aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/netfilter.c
diff options
context:
space:
mode:
authorLibravatar Fred Barclay <Fred-Barclay@users.noreply.github.com>2017-05-24 14:13:52 -0500
committerLibravatar Fred Barclay <Fred-Barclay@users.noreply.github.com>2017-05-24 14:13:52 -0500
commit96c920e166b40bbe50f216e294f2efac154a1cb2 (patch)
treefa80a34e81863ab897f2f2b8ec4124b10d023516 /src/firejail/netfilter.c
parentremove trailing whitespace from etc/ (diff)
downloadfirejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.gz
firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.zst
firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.zip
Remove trailing whitespace from src/
Diffstat (limited to 'src/firejail/netfilter.c')
-rw-r--r--src/firejail/netfilter.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index ea1d45dd7..14b3b54a6 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -46,7 +46,7 @@ static char *client_filter =
46void check_netfilter_file(const char *fname) { 46void check_netfilter_file(const char *fname) {
47 EUID_ASSERT(); 47 EUID_ASSERT();
48 invalid_filename(fname); 48 invalid_filename(fname);
49 49
50 if (is_dir(fname) || is_link(fname) || strstr(fname, "..") || access(fname, R_OK )) { 50 if (is_dir(fname) || is_link(fname) || strstr(fname, "..") || access(fname, R_OK )) {
51 fprintf(stderr, "Error: invalid network filter file %s\n", fname); 51 fprintf(stderr, "Error: invalid network filter file %s\n", fname);
52 exit(1); 52 exit(1);
@@ -95,14 +95,14 @@ void netfilter(const char *fname) {
95 // push filter 95 // push filter
96 if (arg_debug) 96 if (arg_debug)
97 printf("Installing network filter:\n%s\n", filter); 97 printf("Installing network filter:\n%s\n", filter);
98 98
99 // first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter 99 // first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter
100 // we run this command with caps and seccomp disabled in order to allow the loading of these modules 100 // we run this command with caps and seccomp disabled in order to allow the loading of these modules
101 sbox_run(SBOX_ROOT /* | SBOX_CAPS_NETWORK | SBOX_SECCOMP*/ | SBOX_STDIN_FROM_FILE, 1, iptables_restore); 101 sbox_run(SBOX_ROOT /* | SBOX_CAPS_NETWORK | SBOX_SECCOMP*/ | SBOX_STDIN_FROM_FILE, 1, iptables_restore);
102 unlink(SBOX_STDIN_FILE); 102 unlink(SBOX_STDIN_FILE);
103 103
104 // debug 104 // debug
105 if (arg_debug) 105 if (arg_debug)
106 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, iptables, "-vL"); 106 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, iptables, "-vL");
107 107
108 if (allocated) 108 if (allocated)
@@ -113,7 +113,7 @@ void netfilter(const char *fname) {
113void netfilter6(const char *fname) { 113void netfilter6(const char *fname) {
114 if (fname == NULL) 114 if (fname == NULL)
115 return; 115 return;
116 116
117 // find iptables command 117 // find iptables command
118 char *ip6tables = NULL; 118 char *ip6tables = NULL;
119 char *ip6tables_restore = NULL; 119 char *ip6tables_restore = NULL;
@@ -149,7 +149,7 @@ void netfilter6(const char *fname) {
149 // we run this command with caps and seccomp disabled in order to allow the loading of these modules 149 // we run this command with caps and seccomp disabled in order to allow the loading of these modules
150 sbox_run(SBOX_ROOT | /* SBOX_CAPS_NETWORK | SBOX_SECCOMP | */ SBOX_STDIN_FROM_FILE, 1, ip6tables_restore); 150 sbox_run(SBOX_ROOT | /* SBOX_CAPS_NETWORK | SBOX_SECCOMP | */ SBOX_STDIN_FROM_FILE, 1, ip6tables_restore);
151 unlink(SBOX_STDIN_FILE); 151 unlink(SBOX_STDIN_FILE);
152 152
153 // debug 153 // debug
154 if (arg_debug) 154 if (arg_debug)
155 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, ip6tables, "-vL"); 155 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, ip6tables, "-vL");
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-26 09:10:05 +0000