diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-06-04 11:55:09 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-06-04 11:55:09 -0400 |
| commit | c8a8d07348ebce017f75b5a2682f056e8c661f5b (patch) | |
| tree | 752095766e664a22a1cd38ad30759c6d73533821 | |
| parent | fixed firejail symlink problem for --private-bin option (diff) | |
| download | firejail-c8a8d07348ebce017f75b5a2682f056e8c661f5b.tar.gz firejail-c8a8d07348ebce017f75b5a2682f056e8c661f5b.tar.zst firejail-c8a8d07348ebce017f75b5a2682f056e8c661f5b.zip | |
networking fixes
| -rw-r--r-- | src/firejail/network_main.c | 7 | ||||
| -rw-r--r-- | src/man/firejail.txt | 5 | ||||
| -rw-r--r-- | test/network/README | 10 |
3 files changed, 15 insertions, 7 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index e6d5cd5d7..e50c06ae9 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
| @@ -56,9 +56,12 @@ void net_configure_bridge(Bridge *br, char *dev_name) { | |||
| 56 | } | 56 | } |
| 57 | } | 57 | } |
| 58 | 58 | ||
| 59 | // allow unconfigured interfaces | ||
| 59 | if (net_get_if_addr(br->dev, &br->ip, &br->mask, br->mac, &br->mtu)) { | 60 | if (net_get_if_addr(br->dev, &br->ip, &br->mask, br->mac, &br->mtu)) { |
| 60 | fprintf(stderr, "Error: interface %s is not configured\n", br->dev); | 61 | fprintf(stderr, "Warning: interface %s is not configured\n", br->dev); |
| 61 | exit(1); | 62 | br->configured = 1; |
| 63 | br->arg_ip_none = 1; | ||
| 64 | return; | ||
| 62 | } | 65 | } |
| 63 | if (arg_debug) { | 66 | if (arg_debug) { |
| 64 | if (br->macvlan == 0) | 67 | if (br->macvlan == 0) |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7b22a5bf2..3c4de9ed5 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -460,6 +460,11 @@ in case you intend to start an external DHCP client in the sandbox. | |||
| 460 | Example: | 460 | Example: |
| 461 | .br | 461 | .br |
| 462 | $ firejail \-\-net=eth0 \-\-\ip=none | 462 | $ firejail \-\-net=eth0 \-\-\ip=none |
| 463 | .br | ||
| 464 | |||
| 465 | .br | ||
| 466 | If the coresponding interface doesn't have an IP address configured, this | ||
| 467 | option is enabled by default. | ||
| 463 | 468 | ||
| 464 | .TP | 469 | .TP |
| 465 | \fB\-\-ip6=address | 470 | \fB\-\-ip6=address |
diff --git a/test/network/README b/test/network/README index 27e5667a2..a9b79d1de 100644 --- a/test/network/README +++ b/test/network/README | |||
| @@ -1,11 +1,11 @@ | |||
| 1 | Warning: this test requires root access to configure a number of bridge, macvlan and | 1 | Warning: this test requires root access to configure a number of bridge, mac |
| 2 | vlan devices. Please take a look at configure file. By the time you are finished testing, | 2 | and vlan devices. Please take a look at configure file. By the time you are |
| 3 | you'll probably have to reboot the computer to get your networking subsytem | 3 | finished testing, you'll probably have to reboot the computer to get your |
| 4 | back to normal. | 4 | networking subsytem back to normal. |
| 5 | 5 | ||
| 6 | Limitations - to be investigated and fixed: | 6 | Limitations - to be investigated and fixed: |
| 7 | - the test is assuming an eth0 wired interface to be present | 7 | - the test is assuming an eth0 wired interface to be present |
| 8 | - using netstat and ifconfig - this needs to be moved to iproute2 utilities | 8 | - using netstat and ifconfig - this needs to be moved to iproute2 |
| 9 | - configure script inserts an entry in system netfilter configuration | 9 | - configure script inserts an entry in system netfilter configuration |
| 10 | - the test will probably not work on grsecurity settings | 10 | - the test will probably not work on grsecurity settings |
| 11 | - macvlan interfaces don't seem to work correctly under VirtualBox | 11 | - macvlan interfaces don't seem to work correctly under VirtualBox |