diff options
-rw-r--r-- | README | 6 | ||||
-rw-r--r-- | etc/profile-a-l/fdns.profile | 8 | ||||
-rw-r--r-- | src/firejail/main.c | 14 | ||||
-rw-r--r-- | src/firejail/netns.c | 2 |
4 files changed, 22 insertions, 8 deletions
@@ -176,6 +176,8 @@ BogDan Vatra (https://github.com/bog-dan-ro) | |||
176 | - zoom profile | 176 | - zoom profile |
177 | Brad Ackerman | 177 | Brad Ackerman |
178 | - blacklist Bitwarden config in disable-passwdmgr.inc | 178 | - blacklist Bitwarden config in disable-passwdmgr.inc |
179 | briaeros (https://github.com/briaeros) | ||
180 | - fix command test in jail_prober.py | ||
179 | Bruno Nova (https://github.com/brunonova) | 181 | Bruno Nova (https://github.com/brunonova) |
180 | - whitelist fix | 182 | - whitelist fix |
181 | - bash arguments fix | 183 | - bash arguments fix |
@@ -249,6 +251,8 @@ Danil Semelenov (https://github.com/sgtpep) | |||
249 | Dara Adib (https://github.com/daradib) | 251 | Dara Adib (https://github.com/daradib) |
250 | - ssh profile fix | 252 | - ssh profile fix |
251 | - evince profile fix | 253 | - evince profile fix |
254 | Dario Pellegrini (https://github.com/dpellegr) | ||
255 | - allowing links in netns | ||
252 | David Thole (https://github.com/TheDarkTrumpet) | 256 | David Thole (https://github.com/TheDarkTrumpet) |
253 | - added profile for teams-for-linux | 257 | - added profile for teams-for-linux |
254 | Davide Beatrici (https://github.com/davidebeatrici) | 258 | Davide Beatrici (https://github.com/davidebeatrici) |
@@ -583,7 +587,7 @@ mirabellette (https://github.com/mirabellette) | |||
583 | mjudtmann (https://github.com/mjudtmann) | 587 | mjudtmann (https://github.com/mjudtmann) |
584 | - lock firejail configuration in disable-mgmt.inc | 588 | - lock firejail configuration in disable-mgmt.inc |
585 | mustaqimM (https://github.com/mustaqimM) | 589 | mustaqimM (https://github.com/mustaqimM) |
586 | - added profile for Nylas Mail | 590 | - added profile for Nylas Mail |
587 | n1trux (https://github.com/n1trux) | 591 | n1trux (https://github.com/n1trux) |
588 | - fix flashpeak-slimjet profile typos | 592 | - fix flashpeak-slimjet profile typos |
589 | nblock (https://github.com/nblock) | 593 | nblock (https://github.com/nblock) |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 179540806..31cb1776c 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -29,20 +29,20 @@ no3d | |||
29 | nodvd | 29 | nodvd |
30 | nogroups | 30 | nogroups |
31 | nonewprivs | 31 | nonewprivs |
32 | # noroot | 32 | noroot |
33 | nosound | 33 | nosound |
34 | notv | 34 | notv |
35 | nou2f | 35 | nou2f |
36 | novideo | 36 | novideo |
37 | protocol unix,inet,inet6 | 37 | protocol unix,inet,inet6,netlink |
38 | #seccomp | 38 | #seccomp |
39 | #shell none | 39 | #shell none |
40 | 40 | ||
41 | disable-mnt | 41 | disable-mnt |
42 | private | 42 | private |
43 | private-bin bash,fdns,sh | 43 | private-bin bash,fdns,sh |
44 | # private-cache | 44 | private-cache |
45 | private-dev | 45 | #private-dev |
46 | private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl | 46 | private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl |
47 | # private-lib | 47 | # private-lib |
48 | private-tmp | 48 | private-tmp |
diff --git a/src/firejail/main.c b/src/firejail/main.c index daa924698..06f81a987 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -3080,17 +3080,27 @@ int main(int argc, char **argv, char **envp) { | |||
3080 | // end of signal-safe code | 3080 | // end of signal-safe code |
3081 | //***************************** | 3081 | //***************************** |
3082 | 3082 | ||
3083 | #if 0 | ||
3084 | // at this point the sandbox was closed and we are on our way out | ||
3085 | // it would make sense to move this before waitpid above to free some memory | ||
3086 | // crash for now as of issue #3662 from dhcp code | ||
3083 | // free globals | 3087 | // free globals |
3084 | if (cfg.profile) { | 3088 | if (cfg.profile) { |
3085 | ProfileEntry *prf = cfg.profile; | 3089 | ProfileEntry *prf = cfg.profile; |
3086 | while (prf != NULL) { | 3090 | while (prf != NULL) { |
3087 | ProfileEntry *next = prf->next; | 3091 | ProfileEntry *next = prf->next; |
3088 | free(prf->data); | 3092 | printf("data #%s#\n", prf->data); |
3089 | free(prf->link); | 3093 | if (prf->data) |
3094 | free(prf->data); | ||
3095 | printf("link #%s#\n", prf->link); | ||
3096 | if (prf->link) | ||
3097 | free(prf->link); | ||
3090 | free(prf); | 3098 | free(prf); |
3091 | prf = next; | 3099 | prf = next; |
3092 | } | 3100 | } |
3093 | } | 3101 | } |
3102 | #endif | ||
3103 | |||
3094 | 3104 | ||
3095 | if (WIFEXITED(status)){ | 3105 | if (WIFEXITED(status)){ |
3096 | myexit(WEXITSTATUS(status)); | 3106 | myexit(WEXITSTATUS(status)); |
diff --git a/src/firejail/netns.c b/src/firejail/netns.c index 104453376..7ccff3265 100644 --- a/src/firejail/netns.c +++ b/src/firejail/netns.c | |||
@@ -60,7 +60,7 @@ void check_netns(const char *nsname) { | |||
60 | nsname, control_file, strerror(errno)); | 60 | nsname, control_file, strerror(errno)); |
61 | exit(1); | 61 | exit(1); |
62 | } | 62 | } |
63 | if (!S_ISREG(st.st_mode)) { | 63 | if (!S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode)) { |
64 | fprintf(stderr, "Error: invalid netns '%s' (%s: not a regular file)\n", | 64 | fprintf(stderr, "Error: invalid netns '%s' (%s: not a regular file)\n", |
65 | nsname, control_file); | 65 | nsname, control_file); |
66 | exit(1); | 66 | exit(1); |