diff options
Diffstat (limited to 'src')
151 files changed, 758 insertions, 185 deletions
diff --git a/src/faudit/caps.c b/src/faudit/caps.c index 644a69b82..6687fce5a 100644 --- a/src/faudit/caps.c +++ b/src/faudit/caps.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c index 2e4a7550b..8c26c5271 100644 --- a/src/faudit/dbus.c +++ b/src/faudit/dbus.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/dev.c b/src/faudit/dev.c index 3b5921aee..9c80f99df 100644 --- a/src/faudit/dev.c +++ b/src/faudit/dev.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h index ec01dde32..20189a0ff 100644 --- a/src/faudit/faudit.h +++ b/src/faudit/faudit.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/files.c b/src/faudit/files.c index 33d68efbf..6dd3874b9 100644 --- a/src/faudit/files.c +++ b/src/faudit/files.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/main.c b/src/faudit/main.c index 06dcbece0..f6df9772d 100644 --- a/src/faudit/main.c +++ b/src/faudit/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/network.c b/src/faudit/network.c index 214cb972c..f28aff554 100644 --- a/src/faudit/network.c +++ b/src/faudit/network.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/pid.c b/src/faudit/pid.c index 6be2483ae..a45b6e31a 100644 --- a/src/faudit/pid.c +++ b/src/faudit/pid.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c index 346b4b457..ca9d34b84 100644 --- a/src/faudit/seccomp.c +++ b/src/faudit/seccomp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c index 3cdbf7407..a8aa572a7 100644 --- a/src/faudit/syscall.c +++ b/src/faudit/syscall.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/faudit/x11.c b/src/faudit/x11.c index d41c3698d..5907ca761 100644 --- a/src/faudit/x11.c +++ b/src/faudit/x11.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c index d62ec3f17..a44546699 100644 --- a/src/fbuilder/build_bin.c +++ b/src/fbuilder/build_bin.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 4feb8d9bc..b08afb939 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index 1f30fe5be..8db17a942 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index a0f71ae03..ea9e9a4a0 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c index 6fe4c56d8..041d14d0e 100644 --- a/src/fbuilder/build_seccomp.c +++ b/src/fbuilder/build_seccomp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h index 66bf8c544..5c043ffec 100644 --- a/src/fbuilder/fbuilder.h +++ b/src/fbuilder/fbuilder.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c index 89fe72c29..bf4e911dd 100644 --- a/src/fbuilder/filedb.c +++ b/src/fbuilder/filedb.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c index 159af9ae8..5612c21d5 100644 --- a/src/fbuilder/main.c +++ b/src/fbuilder/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fbuilder/utils.c b/src/fbuilder/utils.c index c1cd05f39..2ae829403 100644 --- a/src/fbuilder/utils.c +++ b/src/fbuilder/utils.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 00cbe8d12..5c4a76753 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fgit/fgit-install.sh b/src/fgit/fgit-install.sh index 1f710c688..262b6f112 100755 --- a/src/fgit/fgit-install.sh +++ b/src/fgit/fgit-install.sh | |||
@@ -1,4 +1,8 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | # | ||
2 | # Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic. | 6 | # Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic. |
3 | # | 7 | # |
4 | 8 | ||
diff --git a/src/fgit/fgit-uninstall.sh b/src/fgit/fgit-uninstall.sh index bc7cc9563..d40f90320 100644 --- a/src/fgit/fgit-uninstall.sh +++ b/src/fgit/fgit-uninstall.sh | |||
@@ -1,4 +1,8 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | # | ||
2 | # Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic. | 6 | # Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic. |
3 | # | 7 | # |
4 | 8 | ||
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index c8f684abc..16aa638b3 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 011d6c7e1..040ad3827 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -122,6 +122,7 @@ clawsker | |||
122 | clementine | 122 | clementine |
123 | clion | 123 | clion |
124 | clipit | 124 | clipit |
125 | clipgrab | ||
125 | cliqz | 126 | cliqz |
126 | clocks | 127 | clocks |
127 | cmus | 128 | cmus |
@@ -179,6 +180,7 @@ eog | |||
179 | eom | 180 | eom |
180 | ephemeral | 181 | ephemeral |
181 | #epiphany | 182 | #epiphany |
183 | et | ||
182 | etr | 184 | etr |
183 | evince | 185 | evince |
184 | evince-previewer | 186 | evince-previewer |
@@ -202,6 +204,7 @@ firefox-developer-edition | |||
202 | firefox-esr | 204 | firefox-esr |
