profile.c: add --net <iface>

author: avoidr <avoidr@users.noreply.github.com> 2016-04-06 22:18:11 +0200
committer: avoidr <avoidr@users.noreply.github.com> 2016-04-06 22:18:11 +0200
commit: 901f73ef75c0fb519242743815aed557d81b0dc2 (patch)
tree: d8118e1b0108c54b176f7481f2ca2b6b883045ec
parent: man page fix (diff)
download: firejail-901f73ef75c0fb519242743815aed557d81b0dc2.tar.gz
firejail-901f73ef75c0fb519242743815aed557d81b0dc2.tar.zst
firejail-901f73ef75c0fb519242743815aed557d81b0dc2.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index d2894d463..c3fb37558 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -228,6 +228,34 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 #endif
                return 0;
        }
+        else if (strncmp(ptr, "net ", 4) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        if (strcmp(ptr + 4, "lo") == 0) {
+                                fprintf(stderr, "Error: cannot attach to lo device\n");
+                                exit(1);
+                        }
+                        Bridge *br;
+                        if (cfg.bridge0.configured == 0)
+                                br = &cfg.bridge0;
+                        else if (cfg.bridge1.configured == 0)
+                                br = &cfg.bridge1;
+                        else if (cfg.bridge2.configured == 0)
+                                br = &cfg.bridge2;
+                        else if (cfg.bridge3.configured == 0)
+                                br = &cfg.bridge3;
+                        else {
+                                fprintf(stderr, "Error: maximum 4 network devices are allowed\n");
+                                exit(1);
+                        }
+                        net_configure_bridge(br, ptr + 4);
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
        
        if (strncmp(ptr, "protocol ", 9) == 0) {
 #ifdef HAVE_SECCOMP
author	avoidr <avoidr@users.noreply.github.com>	2016-04-06 22:18:11 +0200
committer	avoidr <avoidr@users.noreply.github.com>	2016-04-06 22:18:11 +0200
commit	901f73ef75c0fb519242743815aed557d81b0dc2 (patch)
tree	d8118e1b0108c54b176f7481f2ca2b6b883045ec
parent	man page fix (diff)
download	firejail-901f73ef75c0fb519242743815aed557d81b0dc2.tar.gz firejail-901f73ef75c0fb519242743815aed557d81b0dc2.tar.zst firejail-901f73ef75c0fb519242743815aed557d81b0dc2.zip

diff --git a/src/firejail/profile.c b/src/firejail/profile.c index d2894d463..c3fb37558 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -228,6 +228,34 @@ int profile_check_line(char ptr, int lineno, const char fname) {
228	#endif	228	#endif
229	return 0;	229	return 0;
230	}	230	}
		231	else if (strncmp(ptr, "net ", 4) == 0) {
		232	#ifdef HAVE_NETWORK
		233	if (checkcfg(CFG_NETWORK)) {
		234	if (strcmp(ptr + 4, "lo") == 0) {
		235	fprintf(stderr, "Error: cannot attach to lo device\n");
		236	exit(1);
		237	}
		238
		239	Bridge *br;
		240	if (cfg.bridge0.configured == 0)
		241	br = &cfg.bridge0;
		242	else if (cfg.bridge1.configured == 0)
		243	br = &cfg.bridge1;
		244	else if (cfg.bridge2.configured == 0)
		245	br = &cfg.bridge2;
		246	else if (cfg.bridge3.configured == 0)
		247	br = &cfg.bridge3;
		248	else {
		249	fprintf(stderr, "Error: maximum 4 network devices are allowed\n");
		250	exit(1);
		251	}
		252	net_configure_bridge(br, ptr + 4);
		253	}
		254	else
		255	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		256	#endif
		257	return 0;
		258	}
231		259
232	if (strncmp(ptr, "protocol ", 9) == 0) {	260	if (strncmp(ptr, "protocol ", 9) == 0) {
233	#ifdef HAVE_SECCOMP	261	#ifdef HAVE_SECCOMP