diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-10 07:18:24 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-10 07:18:24 -0500 |
commit | 334c79edd83377a09c138800c0a2fefaf9c7981f (patch) | |
tree | 4511f4a41338d8a59c302b10588c974aeffd5a46 /src | |
parent | fixed --top (diff) | |
download | firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.tar.gz firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.tar.zst firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.zip |
testing
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 6 | ||||
-rw-r--r-- | src/fnet/veth.c | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index f01094af9..4759e6a5f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -517,9 +517,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
517 | struct stat s; | 517 | struct stat s; |
518 | int rv; | 518 | int rv; |
519 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) | 519 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) |
520 | rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats"); | 520 | rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
521 | 2, PATH_FIREMON, "--netstats"); | ||
521 | else | 522 | else |
522 | rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats"); | 523 | rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
524 | 2, PATH_FIREMON, "--netstats"); | ||
523 | exit(rv); | 525 | exit(rv); |
524 | } | 526 | } |
525 | else { | 527 | else { |
diff --git a/src/fnet/veth.c b/src/fnet/veth.c index d06bc9256..546fafcec 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c | |||
@@ -111,6 +111,8 @@ int net_create_veth(const char *dev, const char *nsdev, unsigned pid) { | |||
111 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 111 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
112 | exit(2); | 112 | exit(2); |
113 | 113 | ||
114 | rtnl_close(&rth); | ||
115 | |||
114 | return 0; | 116 | return 0; |
115 | } | 117 | } |
116 | 118 | ||
@@ -173,6 +175,8 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) { | |||
173 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 175 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
174 | exit(2); | 176 | exit(2); |
175 | 177 | ||
178 | rtnl_close(&rth); | ||
179 | |||
176 | return 0; | 180 | return 0; |
177 | } | 181 | } |
178 | 182 | ||
@@ -209,6 +213,8 @@ int net_move_interface(const char *dev, unsigned pid) { | |||
209 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 213 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
210 | exit(2); | 214 | exit(2); |
211 | 215 | ||
216 | rtnl_close(&rth); | ||
217 | |||
212 | return 0; | 218 | return 0; |
213 | } | 219 | } |
214 | 220 | ||