203 | firefox-nightly | 205 | firefox-nightly |
204 | firefox-wayland | 206 | firefox-wayland |
207 | firefox-x11 | ||
205 | flacsplt | 208 | flacsplt |
206 | flameshot | 209 | flameshot |
207 | flashpeak-slimjet | 210 | flashpeak-slimjet |
@@ -265,6 +268,7 @@ gnome-mplayer | |||
265 | gnome-mpv | 268 | gnome-mpv |
266 | gnome-music | 269 | gnome-music |
267 | gnome-nettool | 270 | gnome-nettool |
271 | gnome-passwordsafe | ||
268 | gnome-photos | 272 | gnome-photos |
269 | gnome-recipes | 273 | gnome-recipes |
270 | gnome-schedule | 274 | gnome-schedule |
@@ -288,6 +292,7 @@ gramps | |||
288 | gthumb | 292 | gthumb |
289 | guayadeque | 293 | guayadeque |
290 | gucharmap | 294 | gucharmap |
295 | gummi | ||
291 | gwenview | 296 | gwenview |
292 | handbrake | 297 | handbrake |
293 | handbrake-gtk | 298 | handbrake-gtk |
@@ -296,7 +301,6 @@ hedgewars | |||
296 | hexchat | 301 | hexchat |
297 | highlight | 302 | highlight |
298 | hugin | 303 | hugin |
299 | i2prouter | ||
300 | icecat | 304 | icecat |
301 | icedove | 305 | icedove |
302 | iceweasel | 306 | iceweasel |
@@ -427,6 +431,7 @@ ms-outlook | |||
427 | ms-powerpoint | 431 | ms-powerpoint |
428 | ms-skype | 432 | ms-skype |
429 | ms-word | 433 | ms-word |
434 | multimc | ||
430 | multimc5 | 435 | multimc5 |
431 | mumble | 436 | mumble |
432 | mupdf | 437 | mupdf |
@@ -642,6 +647,7 @@ tremulous | |||
642 | truecraft | 647 | truecraft |
643 | tshark | 648 | tshark |
644 | tuxguitar | 649 | tuxguitar |
650 | tvbrowser | ||
645 | udiskie | 651 | udiskie |
646 | uefitool | 652 | uefitool |
647 | uget-gtk | 653 | uget-gtk |
@@ -683,6 +689,9 @@ wire-desktop | |||
683 | wireshark | 689 | wireshark |
684 | wireshark-gtk | 690 | wireshark-gtk |
685 | wireshark-qt | 691 | wireshark-qt |
692 | wpp | ||
693 | wps | ||
694 | wpspdf | ||
686 | xcalc | 695 | xcalc |
687 | xchat | 696 | xchat |
688 | xed | 697 | xed |
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h index 71e5d625d..4dfc4194e 100644 --- a/src/firecfg/firecfg.h +++ b/src/firecfg/firecfg.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 9a2efebd2..1e49a2fc7 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firecfg/sound.c b/src/firecfg/sound.c index 2d38e4cfb..e7670c94c 100644 --- a/src/firecfg/sound.c +++ b/src/firecfg/sound.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firecfg/util.c b/src/firecfg/util.c index 23a66ba67..b46da0be3 100644 --- a/src/firecfg/util.c +++ b/src/firecfg/util.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 520960db2..6190b6f01 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/appimage_size.c b/src/firejail/appimage_size.c index 2868a1f88..a58f9a8ca 100644 --- a/src/firejail/appimage_size.c +++ b/src/firejail/appimage_size.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/arp.c b/src/firejail/arp.c index 843d00ce0..3714af9a3 100644 --- a/src/firejail/arp.c +++ b/src/firejail/arp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index 30f387765..edef823fd 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 738675766..b89e3009a 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c index 21eee6b45..30cd96c42 100644 --- a/src/firejail/cgroup.c +++ b/src/firejail/cgroup.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index d6b591133..fbe150b34 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index ec5363ced..cae52e20b 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c index 134000a3d..91279a977 100644 --- a/src/firejail/cmdline.c +++ b/src/firejail/cmdline.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c index 702186eaf..66fa9fadf 100644 --- a/src/firejail/cpu.c +++ b/src/firejail/cpu.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c index b856ff809..7acbd338c 100644 --- a/src/firejail/dbus.c +++ b/src/firejail/dbus.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/dhcp.c b/src/firejail/dhcp.c new file mode 100644 index 000000000..7593a47f2 --- /dev/null +++ b/src/firejail/dhcp.c | |||
@@ -0,0 +1,161 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2020 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "firejail.h" | ||
21 | #include <sys/types.h> | ||
22 | #include <sys/wait.h> | ||
23 | #include <errno.h> | ||
24 | #include <stddef.h> | ||
25 | #include <stdio.h> | ||
26 | #include <string.h> | ||
27 | |||
28 | pid_t dhclient4_pid = 0; | ||
29 | pid_t dhclient6_pid = 0; | ||
30 | |||
31 | typedef struct { | ||
32 | char *version_arg; | ||
33 | char *pid_file; | ||
34 | char *leases_file; | ||
35 | uint8_t generate_duid; | ||
36 | char *duid_leases_file; | ||
37 | pid_t *pid; | ||
38 | ptrdiff_t arg_offset; | ||
