diff options
-rw-r--r-- | src/firejail/checkcfg.c | 7 | ||||
-rw-r--r-- | src/fnet/main.c | 38 | ||||
-rw-r--r-- | src/fnet/veth.c | 3 | ||||
-rw-r--r-- | src/man/firejail.txt | 1 |
4 files changed, 41 insertions, 8 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index f8094e893..ac3ad7cd8 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -494,5 +494,12 @@ void print_compiletime_support(void) { | |||
494 | "disabled" | 494 | "disabled" |
495 | #endif | 495 | #endif |
496 | ); | 496 | ); |
497 | printf("\t- Wireless interface support is %s\n", | ||
498 | #ifdef IPVLAN_MODE_L2 | ||
499 | "enabled" | ||
500 | #else | ||
501 | "disabled" | ||
502 | #endif | ||
503 | ); | ||
497 | 504 | ||
498 | } | 505 | } |
diff --git a/src/fnet/main.c b/src/fnet/main.c index 3832cfaef..5be15bc75 100644 --- a/src/fnet/main.c +++ b/src/fnet/main.c | |||
@@ -90,14 +90,38 @@ printf("\n"); | |||
90 | } | 90 | } |
91 | else if (argc == 6 && strcmp(argv[1], "create") == 0 && strcmp(argv[2], "macvlan") == 0) { | 91 | else if (argc == 6 && strcmp(argv[1], "create") == 0 && strcmp(argv[2], "macvlan") == 0) { |
92 | // use ipvlan for wireless devices | 92 | // use ipvlan for wireless devices |
93 | struct stat s; | 93 | // ipvlan driver was introduced in Linux kernel 3.19 |
94 | char *fname; | 94 | // detect both compile time and run time |
95 | if (asprintf(&fname, "/sys/class/net/%s/wireless", argv[4]) == -1) | 95 | #ifndef IPVLAN_MODE_L2 // compile time |
96 | errExit("asprintf"); | 96 | net_create_macvlan(argv[3], argv[4], atoi(argv[5])); |
97 | if (stat(fname, &s) == 0) // wireless | 97 | #else |
98 | net_create_ipvlan(argv[3], argv[4], atoi(argv[5])); | 98 | // check kernel version |
99 | else // regular ethernet | 99 | struct utsname u; |
100 | int rv = uname(&u); | ||
101 | if (rv != 0) | ||
102 | errExit("uname"); | ||
103 | int major; | ||
104 | int minor; | ||
105 | if (2 != sscanf(u.release, "%d.%d", &major, &minor)) { | ||
106 | fprintf(stderr, "Error fnet: cannot extract Linux kernel version: %s\n", u.version); | ||
107 | exit(1); | ||
108 | } | ||
109 | |||
110 | if (arg_debug) | ||
111 | printf("Linux kernel version %d.%d\n", major, minor); | ||
112 | if (major <= 3 && minor < 18) | ||
100 | net_create_macvlan(argv[3], argv[4], atoi(argv[5])); | 113 | net_create_macvlan(argv[3], argv[4], atoi(argv[5])); |
114 | else { | ||
115 | struct stat s; | ||
116 | char *fname; | ||
117 | if (asprintf(&fname, "/sys/class/net/%s/wireless", argv[4]) == -1) | ||
118 | errExit("asprintf"); | ||
119 | if (stat(fname, &s) == 0) // wireless | ||
120 | net_create_ipvlan(argv[3], argv[4], atoi(argv[5])); | ||
121 | else // regular ethernet | ||
122 | net_create_macvlan(argv[3], argv[4], atoi(argv[5])); | ||
123 | } | ||
124 | #endif | ||
101 | } | 125 | } |
102 | else if (argc == 7 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "interface") == 0) { | 126 | else if (argc == 7 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "interface") == 0) { |
103 | char *dev = argv[3]; | 127 | char *dev = argv[3]; |
diff --git a/src/fnet/veth.c b/src/fnet/veth.c index fb4f3dc31..36362f1c1 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c | |||
@@ -176,6 +176,7 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) { | |||
176 | return 0; | 176 | return 0; |
177 | } | 177 | } |
178 | 178 | ||
179 | #ifdef IPVLAN_MODE_L2 | ||
179 | int net_create_ipvlan(const char *dev, const char *parent, unsigned pid) { | 180 | int net_create_ipvlan(const char *dev, const char *parent, unsigned pid) { |
180 | int len; | 181 | int len; |
181 | struct iplink_req req; | 182 | struct iplink_req req; |
@@ -237,7 +238,7 @@ int net_create_ipvlan(const char *dev, const char *parent, unsigned pid) { | |||
237 | 238 | ||
238 | return 0; | 239 | return 0; |
239 | } | 240 | } |
240 | 241 | #endif | |
241 | 242 | ||
242 | // move the interface dev in namespace of program pid | 243 | // move the interface dev in namespace of program pid |
243 | // when the interface is moved, netlink does not preserve interface configuration | 244 | // when the interface is moved, netlink does not preserve interface configuration |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7d3cc89d8..aad678aa4 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -795,6 +795,7 @@ IP address and a default gateway will be assigned automatically | |||
795 | to the sandbox. The IP address is verified using ARP before | 795 | to the sandbox. The IP address is verified using ARP before |
796 | assignment. The address configured as default gateway is the | 796 | assignment. The address configured as default gateway is the |
797 | default gateway of the host. Up to four \-\-net options can be specified. | 797 | default gateway of the host. Up to four \-\-net options can be specified. |
798 | Support for ipvlan driver was introduced in Linux kernel 3.19. | ||
798 | .br | 799 | .br |
799 | 800 | ||
800 | .br | 801 | .br |