aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/netfilter.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/netfilter.c')
-rw-r--r--src/firejail/netfilter.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index ed2d019ab..22c8392a0 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -69,8 +69,12 @@ void netfilter(const char *fname) {
69 if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644)) 69 if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644))
70 errExit("set_perms"); 70 errExit("set_perms");
71 71
72 if (fname == NULL) 72 if (fname == NULL) {
73 sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE); 73 if (netfilter_default)
74 sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, netfilter_default, SBOX_STDIN_FILE);
75 else
76 sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
77 }
74 else 78 else
75 sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE); 79 sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE);
76 80
generated by cgit v1.2.3-54-g00ecf (git 2.45.0) at 2024-05-16 03:56:36 +0000