diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 11 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 5 |
2 files changed, 14 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 4b01ea0a5..fd96f8bb5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2874,6 +2874,17 @@ int main(int argc, char **argv, char **envp) { | |||
2874 | } | 2874 | } |
2875 | } | 2875 | } |
2876 | 2876 | ||
2877 | // check writable_etc and DNS/DHCP | ||
2878 | if (arg_writable_etc) { | ||
2879 | if (cfg.dns1 != NULL || any_dhcp()) { | ||
2880 | // we could end up overwriting the real /etc/resolv.conf, so we better exit now! | ||
2881 | fprintf(stderr, "Error: --dns/--ip=dhcp and --writable-etc are mutually exclusive\n"); | ||
2882 | exit(1); | ||
2883 | } | ||
2884 | } | ||
2885 | |||
2886 | |||
2887 | |||
2877 | // enable seccomp if only seccomp.block-secondary was specified | 2888 | // enable seccomp if only seccomp.block-secondary was specified |
2878 | if (arg_seccomp_block_secondary) | 2889 | if (arg_seccomp_block_secondary) |
2879 | arg_seccomp = 1; | 2890 | arg_seccomp = 1; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 96407d081..635137feb 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -1077,9 +1077,10 @@ int sandbox(void* sandbox_arg) { | |||
1077 | fs_dev_disable_input(); | 1077 | fs_dev_disable_input(); |
1078 | 1078 | ||
1079 | //**************************** | 1079 | //**************************** |
1080 | // set dns | 1080 | // rebuild etc directory, set dns |
1081 | //**************************** | 1081 | //**************************** |
1082 | fs_rebuild_etc(); | 1082 | if (!arg_writable_etc) |
1083 | fs_rebuild_etc(); | ||
1083 | 1084 | ||
1084 | //**************************** | 1085 | //**************************** |
1085 | // start dhcp client | 1086 | // start dhcp client |