39 | } Dhclient; | ||
40 | |||
41 | static const Dhclient dhclient4 = { | ||
42 | .version_arg = "-4", | ||
43 | .pid_file = RUN_DHCLIENT_4_PID_FILE, | ||
44 | .leases_file = RUN_DHCLIENT_4_LEASES_FILE, | ||
45 | .generate_duid = 1, | ||
46 | .pid = &dhclient4_pid, | ||
47 | .arg_offset = offsetof(Bridge, arg_ip_dhcp) | ||
48 | }; | ||
49 | |||
50 | static const Dhclient dhclient6 = { | ||
51 | .version_arg = "-6", | ||
52 | .pid_file = RUN_DHCLIENT_6_PID_FILE, | ||
53 | .leases_file = RUN_DHCLIENT_6_LEASES_FILE, | ||
54 | .duid_leases_file = RUN_DHCLIENT_4_LEASES_FILE, | ||
55 | .pid = &dhclient6_pid, | ||
56 | .arg_offset = offsetof(Bridge, arg_ip6_dhcp) | ||
57 | }; | ||
58 | |||
59 | static void dhcp_run_dhclient(const Dhclient *client) { | ||
60 | char *argv[256] = { | ||
61 | "dhclient", | ||
62 | client->version_arg, | ||
63 | "-pf", client->pid_file, | ||
64 | "-lf", client->leases_file, | ||
65 | }; | ||
66 | int i = 6; | ||
67 | if (client->generate_duid) | ||
68 | argv[i++] = "-i"; | ||
69 | if (client->duid_leases_file) { | ||
70 | argv[i++] = "-df"; | ||
71 | argv[i++] = client->duid_leases_file; | ||
72 | } | ||
73 | if (arg_debug) | ||
74 | argv[i++] = "-v"; | ||
75 | if (*(uint8_t *)((char *)&cfg.bridge0 + client->arg_offset)) | ||
76 | argv[i++] = cfg.bridge0.devsandbox; | ||
77 | if (*(uint8_t *)((char *)&cfg.bridge1 + client->arg_offset)) | ||
78 | argv[i++] = cfg.bridge1.devsandbox; | ||
79 | if (*(uint8_t *)((char *)&cfg.bridge2 + client->arg_offset)) | ||
80 | argv[i++] = cfg.bridge2.devsandbox; | ||
81 | if (*(uint8_t *)((char *)&cfg.bridge3 + client->arg_offset)) | ||
82 | argv[i++] = cfg.bridge3.devsandbox; | ||
83 | |||
84 | sbox_run_v(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_CAPS_NET_SERVICE | SBOX_SECCOMP, argv); | ||
85 | } | ||
86 | |||
87 | static pid_t dhcp_read_pidfile(const Dhclient *client) { | ||
88 | // We have to run dhclient as a forking daemon (not pass the -d option), | ||
89 | // because we want to be notified of a successful DHCP lease by the parent process exit. | ||
90 | // However, try to be extra paranoid with race conditions, | ||
91 | // because dhclient only writes the daemon pid into the pidfile | ||
92 | // after its parent process has exited. | ||
93 | int tries = 0; | ||
94 | pid_t found = 0; | ||
95 | while (found == 0 && tries < 10) { | ||
96 | if (tries >= 1) | ||
97 | usleep(100000); | ||
98 | FILE *pidfile = fopen(client->pid_file, "r"); | ||
99 | if (pidfile) { | ||
100 | long pid; | ||
101 | if (fscanf(pidfile, "%ld", &pid) == 1) { | ||
102 | char *pidname = pid_proc_comm((pid_t) pid); | ||
103 | if (pidname && strcmp(pidname, "dhclient") == 0) | ||
104 | found = (pid_t) pid; | ||
105 | } | ||
106 | fclose(pidfile); | ||
107 | } | ||
108 | ++tries; | ||
109 | } | ||
110 | if (found == 0) { | ||
111 | fprintf(stderr, "Error: Cannot get dhclient %s PID from %s\n", | ||
112 | client->version_arg, client->pid_file); | ||
113 | exit(1); | ||
114 | } | ||
115 | return found; | ||
116 | } | ||
117 | |||
118 | static void dhcp_start_dhclient(const Dhclient *client) { | ||
119 | dhcp_run_dhclient(client); | ||
120 | *(client->pid) = dhcp_read_pidfile(client); | ||
121 | } | ||
122 | |||
123 | static void dhcp_waitll(const char *ifname) { | ||
124 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 3, PATH_FNET, "waitll", ifname); | ||
125 | } | ||
126 | |||
127 | static void dhcp_waitll_all() { | ||
128 | if (cfg.bridge0.arg_ip6_dhcp) | ||
129 | dhcp_waitll(cfg.bridge0.devsandbox); | ||
130 | if (cfg.bridge1.arg_ip6_dhcp) | ||
131 | dhcp_waitll(cfg.bridge1.devsandbox); | ||
132 | if (cfg.bridge2.arg_ip6_dhcp) | ||
133 | dhcp_waitll(cfg.bridge2.devsandbox); | ||
134 | if (cfg.bridge3.arg_ip6_dhcp) | ||
135 | dhcp_waitll(cfg.bridge3.devsandbox); | ||
136 | } | ||
137 | |||
138 | void dhcp_start(void) { | ||
139 | if (!any_dhcp()) | ||
140 | return; | ||
141 | |||
142 | EUID_ROOT(); | ||
143 | if (mkdir(RUN_DHCLIENT_DIR, 0700)) | ||
144 | errExit("mkdir"); | ||
145 | |||
146 | if (any_ip_dhcp()) { | ||
147 | dhcp_start_dhclient(&dhclient4); | ||
148 | if (arg_debug) | ||
149 | printf("Running dhclient -4 in the background as pid %ld\n", (long) dhclient4_pid); | ||
150 | } | ||
151 | if (any_ip6_dhcp()) { | ||
152 | dhcp_waitll_all(); | ||
153 | dhcp_start_dhclient(&dhclient6); | ||
154 | if (arg_debug) | ||
155 | printf("Running dhclient -6 in the background as pid %ld\n", (long) dhclient6_pid); | ||
156 | if (dhclient4_pid == dhclient6_pid) { | ||
157 | fprintf(stderr, "Error: dhclient -4 and -6 have the same PID: %ld\n", (long) dhclient4_pid); | ||
