diff options
-rw-r--r-- | etc/net/nolocal.net | 2 | ||||
-rw-r--r-- | etc/profile-m-z/meld.profile | 1 | ||||
-rw-r--r-- | src/firejail/util.c | 29 |
3 files changed, 22 insertions, 10 deletions
diff --git a/etc/net/nolocal.net b/etc/net/nolocal.net index 8955f740d..0eb9f9784 100644 --- a/etc/net/nolocal.net +++ b/etc/net/nolocal.net | |||
@@ -32,5 +32,5 @@ | |||
32 | -A OUTPUT -d 172.16.0.0/12 -j DROP | 32 | -A OUTPUT -d 172.16.0.0/12 -j DROP |
33 | 33 | ||
34 | # drop multicast traffic | 34 | # drop multicast traffic |
35 | -A OUTPUT -d 244.0.0.0/4 -j DROP | 35 | -A OUTPUT -d 224.0.0.0/4 -j DROP |
36 | COMMIT | 36 | COMMIT |
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index 84db8b785..385700648 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile | |||
@@ -70,6 +70,7 @@ private-cache | |||
70 | private-dev | 70 | private-dev |
71 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare in /etc. | 71 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare in /etc. |
72 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,subversion | 72 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,subversion |
73 | # Comment the next line (or add 'ignore private-tmp to your meld.local') if you want to use it as a difftool (#3551) | ||
73 | private-tmp | 74 | private-tmp |
74 | 75 | ||
75 | read-only ${HOME}/.ssh | 76 | read-only ${HOME}/.ssh |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 6bfc80903..3aa0584d6 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -957,16 +957,27 @@ int remove_overlay_directory(void) { | |||
957 | return 0; | 957 | return 0; |
958 | } | 958 | } |
959 | 959 | ||
960 | // flush stdin if it is connected to a tty and has input | ||
960 | void flush_stdin(void) { | 961 | void flush_stdin(void) { |
961 | if (isatty(STDIN_FILENO)) { | 962 | if (!isatty(STDIN_FILENO)) |
962 | int cnt = 0; | 963 | return; |
963 | int rv = ioctl(STDIN_FILENO, FIONREAD, &cnt); | 964 | |
964 | if (rv == 0 && cnt) { | 965 | int cnt = 0; |
965 | fwarning("removing %d bytes from stdin\n", cnt); | 966 | int rv = ioctl(STDIN_FILENO, FIONREAD, &cnt); |
966 | rv = ioctl(STDIN_FILENO, TCFLSH, TCIFLUSH); | 967 | if (rv != 0 || cnt == 0) |
967 | (void) rv; | 968 | return; |
968 | } | 969 | |
969 | } | 970 | fwarning("removing %d bytes from stdin\n", cnt); |
971 | |||
972 | // If this process is backgrounded, below ioctl() will trigger | ||
973 | // SIGTTOU and stop us. We avoid this by ignoring SIGTTOU for | ||
974 | // the duration of the ioctl. | ||
975 | sighandler_t hdlr = signal(SIGTTOU, SIG_IGN); | ||
976 | rv = ioctl(STDIN_FILENO, TCFLSH, TCIFLUSH); | ||
977 | signal(SIGTTOU, hdlr); | ||
978 | |||
979 | if (rv) | ||
980 | fwarning("Flushing stdin failed: %s\n", strerror(errno)); | ||
970 | } | 981 | } |
971 | 982 | ||
972 | // return 1 if new directory was created, else return 0 | 983 | // return 1 if new directory was created, else return 0 |