fix netfilter-default functionality in /etc/firejail/firejail.config

author: netblue30 <netblue30@yahoo.com> 2019-01-09 08:26:46 -0500
committer: netblue30 <netblue30@yahoo.com> 2019-01-09 08:26:46 -0500
commit: 314dde5d94b0c14dd5bb8a3eda1435b64e007a4b (patch)
tree: fa98c339da1dff3f46105043917bc015290fd3ae /src/firejail/netfilter.c
parent: test caps join (diff)
download: firejail-314dde5d94b0c14dd5bb8a3eda1435b64e007a4b.tar.gz
firejail-314dde5d94b0c14dd5bb8a3eda1435b64e007a4b.tar.zst
firejail-314dde5d94b0c14dd5bb8a3eda1435b64e007a4b.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index ed2d019ab..22c8392a0 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -69,8 +69,12 @@ void netfilter(const char *fname) {
        if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644))
                errExit("set_perms");
-        if (fname == NULL)
+        if (fname == NULL) {
-                sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
+                if (netfilter_default)
+                        sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, netfilter_default, SBOX_STDIN_FILE);
+                else
+                        sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
+        }
        else
                sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE);
author	netblue30 <netblue30@yahoo.com>	2019-01-09 08:26:46 -0500
committer	netblue30 <netblue30@yahoo.com>	2019-01-09 08:26:46 -0500
commit	314dde5d94b0c14dd5bb8a3eda1435b64e007a4b (patch)
tree	fa98c339da1dff3f46105043917bc015290fd3ae /src/firejail/netfilter.c
parent	test caps join (diff)
download	firejail-314dde5d94b0c14dd5bb8a3eda1435b64e007a4b.tar.gz firejail-314dde5d94b0c14dd5bb8a3eda1435b64e007a4b.tar.zst firejail-314dde5d94b0c14dd5bb8a3eda1435b64e007a4b.zip