diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/usage.c | 1 | ||||
-rw-r--r-- | src/fnettrace/static-ip-map | 4 | ||||
-rw-r--r-- | src/fseccomp/namespaces.c | 19 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
4 files changed, 21 insertions, 5 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 04c586f79..0a4c8a483 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -212,7 +212,6 @@ static char *usage_str = | |||
212 | " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" | 212 | " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" |
213 | " --profile=filename|profile_name - use a custom profile.\n" | 213 | " --profile=filename|profile_name - use a custom profile.\n" |
214 | " --profile.print=name|pid - print the name of profile file.\n" | 214 | " --profile.print=name|pid - print the name of profile file.\n" |
215 | " --profile-path=directory - use this directory to look for profile files.\n" | ||
216 | " --protocol=protocol,protocol,protocol - enable protocol filter.\n" | 215 | " --protocol=protocol,protocol,protocol - enable protocol filter.\n" |
217 | " --protocol.print=name|pid - print the protocol filter.\n" | 216 | " --protocol.print=name|pid - print the protocol filter.\n" |
218 | #ifdef HAVE_FILE_TRANSFER | 217 | #ifdef HAVE_FILE_TRANSFER |
diff --git a/src/fnettrace/static-ip-map b/src/fnettrace/static-ip-map index c630b6688..e310354af 100644 --- a/src/fnettrace/static-ip-map +++ b/src/fnettrace/static-ip-map | |||
@@ -1586,11 +1586,13 @@ | |||
1586 | 16.162.0.0/15 Amazon | 1586 | 16.162.0.0/15 Amazon |
1587 | 16.168.0.0/15 Amazon | 1587 | 16.168.0.0/15 Amazon |
1588 | 16.170.0.0/15 Amazon | 1588 | 16.170.0.0/15 Amazon |
1589 | 18.32.0.0/11 Amazon | ||
1589 | 18.60.0.0/15 Amazon | 1590 | 18.60.0.0/15 Amazon |
1590 | 18.64.0.0/14 Amazon | 1591 | 18.64.0.0/10 Amazon |
1591 | 18.100.0.0/15 Amazon | 1592 | 18.100.0.0/15 Amazon |
1592 | 18.102.0.0/16 Amazon | 1593 | 18.102.0.0/16 Amazon |
1593 | 18.116.0.0/14 Amazon | 1594 | 18.116.0.0/14 Amazon |
1595 | 18.128.0.0/9 Amazon | ||
1594 | 18.130.0.0/16 Amazon | 1596 | 18.130.0.0/16 Amazon |
1595 | 18.132.0.0/14 Amazon | 1597 | 18.132.0.0/14 Amazon |
1596 | 18.136.0.0/16 Amazon | 1598 | 18.136.0.0/16 Amazon |
diff --git a/src/fseccomp/namespaces.c b/src/fseccomp/namespaces.c index 3df23dcff..8254b54ef 100644 --- a/src/fseccomp/namespaces.c +++ b/src/fseccomp/namespaces.c | |||
@@ -133,7 +133,8 @@ void deny_ns(const char *fname, const char *list) { | |||
133 | RETURN_ALLOW | 133 | RETURN_ALLOW |
134 | #endif | 134 | #endif |
135 | }; | 135 | }; |
136 | write_to_file(fd, filter, sizeof(filter)); | 136 | if (sizeof(filter)) |
137 | write_to_file(fd, filter, sizeof(filter)); | ||
137 | 138 | ||
138 | filter_end_blacklist(fd); | 139 | filter_end_blacklist(fd); |
139 | 140 | ||
@@ -188,7 +189,21 @@ void deny_ns_32(const char *fname, const char *list) { | |||
188 | RETURN_ALLOW | 189 | RETURN_ALLOW |
189 | #endif | 190 | #endif |
190 | }; | 191 | }; |
191 | write_to_file(fd, filter, sizeof(filter)); | 192 | |
193 | // For Debian 10 and older, the size of the filter[] array will be 0. | ||
194 | // The following filter will end up being generated: | ||
195 | // | ||
196 | // FILE: /run/firejail/mnt/seccomp/seccomp.namespaces.32 | ||
197 | // line OP JT JF K | ||
198 | // ================================= | ||
199 | // 0000: 20 00 00 00000004 ld data.architecture | ||
200 | // 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) | ||
201 | // 0002: 06 00 00 7fff0000 ret ALLOW | ||
202 | // 0003: 20 00 00 00000000 ld data.syscall-number | ||
203 | // 0004: 06 00 00 7fff0000 ret ALLOW | ||
204 | // | ||
205 | if (sizeof(filter)) | ||
206 | write_to_file(fd, filter, sizeof(filter)); | ||
192 | 207 | ||
193 | filter_end_blacklist(fd); | 208 | filter_end_blacklist(fd); |
194 | 209 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 39c81312c..e5020e37e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -3064,7 +3064,7 @@ Example: | |||
3064 | .br | 3064 | .br |
3065 | $ firejail \-\-noprofile \-\-whitelist=~/.mozilla | 3065 | $ firejail \-\-noprofile \-\-whitelist=~/.mozilla |
3066 | .br | 3066 | .br |
3067 | $ firejail \-\-whitelist=/tmp/.X11-unix --whitelist=/dev/null | 3067 | $ firejail \-\-whitelist=/tmp/.X11-unix \-\-whitelist=/dev/null |
3068 | .br | 3068 | .br |
3069 | $ firejail "\-\-whitelist=/home/username/My Virtual Machines" | 3069 | $ firejail "\-\-whitelist=/home/username/My Virtual Machines" |
3070 | .br | 3070 | .br |