diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 13 | ||||
-rw-r--r-- | src/man/firejail.txt | 14 |
3 files changed, 25 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index c57e5910a..ef8d8172f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -264,7 +264,7 @@ static void check_network(Bridge *br) { | |||
264 | assert(br); | 264 | assert(br); |
265 | if (br->macvlan == 0) // for bridge devices check network range or arp-scan and assign address | 265 | if (br->macvlan == 0) // for bridge devices check network range or arp-scan and assign address |
266 | net_configure_sandbox_ip(br); | 266 | net_configure_sandbox_ip(br); |
267 | else if (br->ipsandbox) { // for macvlan check network range | 267 | else if (br->ipsandbox && br->ip && br->mask) { // for macvlan check network range |
268 | char *rv = in_netrange(br->ipsandbox, br->ip, br->mask); | 268 | char *rv = in_netrange(br->ipsandbox, br->ip, br->mask); |
269 | if (rv) { | 269 | if (rv) { |
270 | fprintf(stderr, "%s", rv); | 270 | fprintf(stderr, "%s", rv); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 767cf89f4..e29cf4f4b 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -589,16 +589,23 @@ configured as default gateway is the bridge device IP address. Up to four \-\-ne | |||
589 | bridge devices can be defined. Mixing bridge and macvlan devices is allowed. | 589 | bridge devices can be defined. Mixing bridge and macvlan devices is allowed. |
590 | 590 | ||
591 | .TP | 591 | .TP |
592 | \fBnet ethernet_interface | 592 | \fBnet ethernet_interface|wireless_interface |
593 | Enable a new network namespace and connect it | 593 | Enable a new network namespace and connect it |
594 | to this ethernet interface using the standard Linux macvlan | 594 | to this ethernet interface using the standard Linux macvlan or ipvlan |
595 | driver. Unless specified with option \-\-ip and \-\-defaultgw, an | 595 | driver. Unless specified with option \-\-ip and \-\-defaultgw, an |
596 | IP address and a default gateway will be assigned automatically | 596 | IP address and a default gateway will be assigned automatically |
597 | to the sandbox. The IP address is verified using ARP before | 597 | to the sandbox. The IP address is verified using ARP before |
598 | assignment. The address configured as default gateway is the | 598 | assignment. The address configured as default gateway is the |
599 | default gateway of the host. Up to four \-\-net devices can | 599 | default gateway of the host. Up to four \-\-net devices can |
600 | be defined. Mixing bridge and macvlan devices is allowed. | 600 | be defined. Mixing bridge and macvlan devices is allowed. |
601 | Note: wlan devices are not supported for this option. | 601 | |
602 | .TP | ||
603 | \fBnet tap_interface | ||
604 | Enable a new network namespace and connect it | ||
605 | to this ethernet tap interface using the standard Linux macvlan | ||
606 | driver. If the tap interface is not configured, the sandbox | ||
607 | will not try to configure the interface inside the sandbox. | ||
608 | Please use ip, netmask and defaultgw to specify the configuration. | ||
602 | 609 | ||
603 | .TP | 610 | .TP |
604 | \fBnet none | 611 | \fBnet none |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 74a9a9da9..f29d9cddf 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -816,6 +816,20 @@ $ firejail \-\-net=eth0 \-\-ip=192.168.1.80 \-\-dns=8.8.8.8 firefox | |||
816 | $ firejail \-\-net=wlan0 firefox | 816 | $ firejail \-\-net=wlan0 firefox |
817 | 817 | ||
818 | .TP | 818 | .TP |
819 | \fB\-\-net=tap_interface | ||
820 | Enable a new network namespace and connect it | ||
821 | to this ethernet tap interface using the standard Linux macvlan | ||
822 | driver. If the tap interface is not configured, the sandbox | ||
823 | will not try to configure the interface inside the sandbox. | ||
824 | Please use \-\-ip, \-\-netmask and \-\-defaultgw to specify the configuration. | ||
825 | .br | ||
826 | |||
827 | .br | ||
828 | Example: | ||
829 | .br | ||
830 | $ firejail \-\-net=tap0 \-\-ip=10.10.20.80 \-\-netmask=255.255.255.0 \-\-defaultgw=10.10.20.1 firefox | ||
831 | |||
832 | .TP | ||
819 | \fB\-\-net=none | 833 | \fB\-\-net=none |
820 | Enable a new, unconnected network namespace. The only interface | 834 | Enable a new, unconnected network namespace. The only interface |
821 | available in the new namespace is a new loopback interface (lo). | 835 | available in the new namespace is a new loopback interface (lo). |