158 | exit(1); | ||
159 | } | ||
160 | } | ||
161 | } | ||
diff --git a/src/firejail/env.c b/src/firejail/env.c index f15e1362f..a8b344544 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 03bcbda46..4dc580a5e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -103,6 +103,8 @@ typedef struct bridge_t { | |||
103 | 103 | ||
104 | // flags | 104 | // flags |
105 | uint8_t arg_ip_none; // --ip=none | 105 | uint8_t arg_ip_none; // --ip=none |
106 | uint8_t arg_ip_dhcp; | ||
107 | uint8_t arg_ip6_dhcp; | ||
106 | uint8_t macvlan; // set by --net=eth0 (or eth1, ...); reset by --net=br0 (or br1, ...) | 108 | uint8_t macvlan; // set by --net=eth0 (or eth1, ...); reset by --net=br0 (or br1, ...) |
107 | uint8_t configured; | 109 | uint8_t configured; |
108 | uint8_t scan; // set by --scan | 110 | uint8_t scan; // set by --scan |
@@ -237,6 +239,24 @@ static inline int any_interface_configured(void) { | |||
237 | return 0; | 239 | return 0; |
238 | } | 240 | } |
239 | 241 | ||
242 | static inline int any_ip_dhcp(void) { | ||
243 | if (cfg.bridge0.arg_ip_dhcp || cfg.bridge1.arg_ip_dhcp || cfg.bridge2.arg_ip_dhcp || cfg.bridge3.arg_ip_dhcp) | ||
244 | return 1; | ||
245 | else | ||
246 | return 0; | ||
247 | } | ||
248 | |||
249 | static inline int any_ip6_dhcp(void) { | ||
250 | if (cfg.bridge0.arg_ip6_dhcp || cfg.bridge1.arg_ip6_dhcp || cfg.bridge2.arg_ip6_dhcp || cfg.bridge3.arg_ip6_dhcp) | ||
251 | return 1; | ||
252 | else | ||
253 | return 0; | ||
254 | } | ||
255 | |||
256 | static inline int any_dhcp(void) { | ||
257 | return any_ip_dhcp() || any_ip6_dhcp(); | ||
258 | } | ||
259 | |||
240 | extern int arg_private; // mount private /home | 260 | extern int arg_private; // mount private /home |
241 | extern int arg_private_cache; // private home/.cache | 261 | extern int arg_private_cache; // private home/.cache |
242 | extern int arg_debug; // print debug messages | 262 | extern int arg_debug; // print debug messages |
@@ -792,9 +812,11 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
792 | #define SBOX_ALLOW_STDIN (1 << 5) // don't close stdin | 812 | #define SBOX_ALLOW_STDIN (1 << 5) // don't close stdin |
793 | #define SBOX_STDIN_FROM_FILE (1 << 6) // open file and redirect it to stdin | 813 | #define SBOX_STDIN_FROM_FILE (1 << 6) // open file and redirect it to stdin |
794 | #define SBOX_CAPS_HIDEPID (1 << 7) // hidepid caps filter for running firemon | 814 | #define SBOX_CAPS_HIDEPID (1 << 7) // hidepid caps filter for running firemon |
815 | #define SBOX_CAPS_NET_SERVICE (1 << 8) // caps filter for programs running network services | ||
795 | 816 | ||
796 | // run sbox | 817 | // run sbox |
797 | int sbox_run(unsigned filter, int num, ...); | 818 | int sbox_run(unsigned filter, int num, ...); |
819 | int sbox_run_v(unsigned filter, char * const arg[]); | ||
798 | 820 | ||
799 | // run_files.c | 821 | // run_files.c |
800 | void delete_run_files(pid_t pid); | 822 | void delete_run_files(pid_t pid); |
@@ -806,4 +828,9 @@ void set_profile_run_file(pid_t pid, const char *fname); | |||
806 | // dbus.c | 828 | // dbus.c |
807 | void dbus_disable(void); | 829 | void dbus_disable(void); |
808 | 830 | ||
831 | // dhcp.c | ||
832 | extern pid_t dhclient4_pid; | ||
833 | extern pid_t dhclient6_pid; | ||
834 | void dhcp_start(void); | ||
835 | |||
809 | #endif | 836 | #endif |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 316057ec5..c7dd91b06 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -521,12 +521,16 @@ void fs_remount(const char *dir, OPERATION op, unsigned check_mnt) { | |||
521 | if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 || | 521 | if (mount(dir, dir, NULL, MS_BIND|MS_REC, NULL) < 0 || |
522 | mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0) | 522 | mount(NULL, dir, NULL, flags|MS_BIND|MS_REMOUNT, NULL) < 0) |
523 | errExit("remounting"); | 523 | errExit("remounting"); |
524 | // run a sanity check on /proc/self/mountinfo | ||
524 | if (check_mnt) { | 525 | if (check_mnt) { |
525 | // run a sanity check on /proc/self/mountinfo | 526 | // confirm target of the last mount operation was dir; if there are other |
527 | // mount points contained inside dir, one of those will show up as target | ||
528 | // of the last mount operation instead | ||
526 | MountData *mptr = get_last_mount(); | 529 | MountData *mptr = get_last_mount(); |
527 | size_t len = strlen(dir); | 530 | size_t len = strlen(dir); |
528 | if (strncmp(mptr->dir, dir, len) != 0 || | 531 | if ((strncmp(mptr->dir, dir, len) != 0 || |
