diff options
author | Kristóf Marussy <kris7topher@gmail.com> | 2019-12-26 19:08:00 +0100 |
---|---|---|
committer | Kristóf Marussy <kris7topher@gmail.com> | 2019-12-30 02:38:59 +0100 |
commit | a50e86844715442008ef75aff0d466e19e473f04 (patch) | |
tree | 4e3c953432c62c50839da6b1b5c9939d2dcd1873 /src | |
parent | Harden file-roller (diff) | |
download | firejail-a50e86844715442008ef75aff0d466e19e473f04.tar.gz firejail-a50e86844715442008ef75aff0d466e19e473f04.tar.zst firejail-a50e86844715442008ef75aff0d466e19e473f04.zip |
Add --ip=dhcp and --ip6=dhcp options
Currently, --ip=dhcp is equivalent to --ip=none
and --ip6=dhcp does nothing either, except for parsing correctly
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 27 | ||||
-rw-r--r-- | src/firejail/profile.c | 30 |
3 files changed, 37 insertions, 22 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 03bcbda46..a5eeb4067 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -103,6 +103,8 @@ typedef struct bridge_t { | |||
103 | 103 | ||
104 | // flags | 104 | // flags |
105 | uint8_t arg_ip_none; // --ip=none | 105 | uint8_t arg_ip_none; // --ip=none |
106 | uint8_t arg_ip_dhcp; | ||
107 | uint8_t arg_ip6_dhcp; | ||
106 | uint8_t macvlan; // set by --net=eth0 (or eth1, ...); reset by --net=br0 (or br1, ...) | 108 | uint8_t macvlan; // set by --net=eth0 (or eth1, ...); reset by --net=br0 (or br1, ...) |
107 | uint8_t configured; | 109 | uint8_t configured; |
108 | uint8_t scan; // set by --scan | 110 | uint8_t scan; // set by --scan |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 179f8ddf9..0b9ebc482 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2144,7 +2144,10 @@ int main(int argc, char **argv) { | |||
2144 | // configure this IP address for the last bridge defined | 2144 | // configure this IP address for the last bridge defined |
2145 | if (strcmp(argv[i] + 5, "none") == 0) | 2145 | if (strcmp(argv[i] + 5, "none") == 0) |
2146 | br->arg_ip_none = 1; | 2146 | br->arg_ip_none = 1; |
2147 | else { | 2147 | else if (strcmp(argv[i] + 5, "dhcp") == 0) { |
2148 | br->arg_ip_none = 1; | ||
2149 | br->arg_ip_dhcp = 1; | ||
2150 | } else { | ||
2148 | if (atoip(argv[i] + 5, &br->ipsandbox)) { | 2151 | if (atoip(argv[i] + 5, &br->ipsandbox)) { |
2149 | fprintf(stderr, "Error: invalid IP address\n"); | 2152 | fprintf(stderr, "Error: invalid IP address\n"); |
2150 | exit(1); | 2153 | exit(1); |
@@ -2184,20 +2187,24 @@ int main(int argc, char **argv) { | |||
2184 | fprintf(stderr, "Error: no network device configured\n"); | 2187 | fprintf(stderr, "Error: no network device configured\n"); |
2185 | exit(1); | 2188 | exit(1); |
2186 | } | 2189 | } |
2187 | if (br->ip6sandbox) { | 2190 | if (br->arg_ip6_dhcp || br->ip6sandbox) { |
2188 | fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); | 2191 | fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); |
2189 | exit(1); | 2192 | exit(1); |
2190 | } | 2193 | } |
2191 | 2194 | ||
2192 | // configure this IP address for the last bridge defined | 2195 | // configure this IP address for the last bridge defined |
2193 | if (check_ip46_address(argv[i] + 6) == 0) { | 2196 | if (strcmp(argv[i] + 6, "dhcp") == 0) |
2194 | fprintf(stderr, "Error: invalid IPv6 address\n"); | 2197 | br->arg_ip6_dhcp = 1; |
2195 | exit(1); | 2198 | else { |
2196 | } | 2199 | if (check_ip46_address(argv[i] + 6) == 0) { |
2197 | 2200 | fprintf(stderr, "Error: invalid IPv6 address\n"); | |
2198 | br->ip6sandbox = strdup(argv[i] + 6); | 2201 | exit(1); |
2199 | if (br->ip6sandbox == NULL) | 2202 | } |
2200 | errExit("strdup"); | 2203 | |
2204 | br->ip6sandbox = strdup(argv[i] + 6); | ||
2205 | if (br->ip6sandbox == NULL) | ||
2206 | errExit("strdup"); | ||
2207 | } | ||
2201 | } | 2208 | } |
2202 | else | 2209 | else |
2203 | exit_err_feature("networking"); | 2210 | exit_err_feature("networking"); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 9a724331b..959678501 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -672,7 +672,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
672 | // configure this IP address for the last bridge defined | 672 | // configure this IP address for the last bridge defined |
673 | if (strcmp(ptr + 3, "none") == 0) | 673 | if (strcmp(ptr + 3, "none") == 0) |
674 | br->arg_ip_none = 1; | 674 | br->arg_ip_none = 1; |
675 | else { | 675 | else if (strcmp(ptr + 3, "dhcp") == 0) { |
676 | br->arg_ip_none = 1; | ||
677 | br->arg_ip_dhcp = 1; | ||
678 | } else { | ||
676 | if (atoip(ptr + 3, &br->ipsandbox)) { | 679 | if (atoip(ptr + 3, &br->ipsandbox)) { |
677 | fprintf(stderr, "Error: invalid IP address\n"); | 680 | fprintf(stderr, "Error: invalid IP address\n"); |
678 | exit(1); | 681 | exit(1); |
@@ -693,21 +696,24 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
693 | fprintf(stderr, "Error: no network device configured\n"); | 696 | fprintf(stderr, "Error: no network device configured\n"); |
694 | exit(1); | 697 | exit(1); |
695 | } | 698 | } |
696 | if (br->ip6sandbox) { | 699 | if (br->arg_ip6_dhcp || br->ip6sandbox) { |
697 | fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); | 700 | fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); |
698 | exit(1); | 701 | exit(1); |
699 | } | 702 | } |
700 | 703 | ||
701 | // configure this IP address for the last bridge defined | 704 | // configure this IP address for the last bridge defined |
702 | if (check_ip46_address(ptr + 4) == 0) { | 705 | if (strcmp(ptr + 4, "dhcp") == 0) |
703 | fprintf(stderr, "Error: invalid IPv6 address\n"); | 706 | br->arg_ip6_dhcp = 1; |
704 | exit(1); | 707 | else { |
705 | } | 708 | if (check_ip46_address(ptr + 4) == 0) { |
706 | 709 | fprintf(stderr, "Error: invalid IPv6 address\n"); | |
707 | br->ip6sandbox = strdup(ptr + 4); | 710 | exit(1); |
708 | if (br->ip6sandbox == NULL) | 711 | } |
709 | errExit("strdup"); | 712 | |
710 | 713 | br->ip6sandbox = strdup(ptr + 4); | |
714 | if (br->ip6sandbox == NULL) | ||
715 | errExit("strdup"); | ||
716 | } | ||
711 | } | 717 | } |
712 | else | 718 | else |
713 | warning_feature_disabled("networking"); | 719 | warning_feature_disabled("networking"); |