diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-11-10 07:18:24 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-11-10 07:18:24 -0500 |
| commit | 334c79edd83377a09c138800c0a2fefaf9c7981f (patch) | |
| tree | 4511f4a41338d8a59c302b10588c974aeffd5a46 /src | |
| parent | fixed --top (diff) | |
| download | firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.tar.gz firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.tar.zst firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.zip | |
testing
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 6 | ||||
| -rw-r--r-- | src/fnet/veth.c | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index f01094af9..4759e6a5f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -517,9 +517,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
| 517 | struct stat s; | 517 | struct stat s; |
| 518 | int rv; | 518 | int rv; |
| 519 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) | 519 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) |
| 520 | rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats"); | 520 | rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
| 521 | 2, PATH_FIREMON, "--netstats"); | ||
| 521 | else | 522 | else |
| 522 | rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats"); | 523 | rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
| 524 | 2, PATH_FIREMON, "--netstats"); | ||
| 523 | exit(rv); | 525 | exit(rv); |
| 524 | } | 526 | } |
| 525 | else { | 527 | else { |
diff --git a/src/fnet/veth.c b/src/fnet/veth.c index d06bc9256..546fafcec 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c | |||
| @@ -111,6 +111,8 @@ int net_create_veth(const char *dev, const char *nsdev, unsigned pid) { | |||
| 111 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 111 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
| 112 | exit(2); | 112 | exit(2); |
| 113 | 113 | ||
| 114 | rtnl_close(&rth); | ||
| 115 | |||
| 114 | return 0; | 116 | return 0; |
| 115 | } | 117 | } |
| 116 | 118 | ||
| @@ -173,6 +175,8 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) { | |||
| 173 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 175 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
| 174 | exit(2); | 176 | exit(2); |
| 175 | 177 | ||
| 178 | rtnl_close(&rth); | ||
| 179 | |||
| 176 | return 0; | 180 | return 0; |
| 177 | } | 181 | } |
| 178 | 182 | ||
| @@ -209,6 +213,8 @@ int net_move_interface(const char *dev, unsigned pid) { | |||
| 209 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 213 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
| 210 | exit(2); | 214 | exit(2); |
| 211 | 215 | ||
| 216 | rtnl_close(&rth); | ||
| 217 | |||
| 212 | return 0; | 218 | return 0; |
| 213 | } | 219 | } |
| 214 | 220 | ||