529 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) | 532 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) |
533 | && strcmp(dir, "/") != 0) // support read-only=/ | ||
530 | errLogExit("invalid %s mount", opstr[op]); | 534 | errLogExit("invalid %s mount", opstr[op]); |
531 | } | 535 | } |
532 | fs_logger2(opstr[op], dir); | 536 | fs_logger2(opstr[op], dir); |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 17db45bf1..7150fd3eb 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -185,12 +185,12 @@ static void duplicate(char *fname) { | |||
185 | // add to private-lib list | 185 | // add to private-lib list |
186 | if (cfg.bin_private_lib == NULL) { | 186 | if (cfg.bin_private_lib == NULL) { |
187 | if (asprintf(&cfg.bin_private_lib, "%s,%s",fname, full_path) == -1) | 187 | if (asprintf(&cfg.bin_private_lib, "%s,%s",fname, full_path) == -1) |
188 | errExit("asprinf"); | 188 | errExit("asprintf"); |
189 | } | 189 | } |
190 | else { | 190 | else { |
191 | char *tmp; | 191 | char *tmp; |
192 | if (asprintf(&tmp, "%s,%s,%s", cfg.bin_private_lib, fname, full_path) == -1) | 192 | if (asprintf(&tmp, "%s,%s,%s", cfg.bin_private_lib, fname, full_path) == -1) |
193 | errExit("asprinf"); | 193 | errExit("asprintf"); |
194 | free(cfg.bin_private_lib); | 194 | free(cfg.bin_private_lib); |
195 | cfg.bin_private_lib = tmp; | 195 | cfg.bin_private_lib = tmp; |
196 | } | 196 | } |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index d807f527d..63911ab9e 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 082f8b4a0..26e010d0d 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index cfa0af078..bdfaba480 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 9da01b24c..fd5e1bbd3 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -89,7 +89,7 @@ errexit: | |||
89 | } | 89 | } |
90 | 90 | ||
91 | void fs_resolvconf(void) { | 91 | void fs_resolvconf(void) { |
92 | if (cfg.dns1 == NULL) | 92 | if (cfg.dns1 == NULL && !any_dhcp()) |
93 | return; | 93 | return; |
94 | 94 | ||
95 | if (arg_debug) | 95 | if (arg_debug) |
@@ -108,7 +108,8 @@ void fs_resolvconf(void) { | |||
108 | if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) | 108 | if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) |
109 | continue; | 109 | continue; |
110 | // for resolv.conf we create a brand new file | 110 | // for resolv.conf we create a brand new file |
111 | if (strcmp(entry->d_name, "resolv.conf") == 0) | 111 | if (strcmp(entry->d_name, "resolv.conf") == 0 || |
112 | strcmp(entry->d_name, "resolv.conf.dhclient-new") == 0) | ||
112 | continue; | 113 | continue; |
113 | // printf("linking %s\n", entry->d_name); | 114 | // printf("linking %s\n", entry->d_name); |
114 | 115 | ||
@@ -169,8 +170,11 @@ void fs_resolvconf(void) { | |||
169 | exit(1); | 170 | exit(1); |
170 | } | 171 | } |
171 | 172 | ||
172 | if (cfg.dns1) | 173 | if (cfg.dns1) { |
174 | if (any_dhcp()) | ||
175 | fwarning("network setup uses DHCP, nameservers will likely be overwritten\n"); | ||
173 | fprintf(fp, "nameserver %s\n", cfg.dns1); | 176 | fprintf(fp, "nameserver %s\n", cfg.dns1); |
177 | } | ||
174 | if (cfg.dns2) | 178 | if (cfg.dns2) |
175 | fprintf(fp, "nameserver %s\n", cfg.dns2); | 179 | fprintf(fp, "nameserver %s\n", cfg.dns2); |
176 | if (cfg.dns3) | 180 | if (cfg.dns3) |
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 70c6ac88a..c539ce83c 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c index 9923190b5..2982c4cbb 100644 --- a/src/firejail/fs_lib2.c +++ b/src/firejail/fs_lib2.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c index 31e0147ca..892c91e3f 100644 --- a/src/firejail/fs_logger.c +++ b/src/firejail/fs_logger.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 09e5c3200..eb660df90 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index c1b821cce..1894784a8 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 75369b47c..303d6f9aa 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index d2ea495ed..be5bcc4c0 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/join.c b/src/firejail/join.c index 1494c782f..531f8c06a 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -322,8 +322,8 @@ bool is_ready_for_join(const pid_t pid) { | |||
322 | void check_join_permission(pid_t pid) { | 322 | void check_join_permission(pid_t pid) { |
323 | // check if pid belongs to a fully set up firejail sandbox | 323 | // check if pid belongs to a fully set up firejail sandbox |
324 | unsigned long i; | 324 | unsigned long i; |
325 | for (i = 0; is_ready_for_join(pid) == false; i += SNOOZE) { // give sandbox some time to start up | 325 | for (i = SNOOZE; is_ready_for_join(pid) == false; i += SNOOZE) { // give sandbox some time to start up |
