Add --ip=dhcp and --ip6=dhcp options

Currently, --ip=dhcp is equivalent to --ip=none and --ip6=dhcp does nothing either, except for parsing correctly
author: Kristóf Marussy <kris7topher@gmail.com> 2019-12-26 19:08:00 +0100
committer: Kristóf Marussy <kris7topher@gmail.com> 2019-12-30 02:38:59 +0100
commit: a50e86844715442008ef75aff0d466e19e473f04 (patch)
tree: 4e3c953432c62c50839da6b1b5c9939d2dcd1873 /src/firejail/profile.c
parent: Harden file-roller (diff)
download: firejail-a50e86844715442008ef75aff0d466e19e473f04.tar.gz
firejail-a50e86844715442008ef75aff0d466e19e473f04.tar.zst
firejail-a50e86844715442008ef75aff0d466e19e473f04.zip
1 files changed, 18 insertions, 12 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 9a724331b..959678501 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -672,7 +672,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                        // configure this IP address for the last bridge defined
                        if (strcmp(ptr + 3, "none") == 0)
                                br->arg_ip_none = 1;
-                        else {
+                        else if (strcmp(ptr + 3, "dhcp") == 0) {
+                                br->arg_ip_none = 1;
+                                br->arg_ip_dhcp = 1;
+                        } else {
                                if (atoip(ptr + 3, &br->ipsandbox)) {
                                        fprintf(stderr, "Error: invalid IP address\n");
                                        exit(1);
@@ -693,21 +696,24 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                                fprintf(stderr, "Error: no network device configured\n");
                                exit(1);
                        }
-                        if (br->ip6sandbox) {
+                        if (br->arg_ip6_dhcp || br->ip6sandbox) {
                                fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
                                exit(1);
                        }
-                        // configure this IP address for the last bridge defined
+      // configure this IP address for the last bridge defined
-                        if (check_ip46_address(ptr + 4) == 0) {
+      if (strcmp(ptr + 4, "dhcp") == 0)
-                                fprintf(stderr, "Error: invalid IPv6 address\n");
+        br->arg_ip6_dhcp = 1;
-                                exit(1);
+      else {
-                        }
+        if (check_ip46_address(ptr + 4) == 0) {
+          fprintf(stderr, "Error: invalid IPv6 address\n");
-                        br->ip6sandbox = strdup(ptr + 4);
+          exit(1);
-                        if (br->ip6sandbox == NULL)
+        }
-                                errExit("strdup");
+        br->ip6sandbox = strdup(ptr + 4);
+        if (br->ip6sandbox == NULL)
+          errExit("strdup");
+      }
                }
                else
                        warning_feature_disabled("networking");
author	Kristóf Marussy <kris7topher@gmail.com>	2019-12-26 19:08:00 +0100
committer	Kristóf Marussy <kris7topher@gmail.com>	2019-12-30 02:38:59 +0100
commit	a50e86844715442008ef75aff0d466e19e473f04 (patch)
tree	4e3c953432c62c50839da6b1b5c9939d2dcd1873 /src/firejail/profile.c
parent	Harden file-roller (diff)
download	firejail-a50e86844715442008ef75aff0d466e19e473f04.tar.gz firejail-a50e86844715442008ef75aff0d466e19e473f04.tar.zst firejail-a50e86844715442008ef75aff0d466e19e473f04.zip

diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 9a724331b..959678501 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -672,7 +672,10 @@ int profile_check_line(char ptr, int lineno, const char fname) {
672	// configure this IP address for the last bridge defined	672	// configure this IP address for the last bridge defined
673	if (strcmp(ptr + 3, "none") == 0)	673	if (strcmp(ptr + 3, "none") == 0)
674	br->arg_ip_none = 1;	674	br->arg_ip_none = 1;
675	else {	675	else if (strcmp(ptr + 3, "dhcp") == 0) {
		676	br->arg_ip_none = 1;
		677	br->arg_ip_dhcp = 1;
		678	} else {
676	if (atoip(ptr + 3, &br->ipsandbox)) {	679	if (atoip(ptr + 3, &br->ipsandbox)) {
677	fprintf(stderr, "Error: invalid IP address\n");	680	fprintf(stderr, "Error: invalid IP address\n");
678	exit(1);	681	exit(1);
@@ -693,21 +696,24 @@ int profile_check_line(char ptr, int lineno, const char fname) {
693	fprintf(stderr, "Error: no network device configured\n");	696	fprintf(stderr, "Error: no network device configured\n");
694	exit(1);	697	exit(1);
695	}	698	}
696	if (br->ip6sandbox) {	699	if (br->arg_ip6_dhcp \|\| br->ip6sandbox) {
697	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");	700	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
698	exit(1);	701	exit(1);
699	}	702	}
700		703
701	// configure this IP address for the last bridge defined	704	// configure this IP address for the last bridge defined
702	if (check_ip46_address(ptr + 4) == 0) {	705	if (strcmp(ptr + 4, "dhcp") == 0)
703	fprintf(stderr, "Error: invalid IPv6 address\n");	706	br->arg_ip6_dhcp = 1;
704	exit(1);	707	else {
705	}	708	if (check_ip46_address(ptr + 4) == 0) {
706		709	fprintf(stderr, "Error: invalid IPv6 address\n");
707	br->ip6sandbox = strdup(ptr + 4);	710	exit(1);
708	if (br->ip6sandbox == NULL)	711	}
709	errExit("strdup");	712
710		713	br->ip6sandbox = strdup(ptr + 4);
		714	if (br->ip6sandbox == NULL)
		715	errExit("strdup");
		716	}
711	}	717	}
712	else	718	else
713	warning_feature_disabled("networking");	719	warning_feature_disabled("networking");