diff options
author | avoidr <avoidr@users.noreply.github.com> | 2016-04-06 22:18:11 +0200 |
---|---|---|
committer | avoidr <avoidr@users.noreply.github.com> | 2016-04-06 22:18:11 +0200 |
commit | 901f73ef75c0fb519242743815aed557d81b0dc2 (patch) | |
tree | d8118e1b0108c54b176f7481f2ca2b6b883045ec /src | |
parent | man page fix (diff) | |
download | firejail-901f73ef75c0fb519242743815aed557d81b0dc2.tar.gz firejail-901f73ef75c0fb519242743815aed557d81b0dc2.tar.zst firejail-901f73ef75c0fb519242743815aed557d81b0dc2.zip |
profile.c: add --net <iface>
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/profile.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index d2894d463..c3fb37558 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -228,6 +228,34 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
228 | #endif | 228 | #endif |
229 | return 0; | 229 | return 0; |
230 | } | 230 | } |
231 | else if (strncmp(ptr, "net ", 4) == 0) { | ||
232 | #ifdef HAVE_NETWORK | ||
233 | if (checkcfg(CFG_NETWORK)) { | ||
234 | if (strcmp(ptr + 4, "lo") == 0) { | ||
235 | fprintf(stderr, "Error: cannot attach to lo device\n"); | ||
236 | exit(1); | ||
237 | } | ||
238 | |||
239 | Bridge *br; | ||
240 | if (cfg.bridge0.configured == 0) | ||
241 | br = &cfg.bridge0; | ||
242 | else if (cfg.bridge1.configured == 0) | ||
243 | br = &cfg.bridge1; | ||
244 | else if (cfg.bridge2.configured == 0) | ||
245 | br = &cfg.bridge2; | ||
246 | else if (cfg.bridge3.configured == 0) | ||
247 | br = &cfg.bridge3; | ||
248 | else { | ||
249 | fprintf(stderr, "Error: maximum 4 network devices are allowed\n"); | ||
250 | exit(1); | ||
251 | } | ||
252 | net_configure_bridge(br, ptr + 4); | ||
253 | } | ||
254 | else | ||
255 | fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n"); | ||
256 | #endif | ||
257 | return 0; | ||
258 | } | ||
231 | 259 | ||
232 | if (strncmp(ptr, "protocol ", 9) == 0) { | 260 | if (strncmp(ptr, "protocol ", 9) == 0) { |
233 | #ifdef HAVE_SECCOMP | 261 | #ifdef HAVE_SECCOMP |