326 | if (i >= join_timeout) { | 326 | if (i > join_timeout) { |
327 | fprintf(stderr, "Error: no valid sandbox\n"); | 327 | fprintf(stderr, "Error: no valid sandbox\n"); |
328 | exit(1); | 328 | exit(1); |
329 | } | 329 | } |
@@ -531,6 +531,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
531 | 531 | ||
532 | // it will never get here!!! | 532 | // it will never get here!!! |
533 | } | 533 | } |
534 | EUID_USER(); | ||
534 | 535 | ||
535 | int status = 0; | 536 | int status = 0; |
536 | //***************************** | 537 | //***************************** |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 75333fdc2..aa33d838b 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/macros.c b/src/firejail/macros.c index ef64178b5..6901b7d44 100644 --- a/src/firejail/macros.c +++ b/src/firejail/macros.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 179f8ddf9..78717ab41 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -2144,7 +2144,10 @@ int main(int argc, char **argv) { | |||
2144 | // configure this IP address for the last bridge defined | 2144 | // configure this IP address for the last bridge defined |
2145 | if (strcmp(argv[i] + 5, "none") == 0) | 2145 | if (strcmp(argv[i] + 5, "none") == 0) |
2146 | br->arg_ip_none = 1; | 2146 | br->arg_ip_none = 1; |
2147 | else { | 2147 | else if (strcmp(argv[i] + 5, "dhcp") == 0) { |
2148 | br->arg_ip_none = 1; | ||
2149 | br->arg_ip_dhcp = 1; | ||
2150 | } else { | ||
2148 | if (atoip(argv[i] + 5, &br->ipsandbox)) { | 2151 | if (atoip(argv[i] + 5, &br->ipsandbox)) { |
2149 | fprintf(stderr, "Error: invalid IP address\n"); | 2152 | fprintf(stderr, "Error: invalid IP address\n"); |
2150 | exit(1); | 2153 | exit(1); |
@@ -2184,20 +2187,24 @@ int main(int argc, char **argv) { | |||
2184 | fprintf(stderr, "Error: no network device configured\n"); | 2187 | fprintf(stderr, "Error: no network device configured\n"); |
2185 | exit(1); | 2188 | exit(1); |
2186 | } | 2189 | } |
2187 | if (br->ip6sandbox) { | 2190 | if (br->arg_ip6_dhcp || br->ip6sandbox) { |
2188 | fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); | 2191 | fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); |
2189 | exit(1); | 2192 | exit(1); |
2190 | } | 2193 | } |
2191 | 2194 | ||
2192 | // configure this IP address for the last bridge defined | 2195 | // configure this IP address for the last bridge defined |
2193 | if (check_ip46_address(argv[i] + 6) == 0) { | 2196 | if (strcmp(argv[i] + 6, "dhcp") == 0) |
2194 | fprintf(stderr, "Error: invalid IPv6 address\n"); | 2197 | br->arg_ip6_dhcp = 1; |
2195 | exit(1); | 2198 | else { |
2196 | } | 2199 | if (check_ip46_address(argv[i] + 6) == 0) { |
2200 | fprintf(stderr, "Error: invalid IPv6 address\n"); | ||
2201 | exit(1); | ||
2202 | } | ||
2197 | 2203 | ||
2198 | br->ip6sandbox = strdup(argv[i] + 6); | 2204 | br->ip6sandbox = strdup(argv[i] + 6); |
2199 | if (br->ip6sandbox == NULL) | 2205 | if (br->ip6sandbox == NULL) |
2200 | errExit("strdup"); | 2206 | errExit("strdup"); |
2207 | } | ||
2201 | } | 2208 | } |
2202 | else | 2209 | else |
2203 | exit_err_feature("networking"); | 2210 | exit_err_feature("networking"); |
diff --git a/src/firejail/mountinfo.c b/src/firejail/mountinfo.c index 162f5dbec..34d8d1700 100644 --- a/src/firejail/mountinfo.c +++ b/src/firejail/mountinfo.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index bec32cfde..e0a2ce086 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/netns.c b/src/firejail/netns.c index 3d8edf5ae..104453376 100644 --- a/src/firejail/netns.c +++ b/src/firejail/netns.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2018 Firejail Authors | 2 | * Copyright (C) 2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/network.c b/src/firejail/network.c index 93249a29b..aa05e3bd0 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index 6800bde8d..85896e528 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -246,6 +246,10 @@ void net_check_cfg(void) { | |||
246 | if (cfg.defaultgw) | 246 | if (cfg.defaultgw) |
247 | check_default_gw(cfg.defaultgw); | 247 | check_default_gw(cfg.defaultgw); |
248 | else { | 248 | else { |
249 | // if the first network has no assigned address, | ||
250 | // do not try to set up a gateway, because it will fail | ||
251 | if (cfg.bridge0.arg_ip_none) | ||
252 | return; | ||
249 | // first network is a regular bridge | 253 | // first network is a regular bridge |
250 | if (cfg.bridge0.macvlan == 0) | 254 | if (cfg.bridge0.macvlan == 0) |
