diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | etc/profile-a-l/fdns.profile | 8 | ||||
-rw-r--r-- | src/firejail/main.c | 14 |
3 files changed, 18 insertions, 6 deletions
@@ -249,6 +249,8 @@ Danil Semelenov (https://github.com/sgtpep) | |||
249 | Dara Adib (https://github.com/daradib) | 249 | Dara Adib (https://github.com/daradib) |
250 | - ssh profile fix | 250 | - ssh profile fix |
251 | - evince profile fix | 251 | - evince profile fix |
252 | Dario Pellegrini (https://github.com/dpellegr) | ||
253 | - allowing links in netns | ||
252 | David Thole (https://github.com/TheDarkTrumpet) | 254 | David Thole (https://github.com/TheDarkTrumpet) |
253 | - added profile for teams-for-linux | 255 | - added profile for teams-for-linux |
254 | Davide Beatrici (https://github.com/davidebeatrici) | 256 | Davide Beatrici (https://github.com/davidebeatrici) |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 179540806..31cb1776c 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -29,20 +29,20 @@ no3d | |||
29 | nodvd | 29 | nodvd |
30 | nogroups | 30 | nogroups |
31 | nonewprivs | 31 | nonewprivs |
32 | # noroot | 32 | noroot |
33 | nosound | 33 | nosound |
34 | notv | 34 | notv |
35 | nou2f | 35 | nou2f |
36 | novideo | 36 | novideo |
37 | protocol unix,inet,inet6 | 37 | protocol unix,inet,inet6,netlink |
38 | #seccomp | 38 | #seccomp |
39 | #shell none | 39 | #shell none |
40 | 40 | ||
41 | disable-mnt | 41 | disable-mnt |
42 | private | 42 | private |
43 | private-bin bash,fdns,sh | 43 | private-bin bash,fdns,sh |
44 | # private-cache | 44 | private-cache |
45 | private-dev | 45 | #private-dev |
46 | private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl | 46 | private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl |
47 | # private-lib | 47 | # private-lib |
48 | private-tmp | 48 | private-tmp |
diff --git a/src/firejail/main.c b/src/firejail/main.c index daa924698..06f81a987 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -3080,17 +3080,27 @@ int main(int argc, char **argv, char **envp) { | |||
3080 | // end of signal-safe code | 3080 | // end of signal-safe code |
3081 | //***************************** | 3081 | //***************************** |
3082 | 3082 | ||
3083 | #if 0 | ||
3084 | // at this point the sandbox was closed and we are on our way out | ||
3085 | // it would make sense to move this before waitpid above to free some memory | ||
3086 | // crash for now as of issue #3662 from dhcp code | ||
3083 | // free globals | 3087 | // free globals |
3084 | if (cfg.profile) { | 3088 | if (cfg.profile) { |
3085 | ProfileEntry *prf = cfg.profile; | 3089 | ProfileEntry *prf = cfg.profile; |
3086 | while (prf != NULL) { | 3090 | while (prf != NULL) { |
3087 | ProfileEntry *next = prf->next; | 3091 | ProfileEntry *next = prf->next; |
3088 | free(prf->data); | 3092 | printf("data #%s#\n", prf->data); |
3089 | free(prf->link); | 3093 | if (prf->data) |
3094 | free(prf->data); | ||
3095 | printf("link #%s#\n", prf->link); | ||
3096 | if (prf->link) | ||
3097 | free(prf->link); | ||
3090 | free(prf); | 3098 | free(prf); |
3091 | prf = next; | 3099 | prf = next; |
3092 | } | 3100 | } |
3093 | } | 3101 | } |
3102 | #endif | ||
3103 | |||
3094 | 3104 | ||
3095 | if (WIFEXITED(status)){ | 3105 | if (WIFEXITED(status)){ |
3096 | myexit(WEXITSTATUS(status)); | 3106 | myexit(WEXITSTATUS(status)); |