1 files changed, 9 insertions, 9 deletions
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index e3c750767..cdb4c6514 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -157,7 +157,7 @@ void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child) {
        char *cstr;
        if (asprintf(&cstr, "%d", child) == -1)
                errExit("asprintf");
-        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 7, PATH_FNET, "create", "veth", dev, ifname, br->dev, cstr);
+        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 7, PATH_FNET_MAIN, "create", "veth", dev, ifname, br->dev, cstr);
        free(cstr);
        char *msg;
@@ -332,42 +332,42 @@ void network_main(pid_t child) {
                        net_configure_veth_pair(&cfg.bridge0, "eth0", child);
                }
                else
-                        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge0.devsandbox, cfg.bridge0.dev, cstr);
+                        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge0.devsandbox, cfg.bridge0.dev, cstr);
        }
        if (cfg.bridge1.configured) {
                if (cfg.bridge1.macvlan == 0)
                        net_configure_veth_pair(&cfg.bridge1, "eth1", child);
                else
-                        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge1.devsandbox, cfg.bridge1.dev, cstr);
+                        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge1.devsandbox, cfg.bridge1.dev, cstr);
        }
        if (cfg.bridge2.configured) {
                if (cfg.bridge2.macvlan == 0)
                        net_configure_veth_pair(&cfg.bridge2, "eth2", child);
                else
-                        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge2.devsandbox, cfg.bridge2.dev, cstr);
+                        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge2.devsandbox, cfg.bridge2.dev, cstr);
        }
        if (cfg.bridge3.configured) {
                if (cfg.bridge3.macvlan == 0)
                        net_configure_veth_pair(&cfg.bridge3, "eth3", child);
                else
-                        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge3.devsandbox, cfg.bridge3.dev, cstr);
+                        sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge3.devsandbox, cfg.bridge3.dev, cstr);
        }
        // move interfaces in sandbox
        if (cfg.interface0.configured) {
-                sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface0.dev, cstr);
+                sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface0.dev, cstr);
        }
        if (cfg.interface1.configured) {
-                sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface1.dev, cstr);
+                sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface1.dev, cstr);
        }
        if (cfg.interface2.configured) {
-                sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface2.dev, cstr);
+                sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface2.dev, cstr);
        }
        if (cfg.interface3.configured) {
-                sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface3.dev, cstr);
+                sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface3.dev, cstr);
        }
        free(cstr);

diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index e3c750767..cdb4c6514 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c
@@ -157,7 +157,7 @@ void net_configure_veth_pair(Bridge br, const char ifname, pid_t child) {
157	char *cstr;	157	char *cstr;
158	if (asprintf(&cstr, "%d", child) == -1)	158	if (asprintf(&cstr, "%d", child) == -1)
159	errExit("asprintf");	159	errExit("asprintf");
160	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 7, PATH_FNET, "create", "veth", dev, ifname, br->dev, cstr);	160	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 7, PATH_FNET_MAIN, "create", "veth", dev, ifname, br->dev, cstr);
161	free(cstr);	161	free(cstr);
162		162
163	char *msg;	163	char *msg;
@@ -332,42 +332,42 @@ void network_main(pid_t child) {
332	net_configure_veth_pair(&cfg.bridge0, "eth0", child);	332	net_configure_veth_pair(&cfg.bridge0, "eth0", child);
333	}	333	}
334	else	334	else
335	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge0.devsandbox, cfg.bridge0.dev, cstr);	335	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge0.devsandbox, cfg.bridge0.dev, cstr);
336	}	336	}
337		337
338	if (cfg.bridge1.configured) {	338	if (cfg.bridge1.configured) {
339	if (cfg.bridge1.macvlan == 0)	339	if (cfg.bridge1.macvlan == 0)
340	net_configure_veth_pair(&cfg.bridge1, "eth1", child);	340	net_configure_veth_pair(&cfg.bridge1, "eth1", child);
341	else	341	else
342	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge1.devsandbox, cfg.bridge1.dev, cstr);	342	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge1.devsandbox, cfg.bridge1.dev, cstr);
343	}	343	}
344		344
345	if (cfg.bridge2.configured) {	345	if (cfg.bridge2.configured) {
346	if (cfg.bridge2.macvlan == 0)	346	if (cfg.bridge2.macvlan == 0)
347	net_configure_veth_pair(&cfg.bridge2, "eth2", child);	347	net_configure_veth_pair(&cfg.bridge2, "eth2", child);
348	else	348	else
349	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge2.devsandbox, cfg.bridge2.dev, cstr);	349	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge2.devsandbox, cfg.bridge2.dev, cstr);
350	}	350	}
351		351
352	if (cfg.bridge3.configured) {	352	if (cfg.bridge3.configured) {
353	if (cfg.bridge3.macvlan == 0)	353	if (cfg.bridge3.macvlan == 0)
354	net_configure_veth_pair(&cfg.bridge3, "eth3", child);	354	net_configure_veth_pair(&cfg.bridge3, "eth3", child);
355	else	355	else
356	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge3.devsandbox, cfg.bridge3.dev, cstr);	356	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge3.devsandbox, cfg.bridge3.dev, cstr);
357	}	357	}
358		358
359	// move interfaces in sandbox	359	// move interfaces in sandbox
360	if (cfg.interface0.configured) {	360	if (cfg.interface0.configured) {
361	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface0.dev, cstr);	361	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface0.dev, cstr);
362	}	362	}
363	if (cfg.interface1.configured) {	363	if (cfg.interface1.configured) {
364	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface1.dev, cstr);	364	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface1.dev, cstr);
365	}	365	}
366	if (cfg.interface2.configured) {	366	if (cfg.interface2.configured) {
367	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface2.dev, cstr);	367	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface2.dev, cstr);
368	}	368	}
369	if (cfg.interface3.configured) {	369	if (cfg.interface3.configured) {
370	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface3.dev, cstr);	370	sbox_run(SBOX_ROOT \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface3.dev, cstr);
371	}	371	}
372		372
373	free(cstr);	373	free(cstr);