diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 23 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 2 |
3 files changed, 26 insertions, 0 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 6636e7efe..6929988ae 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -26,6 +26,7 @@ static int initialized = 0; | |||
26 | static int cfg_val[CFG_MAX]; | 26 | static int cfg_val[CFG_MAX]; |
27 | char *xephyr_screen = "800x600"; | 27 | char *xephyr_screen = "800x600"; |
28 | char *xephyr_extra_params = ""; | 28 | char *xephyr_extra_params = ""; |
29 | char *netfilter_default = NULL; | ||
29 | 30 | ||
30 | int checkcfg(int val) { | 31 | int checkcfg(int val) { |
31 | EUID_ASSERT(); | 32 | EUID_ASSERT(); |
@@ -159,6 +160,28 @@ int checkcfg(int val) { | |||
159 | else | 160 | else |
160 | goto errout; | 161 | goto errout; |
161 | } | 162 | } |
163 | // netfilter | ||
164 | else if (strncmp(ptr, "netfilter-default ", 18) == 0) { | ||
165 | char *fname = ptr + 18; | ||
166 | while (*fname == ' ' || *fname == '\t') | ||
167 | ptr++; | ||
168 | char *end = strchr(fname, ' '); | ||
169 | if (end) | ||
170 | *end = '\0'; | ||
171 | |||
172 | // is the file present? | ||
173 | struct stat s; | ||
174 | if (stat(fname, &s) == -1) { | ||
175 | fprintf(stderr, "Error: netfilter-default file %s not available\n", fname); | ||
176 | exit(1); | ||
177 | } | ||
178 | |||
179 | netfilter_default = strdup(fname); | ||
180 | if (!netfilter_default) | ||
181 | errExit("strdup"); | ||
182 | if (arg_debug) | ||
183 | printf("netfilter default file %s\n", fname); | ||
184 | } | ||
162 | 185 | ||
163 | // Xephyr screen size | 186 | // Xephyr screen size |
164 | else if (strncmp(ptr, "xephyr-screen ", 14) == 0) { | 187 | else if (strncmp(ptr, "xephyr-screen ", 14) == 0) { |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 29bb6c494..7a538327d 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -582,6 +582,7 @@ void sandboxfs(int op, pid_t pid, const char *patqh); | |||
582 | #define CFG_MAX 11 // this should always be the last entry | 582 | #define CFG_MAX 11 // this should always be the last entry |
583 | extern char *xephyr_screen; | 583 | extern char *xephyr_screen; |
584 | extern char *xephyr_extra_params; | 584 | extern char *xephyr_extra_params; |
585 | extern char *netfilter_default; | ||
585 | int checkcfg(int val); | 586 | int checkcfg(int val); |
586 | 587 | ||
587 | // appimage.c | 588 | // appimage.c |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index 71abfb53d..b50d61039 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -66,6 +66,8 @@ void netfilter(const char *fname) { | |||
66 | 66 | ||
67 | // custom filter | 67 | // custom filter |
68 | int allocated = 0; | 68 | int allocated = 0; |
69 | if (netfilter_default) | ||
70 | fname = netfilter_default; | ||
69 | if (fname) { | 71 | if (fname) { |
70 | // buffer the filter | 72 | // buffer the filter |
71 | struct stat s; | 73 | struct stat s; |