diff options
author | netblue30 <netblue30@yahoo.com> | 2018-10-13 14:05:27 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-10-13 14:05:27 -0400 |
commit | 82a636a1da84ec2972bf5c10d0992add8affbabe (patch) | |
tree | 4203e039b51c2a8e1dd50df785bcf744548dc633 /src/firejail/network_main.c | |
parent | Merge branch 'master' of http://github.com/netblue30/firejail (diff) | |
download | firejail-82a636a1da84ec2972bf5c10d0992add8affbabe.tar.gz firejail-82a636a1da84ec2972bf5c10d0992add8affbabe.tar.zst firejail-82a636a1da84ec2972bf5c10d0992add8affbabe.zip |
bringing in the fix for always have helpers in sandbox (original pull rq from crass)
Diffstat (limited to 'src/firejail/network_main.c')
-rw-r--r-- | src/firejail/network_main.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index e3c750767..cdb4c6514 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -157,7 +157,7 @@ void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child) { | |||
157 | char *cstr; | 157 | char *cstr; |
158 | if (asprintf(&cstr, "%d", child) == -1) | 158 | if (asprintf(&cstr, "%d", child) == -1) |
159 | errExit("asprintf"); | 159 | errExit("asprintf"); |
160 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 7, PATH_FNET, "create", "veth", dev, ifname, br->dev, cstr); | 160 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 7, PATH_FNET_MAIN, "create", "veth", dev, ifname, br->dev, cstr); |
161 | free(cstr); | 161 | free(cstr); |
162 | 162 | ||
163 | char *msg; | 163 | char *msg; |
@@ -332,42 +332,42 @@ void network_main(pid_t child) { | |||
332 | net_configure_veth_pair(&cfg.bridge0, "eth0", child); | 332 | net_configure_veth_pair(&cfg.bridge0, "eth0", child); |
333 | } | 333 | } |
334 | else | 334 | else |
335 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge0.devsandbox, cfg.bridge0.dev, cstr); | 335 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge0.devsandbox, cfg.bridge0.dev, cstr); |
336 | } | 336 | } |
337 | 337 | ||
338 | if (cfg.bridge1.configured) { | 338 | if (cfg.bridge1.configured) { |
339 | if (cfg.bridge1.macvlan == 0) | 339 | if (cfg.bridge1.macvlan == 0) |
340 | net_configure_veth_pair(&cfg.bridge1, "eth1", child); | 340 | net_configure_veth_pair(&cfg.bridge1, "eth1", child); |
341 | else | 341 | else |
342 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge1.devsandbox, cfg.bridge1.dev, cstr); | 342 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge1.devsandbox, cfg.bridge1.dev, cstr); |
343 | } | 343 | } |
344 | 344 | ||
345 | if (cfg.bridge2.configured) { | 345 | if (cfg.bridge2.configured) { |
346 | if (cfg.bridge2.macvlan == 0) | 346 | if (cfg.bridge2.macvlan == 0) |
347 | net_configure_veth_pair(&cfg.bridge2, "eth2", child); | 347 | net_configure_veth_pair(&cfg.bridge2, "eth2", child); |
348 | else | 348 | else |
349 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge2.devsandbox, cfg.bridge2.dev, cstr); | 349 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge2.devsandbox, cfg.bridge2.dev, cstr); |
350 | } | 350 | } |
351 | 351 | ||
352 | if (cfg.bridge3.configured) { | 352 | if (cfg.bridge3.configured) { |
353 | if (cfg.bridge3.macvlan == 0) | 353 | if (cfg.bridge3.macvlan == 0) |
354 | net_configure_veth_pair(&cfg.bridge3, "eth3", child); | 354 | net_configure_veth_pair(&cfg.bridge3, "eth3", child); |
355 | else | 355 | else |
356 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge3.devsandbox, cfg.bridge3.dev, cstr); | 356 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge3.devsandbox, cfg.bridge3.dev, cstr); |
357 | } | 357 | } |
358 | 358 | ||
359 | // move interfaces in sandbox | 359 | // move interfaces in sandbox |
360 | if (cfg.interface0.configured) { | 360 | if (cfg.interface0.configured) { |
361 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface0.dev, cstr); | 361 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface0.dev, cstr); |
362 | } | 362 | } |
363 | if (cfg.interface1.configured) { | 363 | if (cfg.interface1.configured) { |
364 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface1.dev, cstr); | 364 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface1.dev, cstr); |
365 | } | 365 | } |
366 | if (cfg.interface2.configured) { | 366 | if (cfg.interface2.configured) { |
367 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface2.dev, cstr); | 367 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface2.dev, cstr); |
368 | } | 368 | } |
369 | if (cfg.interface3.configured) { | 369 | if (cfg.interface3.configured) { |
370 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface3.dev, cstr); | 370 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface3.dev, cstr); |
371 | } | 371 | } |
372 | 372 | ||
373 | free(cstr); | 373 | free(cstr); |