251 | cfg.defaultgw = cfg.bridge0.ip; | 255 | cfg.defaultgw = cfg.bridge0.ip; |
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index dca36a4d8..8bf8adecc 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/output.c b/src/firejail/output.c index bd7e44788..d4a7f464a 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/paths.c b/src/firejail/paths.c index 960412acf..f03d98e29 100644 --- a/src/firejail/paths.c +++ b/src/firejail/paths.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index a2dea0339..278099e55 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 9a724331b..969209869 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -672,7 +672,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
672 | // configure this IP address for the last bridge defined | 672 | // configure this IP address for the last bridge defined |
673 | if (strcmp(ptr + 3, "none") == 0) | 673 | if (strcmp(ptr + 3, "none") == 0) |
674 | br->arg_ip_none = 1; | 674 | br->arg_ip_none = 1; |
675 | else { | 675 | else if (strcmp(ptr + 3, "dhcp") == 0) { |
676 | br->arg_ip_none = 1; | ||
677 | br->arg_ip_dhcp = 1; | ||
678 | } else { | ||
676 | if (atoip(ptr + 3, &br->ipsandbox)) { | 679 | if (atoip(ptr + 3, &br->ipsandbox)) { |
677 | fprintf(stderr, "Error: invalid IP address\n"); | 680 | fprintf(stderr, "Error: invalid IP address\n"); |
678 | exit(1); | 681 | exit(1); |
@@ -693,21 +696,24 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
693 | fprintf(stderr, "Error: no network device configured\n"); | 696 | fprintf(stderr, "Error: no network device configured\n"); |
694 | exit(1); | 697 | exit(1); |
695 | } | 698 | } |
696 | if (br->ip6sandbox) { | 699 | if (br->arg_ip6_dhcp || br->ip6sandbox) { |
697 | fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); | 700 | fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); |
698 | exit(1); | 701 | exit(1); |
699 | } | 702 | } |
700 | 703 | ||
701 | // configure this IP address for the last bridge defined | 704 | // configure this IP address for the last bridge defined |
702 | if (check_ip46_address(ptr + 4) == 0) { | 705 | if (strcmp(ptr + 4, "dhcp") == 0) |
703 | fprintf(stderr, "Error: invalid IPv6 address\n"); | 706 | br->arg_ip6_dhcp = 1; |
704 | exit(1); | 707 | else { |
705 | } | 708 | if (check_ip46_address(ptr + 4) == 0) { |
706 | 709 | fprintf(stderr, "Error: invalid IPv6 address\n"); | |
707 | br->ip6sandbox = strdup(ptr + 4); | 710 | exit(1); |
708 | if (br->ip6sandbox == NULL) | 711 | } |
709 | errExit("strdup"); | ||
710 | 712 | ||
713 | br->ip6sandbox = strdup(ptr + 4); | ||
714 | if (br->ip6sandbox == NULL) | ||
715 | errExit("strdup"); | ||
716 | } | ||
711 | } | 717 | } |
712 | else | 718 | else |
713 | warning_feature_disabled("networking"); | 719 | warning_feature_disabled("networking"); |
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index d3a9e0153..6402afbc6 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index b82473476..57095a53c 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index ee2e497cb..b51172219 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c index ce809c697..b80d4ae55 100644 --- a/src/firejail/restricted_shell.c +++ b/src/firejail/restricted_shell.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c index ea9fb2d6b..0ca4a34df 100644 --- a/src/firejail/rlimit.c +++ b/src/firejail/rlimit.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c index 521a8aa02..b9c80c459 100644 --- a/src/firejail/run_files.c +++ b/src/firejail/run_files.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c index a63f29322..ea3889024 100644 --- a/src/firejail/run_symlink.c +++ b/src/firejail/run_symlink.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 995e98f9f..96ad30bed 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -337,6 +337,8 @@ static int monitor_application(pid_t app_pid) { | |||
337 | continue; | 337 | continue; |
338 | if (pid == 1) | 338 | if (pid == 1) |
339 | continue; | 339 | continue; |
340 | if ((pid_t) pid == dhclient4_pid || (pid_t) pid == dhclient6_pid) | ||
341 | continue; | ||
340 | 342 | ||
341 | // todo: make this generic | 343 | // todo: make this generic |
342 | // Dillo browser leaves a dpid process running, we need to shut it down | 344 | // Dillo browser leaves a dpid process running, we need to shut it down |
@@ -993,7 +995,7 @@ int sandbox(void* sandbox_arg) { | |||
993 | fs_dev_disable_dvd(); | 995 | fs_dev_disable_dvd(); |
994 | 996 | ||
995 | if (arg_nou2f) | 997 | if (arg_nou2f) |
996 | fs_dev_disable_u2f(); | 998 | fs_dev_disable_u2f(); |
997 | 999 | ||
998 | if (arg_novideo) | 1000 | if (arg_novideo) |
