aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-02-24 08:02:04 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2016-02-24 08:02:04 -0500
commita9b4b95220738c1b652a7dfa5376f42662d750b1 (patch)
tree451ba0abb1e789eb459656b31bd6fbd4c9326a96
parentx11 work (diff)
parentMerge pull request #319 from yumkam/network-restricted (diff)
downloadfirejail-a9b4b95220738c1b652a7dfa5376f42662d750b1.tar.gz
firejail-a9b4b95220738c1b652a7dfa5376f42662d750b1.tar.zst
firejail-a9b4b95220738c1b652a7dfa5376f42662d750b1.zip
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat
-rw-r--r--configure.ac3
-rw-r--r--src/firejail/main.c6
-rw-r--r--src/man/firejail.txt2
3 files changed, 11 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index b5dcd6855..9b717d333 100644
--- a/configure.ac
+++ b/configure.ac
@@ -38,6 +38,9 @@ AC_ARG_ENABLE([network],
38 AS_HELP_STRING([--disable-network], [disable network])) 38 AS_HELP_STRING([--disable-network], [disable network]))
39AS_IF([test "x$enable_network" != "xno"], [ 39AS_IF([test "x$enable_network" != "xno"], [
40 HAVE_NETWORK="-DHAVE_NETWORK" 40 HAVE_NETWORK="-DHAVE_NETWORK"
41 AS_IF([test "x$enable_network" = "xrestricted"], [
42 HAVE_NETWORK="$HAVE_NETWORK -DHAVE_NETWORK_RESTRICTED"
43 ])
41 AC_SUBST(HAVE_NETWORK) 44 AC_SUBST(HAVE_NETWORK)
42]) 45])
43 46
diff --git a/src/firejail/main.c b/src/firejail/main.c
index d2a093520..3cbaf658e 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1095,6 +1095,12 @@ int main(int argc, char **argv) {
1095 cfg.interface3.configured = 0; 1095 cfg.interface3.configured = 0;
1096 continue; 1096 continue;
1097 } 1097 }
1098#ifdef HAVE_NETWORK_RESTRICTED
1099 if (getuid() != 0) {
1100 fprintf(stderr, "Error: only --net=none is allowed to non-root users\n");
1101 exit(1);
1102 }
1103#endif
1098 if (strcmp(argv[i] + 6, "lo") == 0) { 1104 if (strcmp(argv[i] + 6, "lo") == 0) {
1099 fprintf(stderr, "Error: cannot attach to lo device\n"); 1105 fprintf(stderr, "Error: cannot attach to lo device\n");
1100 exit(1); 1106 exit(1);
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index c4f0dbd3e..681a105af 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -471,6 +471,8 @@ Example:
471.br 471.br
472$ firejail \-\-net=eth0 \-\-ip6=2001:0db8:0:f101::1/64 firefox 472$ firejail \-\-net=eth0 \-\-ip6=2001:0db8:0:f101::1/64 firefox
473 473
474Note: you don't need this option if you obtain your ip6 address from router via SLAAC (your ip6 address and default route will be configured by kernel automatically).
475
474.TP 476.TP
475\fB\-\-iprange=address,address 477\fB\-\-iprange=address,address
476Assign an IP address in the provided range to the last network interface defined by a \-\-net option. A 478Assign an IP address in the provided range to the last network interface defined by a \-\-net option. A
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-18 13:18:09 +0000