4 files changed, 22 insertions, 8 deletions

diff --git a/README b/README
index f6e384d4a..316ea0bdc 100644
--- a/README
+++ b/README
@@ -176,6 +176,8 @@ BogDan Vatra (https://github.com/bog-dan-ro)
         - zoom profile
 Brad Ackerman
         - blacklist Bitwarden config in disable-passwdmgr.inc
+briaeros (https://github.com/briaeros)
+        - fix command test in jail_prober.py
 Bruno Nova (https://github.com/brunonova)
         - whitelist fix
         - bash arguments fix
@@ -249,6 +251,8 @@ Danil Semelenov (https://github.com/sgtpep)
 Dara Adib (https://github.com/daradib)
         - ssh profile fix
         - evince profile fix
+Dario Pellegrini (https://github.com/dpellegr)
+        - allowing links in netns
 David Thole (https://github.com/TheDarkTrumpet)
         - added profile for teams-for-linux
 Davide Beatrici (https://github.com/davidebeatrici)
@@ -583,7 +587,7 @@ mirabellette (https://github.com/mirabellette)
 mjudtmann (https://github.com/mjudtmann)
         - lock firejail configuration in disable-mgmt.inc
 mustaqimM (https://github.com/mustaqimM)
-    - added profile for Nylas Mail
+        - added profile for Nylas Mail
 n1trux (https://github.com/n1trux)
         - fix flashpeak-slimjet profile typos
 nblock (https://github.com/nblock)
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 179540806..31cb1776c 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -29,20 +29,20 @@ no3d
 nodvd
 nogroups
 nonewprivs
-# noroot
+noroot
 nosound
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 #seccomp
 #shell none
 
 disable-mnt
 private
 private-bin bash,fdns,sh
-# private-cache
-private-dev
+private-cache
+#private-dev
 private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl
 # private-lib
 private-tmp
diff --git a/src/firejail/main.c b/src/firejail/main.c
index daa924698..06f81a987 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -3080,17 +3080,27 @@ int main(int argc, char **argv, char **envp) {
         // end of signal-safe code
         //*****************************
 
+#if 0
+// at this point the sandbox was closed and we are on our way out
+// it would make sense to move this before waitpid above to free some memory
+// crash for now as of issue #3662 from dhcp code
         // free globals
         if (cfg.profile) {
                 ProfileEntry *prf = cfg.profile;
                 while (prf != NULL) {
                         ProfileEntry *next = prf->next;
-                        free(prf->data);
-                        free(prf->link);
+printf("data #%s#\n", prf->data);
+                        if (prf->data)
+                                free(prf->data);
+printf("link #%s#\n", prf->link);
+                        if (prf->link)
+                                free(prf->link);
                         free(prf);
                         prf = next;
                 }
         }
+#endif
+
 
         if (WIFEXITED(status)){
                 myexit(WEXITSTATUS(status));
diff --git a/src/firejail/netns.c b/src/firejail/netns.c
index 104453376..7ccff3265 100644
--- a/src/firejail/netns.c
+++ b/src/firejail/netns.c
@@ -60,7 +60,7 @@ void check_netns(const char *nsname) {
                         nsname, control_file, strerror(errno));
                 exit(1);
         }
-        if (!S_ISREG(st.st_mode)) {
+        if (!S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode)) {
                 fprintf(stderr, "Error: invalid netns '%s' (%s: not a regular file)\n",
                         nsname, control_file);
                 exit(1);