diff options
-rw-r--r-- | src/firejail/netfilter.c | 8 | ||||
-rw-r--r-- | status | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index ed2d019ab..22c8392a0 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -69,8 +69,12 @@ void netfilter(const char *fname) { | |||
69 | if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644)) | 69 | if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644)) |
70 | errExit("set_perms"); | 70 | errExit("set_perms"); |
71 | 71 | ||
72 | if (fname == NULL) | 72 | if (fname == NULL) { |
73 | sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE); | 73 | if (netfilter_default) |
74 | sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, netfilter_default, SBOX_STDIN_FILE); | ||
75 | else | ||
76 | sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE); | ||
77 | } | ||
74 | else | 78 | else |
75 | sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE); | 79 | sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE); |
76 | 80 | ||
@@ -1,5 +1,9 @@ | |||
1 | 2019: Jan 2 | 1 | |
2 | done: Correctly set address length in arp frames | 2 | Jan 9: fix netfilter-default functionality in /etc/firejail/firejail.config |
3 | Jan 8: test caps join | ||
4 | Jan 8: testing seccomp/join | ||
5 | Jan 8: fix join/seccomp #2296 | ||
6 | Jan 2: Correctly set address length in arp frames | ||
3 | 7 | ||
4 | Nov 6: mainline merge | 8 | Nov 6: mainline merge |
5 | done: removed transfer.sh support from travis build | 9 | done: removed transfer.sh support from travis build |