diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-11-09 09:43:31 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-11-09 09:43:31 -0500 |
| commit | e44f60a25011e388ae9f33ce8d16b9d8cb143502 (patch) | |
| tree | 2a13bc2f751db72c75f1cd96f88d932c4b5c4a90 /src | |
| parent | testing (diff) | |
| download | firejail-e44f60a25011e388ae9f33ce8d16b9d8cb143502.tar.gz firejail-e44f60a25011e388ae9f33ce8d16b9d8cb143502.tar.zst firejail-e44f60a25011e388ae9f33ce8d16b9d8cb143502.zip | |
testing
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/sandbox.c | 8 | ||||
| -rw-r--r-- | src/firejail/sbox.c | 2 | ||||
| -rw-r--r-- | src/fnet/interface.c | 1 |
3 files changed, 5 insertions, 6 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 556cb1fca..6b7f7f003 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -481,28 +481,24 @@ int sandbox(void* sandbox_arg) { | |||
| 481 | sandbox_if_up(&cfg.bridge3); | 481 | sandbox_if_up(&cfg.bridge3); |
| 482 | 482 | ||
| 483 | 483 | ||
| 484 | // todo: this code seems to be dead!!! | 484 | // moving an interface in a namespace using --interface will reset the interface configuration; |
| 485 | // enable interfaces | 485 | // we need to put the configuration back |
| 486 | if (cfg.interface0.configured && cfg.interface0.ip) { | 486 | if (cfg.interface0.configured && cfg.interface0.ip) { |
| 487 | assert(0); | ||
| 488 | if (arg_debug) | 487 | if (arg_debug) |
| 489 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface0.ip), cfg.interface0.dev); | 488 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface0.ip), cfg.interface0.dev); |
| 490 | net_config_interface(cfg.interface0.dev, cfg.interface0.ip, cfg.interface0.mask, cfg.interface0.mtu); | 489 | net_config_interface(cfg.interface0.dev, cfg.interface0.ip, cfg.interface0.mask, cfg.interface0.mtu); |
| 491 | } | 490 | } |
| 492 | if (cfg.interface1.configured && cfg.interface1.ip) { | 491 | if (cfg.interface1.configured && cfg.interface1.ip) { |
| 493 | assert(0); | ||
| 494 | if (arg_debug) | 492 | if (arg_debug) |
| 495 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface1.ip), cfg.interface1.dev); | 493 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface1.ip), cfg.interface1.dev); |
| 496 | net_config_interface(cfg.interface1.dev, cfg.interface1.ip, cfg.interface1.mask, cfg.interface1.mtu); | 494 | net_config_interface(cfg.interface1.dev, cfg.interface1.ip, cfg.interface1.mask, cfg.interface1.mtu); |
| 497 | } | 495 | } |
| 498 | if (cfg.interface2.configured && cfg.interface2.ip) { | 496 | if (cfg.interface2.configured && cfg.interface2.ip) { |
| 499 | assert(0); | ||
| 500 | if (arg_debug) | 497 | if (arg_debug) |
| 501 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface2.ip), cfg.interface2.dev); | 498 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface2.ip), cfg.interface2.dev); |
| 502 | net_config_interface(cfg.interface2.dev, cfg.interface2.ip, cfg.interface2.mask, cfg.interface2.mtu); | 499 | net_config_interface(cfg.interface2.dev, cfg.interface2.ip, cfg.interface2.mask, cfg.interface2.mtu); |
| 503 | } | 500 | } |
| 504 | if (cfg.interface3.configured && cfg.interface3.ip) { | 501 | if (cfg.interface3.configured && cfg.interface3.ip) { |
| 505 | assert(0); | ||
| 506 | if (arg_debug) | 502 | if (arg_debug) |
| 507 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface3.ip), cfg.interface3.dev); | 503 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface3.ip), cfg.interface3.dev); |
| 508 | net_config_interface(cfg.interface3.dev, cfg.interface3.ip, cfg.interface3.mask, cfg.interface3.mtu); | 504 | net_config_interface(cfg.interface3.dev, cfg.interface3.ip, cfg.interface3.mask, cfg.interface3.mtu); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index b16736dee..3d4eef3aa 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
| @@ -156,9 +156,11 @@ int sbox_run(unsigned filter, int num, ...) { | |||
| 156 | caps_drop_all(); | 156 | caps_drop_all(); |
| 157 | } | 157 | } |
| 158 | else if (filter & SBOX_CAPS_NETWORK) { | 158 | else if (filter & SBOX_CAPS_NETWORK) { |
| 159 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files | ||
| 159 | uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN; | 160 | uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN; |
| 160 | set |= ((uint64_t) 1) << CAP_NET_RAW; | 161 | set |= ((uint64_t) 1) << CAP_NET_RAW; |
| 161 | caps_set(set); | 162 | caps_set(set); |
| 163 | #endif | ||
| 162 | } | 164 | } |
| 163 | 165 | ||
| 164 | if (filter & SBOX_SECCOMP) { | 166 | if (filter & SBOX_SECCOMP) { |
diff --git a/src/fnet/interface.c b/src/fnet/interface.c index 67af062bf..046b2c972 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c | |||
| @@ -284,6 +284,7 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) { | |||
| 284 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); | 284 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); |
| 285 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { | 285 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { |
| 286 | close(sock); | 286 | close(sock); |
| 287 | fprintf(stderr, "Error fnet: cannot find interface %s\n", ifname); | ||
| 287 | errExit("ioctl"); | 288 | errExit("ioctl"); |
| 288 | } | 289 | } |
| 289 | 290 | ||