1 files changed, 120 insertions, 1 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 6ded0ca2f..7ff7c7926 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -319,7 +319,126 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
-        
+// from here
+        else if (strncmp(ptr, "mac ", 4) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        
+                        if (mac_not_zero(br->macsandbox)) {
+                                fprintf(stderr, "Error: cannot configure the MAC address twice for the same interface\n");
+                                exit(1);
+                        }
+                        // read the address
+                        if (atomac(ptr + 4, br->macsandbox)) {
+                                fprintf(stderr, "Error: invalid MAC address\n");
+                                exit(1);
+                        }
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
+        else if (strncmp(ptr, "mtu ", 4) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        
+                        if (sscanf(ptr + 4, "%d", &br->mtu) != 1 || br->mtu < 576 || br->mtu > 9198) {
+                                fprintf(stderr, "Error: invalid mtu value\n");
+                                exit(1);
+                        }
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
+        else if (strncmp(ptr, "ip ", 3) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        if (br->arg_ip_none || br->ipsandbox) {
+                                fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
+                                exit(1);
+                        }
+                        // configure this IP address for the last bridge defined
+                        if (strcmp(ptr + 3, "none") == 0)
+                                br->arg_ip_none = 1;
+                        else {
+                                if (atoip(ptr + 3, &br->ipsandbox)) {
+                                        fprintf(stderr, "Error: invalid IP address\n");
+                                        exit(1);
+                                }
+                        }
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
+        else if (strncmp(ptr, "ip6 ", 4) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        if (br->arg_ip_none || br->ip6sandbox) {
+                                fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
+                                exit(1);
+                        }
+                        // configure this IP address for the last bridge defined
+                        // todo: verify ipv6 syntax
+                        br->ip6sandbox = ptr + 4;
+//                      if (atoip(argv[i] + 5, &br->ipsandbox)) {
+//                              fprintf(stderr, "Error: invalid IP address\n");
+//                              exit(1);
+//                      }
+                        
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
+        else if (strncmp(ptr, "defaultgw ", 10) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (atoip(ptr + 10, &cfg.defaultgw)) {
+                                fprintf(stderr, "Error: invalid IP address\n");
+                                exit(1);
+                        }
+                }
+                else
+                        fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
+#endif
+                return 0;
+        }
        if (strncmp(ptr, "protocol ", 9) == 0) {
 #ifdef HAVE_SECCOMP
                if (checkcfg(CFG_SECCOMP))

diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 6ded0ca2f..7ff7c7926 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -319,7 +319,126 @@ int profile_check_line(char ptr, int lineno, const char fname) {
319	return 0;	319	return 0;
320	}	320	}
321		321
322		322
		323	// from here
		324	else if (strncmp(ptr, "mac ", 4) == 0) {
		325	#ifdef HAVE_NETWORK
		326	if (checkcfg(CFG_NETWORK)) {
		327	Bridge *br = last_bridge_configured();
		328	if (br == NULL) {
		329	fprintf(stderr, "Error: no network device configured\n");
		330	exit(1);
		331	}
		332
		333	if (mac_not_zero(br->macsandbox)) {
		334	fprintf(stderr, "Error: cannot configure the MAC address twice for the same interface\n");
		335	exit(1);
		336	}
		337
		338	// read the address
		339	if (atomac(ptr + 4, br->macsandbox)) {
		340	fprintf(stderr, "Error: invalid MAC address\n");
		341	exit(1);
		342	}
		343	}
		344	else
		345	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		346	#endif
		347	return 0;
		348	}
		349
		350	else if (strncmp(ptr, "mtu ", 4) == 0) {
		351	#ifdef HAVE_NETWORK
		352	if (checkcfg(CFG_NETWORK)) {
		353	Bridge *br = last_bridge_configured();
		354	if (br == NULL) {
		355	fprintf(stderr, "Error: no network device configured\n");
		356	exit(1);
		357	}
		358
		359	if (sscanf(ptr + 4, "%d", &br->mtu) != 1 \|\| br->mtu < 576 \|\| br->mtu > 9198) {
		360	fprintf(stderr, "Error: invalid mtu value\n");
		361	exit(1);
		362	}
		363	}
		364	else
		365	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		366	#endif
		367	return 0;
		368	}
		369
		370	else if (strncmp(ptr, "ip ", 3) == 0) {
		371	#ifdef HAVE_NETWORK
		372	if (checkcfg(CFG_NETWORK)) {
		373	Bridge *br = last_bridge_configured();
		374	if (br == NULL) {
		375	fprintf(stderr, "Error: no network device configured\n");
		376	exit(1);
		377	}
		378	if (br->arg_ip_none \|\| br->ipsandbox) {
		379	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
		380	exit(1);
		381	}
		382
		383	// configure this IP address for the last bridge defined
		384	if (strcmp(ptr + 3, "none") == 0)
		385	br->arg_ip_none = 1;
		386	else {
		387	if (atoip(ptr + 3, &br->ipsandbox)) {
		388	fprintf(stderr, "Error: invalid IP address\n");
		389	exit(1);
		390	}
		391	}
		392	}
		393	else
		394	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		395	#endif
		396	return 0;
		397	}
		398
		399	else if (strncmp(ptr, "ip6 ", 4) == 0) {
		400	#ifdef HAVE_NETWORK
		401	if (checkcfg(CFG_NETWORK)) {
		402	Bridge *br = last_bridge_configured();
		403	if (br == NULL) {
		404	fprintf(stderr, "Error: no network device configured\n");
		405	exit(1);
		406	}
		407	if (br->arg_ip_none \|\| br->ip6sandbox) {
		408	fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n");
		409	exit(1);
		410	}
		411
		412	// configure this IP address for the last bridge defined
		413	// todo: verify ipv6 syntax
		414	br->ip6sandbox = ptr + 4;
		415	// if (atoip(argv[i] + 5, &br->ipsandbox)) {
		416	// fprintf(stderr, "Error: invalid IP address\n");
		417	// exit(1);
		418	// }
		419
		420	}
		421	else
		422	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		423	#endif
		424	return 0;
		425	}
		426
		427	else if (strncmp(ptr, "defaultgw ", 10) == 0) {
		428	#ifdef HAVE_NETWORK
		429	if (checkcfg(CFG_NETWORK)) {
		430	Bridge *br = last_bridge_configured();
		431	if (atoip(ptr + 10, &cfg.defaultgw)) {
		432	fprintf(stderr, "Error: invalid IP address\n");
		433	exit(1);
		434	}
		435	}
		436	else
		437	fprintf(stderr, "Warning: networking features are disabled in Firejail configuration file\n");
		438	#endif
		439	return 0;
		440	}
		441
323	if (strncmp(ptr, "protocol ", 9) == 0) {	442	if (strncmp(ptr, "protocol ", 9) == 0) {
324	#ifdef HAVE_SECCOMP	443	#ifdef HAVE_SECCOMP
325	if (checkcfg(CFG_SECCOMP))	444	if (checkcfg(CFG_SECCOMP))