diff options
| author |  netblue30 <netblue30@protonmail.com> | 2022-04-12 08:15:52 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2022-04-12 08:15:52 -0400 |
| commit | 81e12a45b7b1856bffc877d34266823207f8a5b7 (patch) | |
| tree | a74b01dfb350d8c34cd1b69275f3b2955bdcf76d /src | |
| parent | Merge branch 'master' of ssh://github.com/netblue30/firejail (diff) | |
| download | firejail-81e12a45b7b1856bffc877d34266823207f8a5b7.tar.gz firejail-81e12a45b7b1856bffc877d34266823207f8a5b7.tar.zst firejail-81e12a45b7b1856bffc877d34266823207f8a5b7.zip | |
fix --writable-etc
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 11 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 5 |
2 files changed, 14 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 4b01ea0a5..fd96f8bb5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -2874,6 +2874,17 @@ int main(int argc, char **argv, char **envp) { | |||
| 2874 | } | 2874 | } |
| 2875 | } | 2875 | } |
| 2876 | 2876 | ||
| 2877 | // check writable_etc and DNS/DHCP | ||
| 2878 | if (arg_writable_etc) { | ||
| 2879 | if (cfg.dns1 != NULL || any_dhcp()) { | ||
| 2880 | // we could end up overwriting the real /etc/resolv.conf, so we better exit now! | ||
| 2881 | fprintf(stderr, "Error: --dns/--ip=dhcp and --writable-etc are mutually exclusive\n"); | ||
| 2882 | exit(1); | ||
| 2883 | } | ||
| 2884 | } | ||
| 2885 | |||
| 2886 | |||
| 2887 | |||
| 2877 | // enable seccomp if only seccomp.block-secondary was specified | 2888 | // enable seccomp if only seccomp.block-secondary was specified |
| 2878 | if (arg_seccomp_block_secondary) | 2889 | if (arg_seccomp_block_secondary) |
| 2879 | arg_seccomp = 1; | 2890 | arg_seccomp = 1; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 96407d081..635137feb 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -1077,9 +1077,10 @@ int sandbox(void* sandbox_arg) { | |||
| 1077 | fs_dev_disable_input(); | 1077 | fs_dev_disable_input(); |
| 1078 | 1078 | ||
| 1079 | //**************************** | 1079 | //**************************** |
| 1080 | // set dns | 1080 | // rebuild etc directory, set dns |
| 1081 | //**************************** | 1081 | //**************************** |
| 1082 | fs_rebuild_etc(); | 1082 | if (!arg_writable_etc) |
| 1083 | fs_rebuild_etc(); | ||
| 1083 | 1084 | ||
| 1084 | //**************************** | 1085 | //**************************** |
| 1085 | // start dhcp client | 1086 | // start dhcp client |