diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-09 09:43:31 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-09 09:43:31 -0500 |
commit | e44f60a25011e388ae9f33ce8d16b9d8cb143502 (patch) | |
tree | 2a13bc2f751db72c75f1cd96f88d932c4b5c4a90 /src | |
parent | testing (diff) | |
download | firejail-e44f60a25011e388ae9f33ce8d16b9d8cb143502.tar.gz firejail-e44f60a25011e388ae9f33ce8d16b9d8cb143502.tar.zst firejail-e44f60a25011e388ae9f33ce8d16b9d8cb143502.zip |
testing
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 8 | ||||
-rw-r--r-- | src/firejail/sbox.c | 2 | ||||
-rw-r--r-- | src/fnet/interface.c | 1 |
3 files changed, 5 insertions, 6 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 556cb1fca..6b7f7f003 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -481,28 +481,24 @@ int sandbox(void* sandbox_arg) { | |||
481 | sandbox_if_up(&cfg.bridge3); | 481 | sandbox_if_up(&cfg.bridge3); |
482 | 482 | ||
483 | 483 | ||
484 | // todo: this code seems to be dead!!! | 484 | // moving an interface in a namespace using --interface will reset the interface configuration; |
485 | // enable interfaces | 485 | // we need to put the configuration back |
486 | if (cfg.interface0.configured && cfg.interface0.ip) { | 486 | if (cfg.interface0.configured && cfg.interface0.ip) { |
487 | assert(0); | ||
488 | if (arg_debug) | 487 | if (arg_debug) |
489 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface0.ip), cfg.interface0.dev); | 488 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface0.ip), cfg.interface0.dev); |
490 | net_config_interface(cfg.interface0.dev, cfg.interface0.ip, cfg.interface0.mask, cfg.interface0.mtu); | 489 | net_config_interface(cfg.interface0.dev, cfg.interface0.ip, cfg.interface0.mask, cfg.interface0.mtu); |
491 | } | 490 | } |
492 | if (cfg.interface1.configured && cfg.interface1.ip) { | 491 | if (cfg.interface1.configured && cfg.interface1.ip) { |
493 | assert(0); | ||
494 | if (arg_debug) | 492 | if (arg_debug) |
495 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface1.ip), cfg.interface1.dev); | 493 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface1.ip), cfg.interface1.dev); |
496 | net_config_interface(cfg.interface1.dev, cfg.interface1.ip, cfg.interface1.mask, cfg.interface1.mtu); | 494 | net_config_interface(cfg.interface1.dev, cfg.interface1.ip, cfg.interface1.mask, cfg.interface1.mtu); |
497 | } | 495 | } |
498 | if (cfg.interface2.configured && cfg.interface2.ip) { | 496 | if (cfg.interface2.configured && cfg.interface2.ip) { |
499 | assert(0); | ||
500 | if (arg_debug) | 497 | if (arg_debug) |
501 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface2.ip), cfg.interface2.dev); | 498 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface2.ip), cfg.interface2.dev); |
502 | net_config_interface(cfg.interface2.dev, cfg.interface2.ip, cfg.interface2.mask, cfg.interface2.mtu); | 499 | net_config_interface(cfg.interface2.dev, cfg.interface2.ip, cfg.interface2.mask, cfg.interface2.mtu); |
503 | } | 500 | } |
504 | if (cfg.interface3.configured && cfg.interface3.ip) { | 501 | if (cfg.interface3.configured && cfg.interface3.ip) { |
505 | assert(0); | ||
506 | if (arg_debug) | 502 | if (arg_debug) |
507 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface3.ip), cfg.interface3.dev); | 503 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface3.ip), cfg.interface3.dev); |
508 | net_config_interface(cfg.interface3.dev, cfg.interface3.ip, cfg.interface3.mask, cfg.interface3.mtu); | 504 | net_config_interface(cfg.interface3.dev, cfg.interface3.ip, cfg.interface3.mask, cfg.interface3.mtu); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index b16736dee..3d4eef3aa 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -156,9 +156,11 @@ int sbox_run(unsigned filter, int num, ...) { | |||
156 | caps_drop_all(); | 156 | caps_drop_all(); |
157 | } | 157 | } |
158 | else if (filter & SBOX_CAPS_NETWORK) { | 158 | else if (filter & SBOX_CAPS_NETWORK) { |
159 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files | ||
159 | uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN; | 160 | uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN; |
160 | set |= ((uint64_t) 1) << CAP_NET_RAW; | 161 | set |= ((uint64_t) 1) << CAP_NET_RAW; |
161 | caps_set(set); | 162 | caps_set(set); |
163 | #endif | ||
162 | } | 164 | } |
163 | 165 | ||
164 | if (filter & SBOX_SECCOMP) { | 166 | if (filter & SBOX_SECCOMP) { |
diff --git a/src/fnet/interface.c b/src/fnet/interface.c index 67af062bf..046b2c972 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c | |||
@@ -284,6 +284,7 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) { | |||
284 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); | 284 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); |
285 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { | 285 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { |
286 | close(sock); | 286 | close(sock); |
287 | fprintf(stderr, "Error fnet: cannot find interface %s\n", ifname); | ||
287 | errExit("ioctl"); | 288 | errExit("ioctl"); |
288 | } | 289 | } |
289 | 290 | ||