insertions, 7 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index e6d5cd5d7..e50c06ae9 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -56,9 +56,12 @@ void net_configure_bridge(Bridge *br, char *dev_name) { | |||
56 | } | 56 | } |
57 | } | 57 | } |
58 | 58 | ||
59 | // allow unconfigured interfaces | ||
59 | if (net_get_if_addr(br->dev, &br->ip, &br->mask, br->mac, &br->mtu)) { | 60 | if (net_get_if_addr(br->dev, &br->ip, &br->mask, br->mac, &br->mtu)) { |
60 | fprintf(stderr, "Error: interface %s is not configured\n", br->dev); | 61 | fprintf(stderr, "Warning: interface %s is not configured\n", br->dev); |
61 | exit(1); | 62 | br->configured = 1; |
63 | br->arg_ip_none = 1; | ||
64 | return; | ||
62 | } | 65 | } |
63 | if (arg_debug) { | 66 | if (arg_debug) { |
64 | if (br->macvlan == 0) | 67 | if (br->macvlan == 0) |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7b22a5bf2..3c4de9ed5 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -460,6 +460,11 @@ in case you intend to start an external DHCP client in the sandbox. | |||
460 | Example: | 460 | Example: |
461 | .br | 461 | .br |
462 | $ firejail \-\-net=eth0 \-\-\ip=none | 462 | $ firejail \-\-net=eth0 \-\-\ip=none |
463 | .br | ||
464 | |||
465 | .br | ||
466 | If the coresponding interface doesn't have an IP address configured, this | ||
467 | option is enabled by default. | ||
463 | 468 | ||
464 | .TP | 469 | .TP |
465 | \fB\-\-ip6=address | 470 | \fB\-\-ip6=address |
diff --git a/test/network/README b/test/network/README index 27e5667a2..a9b79d1de 100644 --- a/test/network/README +++ b/test/network/README | |||
@@ -1,11 +1,11 @@ | |||
1 | Warning: this test requires root access to configure a number of bridge, macvlan and | 1 | Warning: this test requires root access to configure a number of bridge, mac |
2 | vlan devices. Please take a look at configure file. By the time you are finished testing, | 2 | and vlan devices. Please take a look at configure file. By the time you are |
3 | you'll probably have to reboot the computer to get your networking subsytem | 3 | finished testing, you'll probably have to reboot the computer to get your |
4 | back to normal. | 4 | networking subsytem back to normal. |
5 | 5 | ||
6 | Limitations - to be investigated and fixed: | 6 | Limitations - to be investigated and fixed: |
7 | - the test is assuming an eth0 wired interface to be present | 7 | - the test is assuming an eth0 wired interface to be present |
8 | - using netstat and ifconfig - this needs to be moved to iproute2 utilities | 8 | - using netstat and ifconfig - this needs to be moved to iproute2 |
9 | - configure script inserts an entry in system netfilter configuration | 9 | - configure script inserts an entry in system netfilter configuration |
10 | - the test will probably not work on grsecurity settings | 10 | - the test will probably not work on grsecurity settings |
11 | - macvlan interfaces don't seem to work correctly under VirtualBox | 11 | - macvlan interfaces don't seem to work correctly under VirtualBox |