999 | fs_dev_disable_video(); | 1001 | fs_dev_disable_video(); |
@@ -1016,6 +1018,11 @@ int sandbox(void* sandbox_arg) { | |||
1016 | fs_logger_change_owner(); | 1018 | fs_logger_change_owner(); |
1017 | 1019 | ||
1018 | //**************************** | 1020 | //**************************** |
1021 | // start dhcp client | ||
1022 | //**************************** | ||
1023 | dhcp_start(); | ||
1024 | |||
1025 | //**************************** | ||
1019 | // set application environment | 1026 | // set application environment |
1020 | //**************************** | 1027 | //**************************** |
1021 | EUID_USER(); | 1028 | EUID_USER(); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index e5739ecb5..203c0fc03 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -105,23 +105,34 @@ static struct sock_fprog prog = { | |||
105 | }; | 105 | }; |
106 | 106 | ||
107 | int sbox_run(unsigned filtermask, int num, ...) { | 107 | int sbox_run(unsigned filtermask, int num, ...) { |
108 | EUID_ROOT(); | ||
109 | |||
110 | int i; | ||
111 | va_list valist; | 108 | va_list valist; |
112 | va_start(valist, num); | 109 | va_start(valist, num); |
113 | 110 | ||
114 | // build argument list | 111 | // build argument list |
115 | char *arg[num + 1]; | 112 | char **arg = malloc((num + 1) * sizeof(char *)); |
113 | int i; | ||
116 | for (i = 0; i < num; i++) | 114 | for (i = 0; i < num; i++) |
117 | arg[i] = va_arg(valist, char*); | 115 | arg[i] = va_arg(valist, char*); |
118 | arg[i] = NULL; | 116 | arg[i] = NULL; |
119 | va_end(valist); | 117 | va_end(valist); |
120 | 118 | ||
119 | int status = sbox_run_v(filtermask, arg); | ||
120 | |||
121 | free(arg); | ||
122 | |||
123 | return status; | ||
124 | } | ||
125 | |||
126 | int sbox_run_v(unsigned filtermask, char * const arg[]) { | ||
127 | EUID_ROOT(); | ||
128 | |||
121 | if (arg_debug) { | 129 | if (arg_debug) { |
122 | printf("sbox run: "); | 130 | printf("sbox run: "); |
123 | for (i = 0; i <= num; i++) | 131 | int i = 0; |
132 | while (arg[i]) { | ||
124 | printf("%s ", arg[i]); | 133 | printf("%s ", arg[i]); |
134 | i++; | ||
135 | } | ||
125 | printf("\n"); | 136 | printf("\n"); |
126 | } | 137 | } |
127 | 138 | ||
@@ -171,6 +182,7 @@ int sbox_run(unsigned filtermask, int num, ...) { | |||
171 | 182 | ||
172 | // close all other file descriptors | 183 | // close all other file descriptors |
173 | int max = 20; // getdtablesize() is overkill for a firejail process | 184 | int max = 20; // getdtablesize() is overkill for a firejail process |
185 | int i = 3; | ||
174 | for (i = 3; i < max; i++) | 186 | for (i = 3; i < max; i++) |
175 | close(i); // close open files | 187 | close(i); // close open files |
176 | 188 | ||
@@ -179,20 +191,31 @@ int sbox_run(unsigned filtermask, int num, ...) { | |||
179 | // apply filters | 191 | // apply filters |
180 | if (filtermask & SBOX_CAPS_NONE) { | 192 | if (filtermask & SBOX_CAPS_NONE) { |
181 | caps_drop_all(); | 193 | caps_drop_all(); |
182 | } | 194 | } else { |
183 | else if (filtermask & SBOX_CAPS_NETWORK) { | 195 | uint64_t set = 0; |
196 | if (filtermask & SBOX_CAPS_NETWORK) { | ||
184 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files | 197 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files |
185 | uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN; | 198 | set |= ((uint64_t) 1) << CAP_NET_ADMIN; |
186 | set |= ((uint64_t) 1) << CAP_NET_RAW; | 199 | set |= ((uint64_t) 1) << CAP_NET_RAW; |
187 | caps_set(set); | ||
188 | #endif | 200 | #endif |
189 | } | 201 | } |
190 | else if (filtermask & SBOX_CAPS_HIDEPID) { | 202 | if (filtermask & SBOX_CAPS_HIDEPID) { |
203 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files | ||
204 | set |= ((uint64_t) 1) << CAP_SYS_PTRACE; | ||
205 | set |= ((uint64_t) 1) << CAP_SYS_PACCT; | ||
206 | #endif | ||
207 | } | ||
208 | if (filtermask & SBOX_CAPS_NET_SERVICE) { | ||
191 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files | 209 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files |
192 | uint64_t set = ((uint64_t) 1) << CAP_SYS_PTRACE; | 210 | set |= ((uint64_t) 1) << CAP_NET_BIND_SERVICE; |
193 | set |= ((uint64_t) 1) << CAP_SYS_PACCT; | 211 | set |= ((uint64_t) 1) << CAP_NET_BROADCAST; |
194 | caps_set(set); | ||
195 | #endif | 212 | #endif |
213 | } | ||
214 | if (set != 0) { // some SBOX_CAPS_ flag was specified, drop all other capabilities | ||
215 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files | ||
216 | caps_set(set); | ||
217 | #endif | ||
218 | } | ||
196 | } | 219 | } |
197 | 220 | ||
198 | if (filtermask & SBOX_SECCOMP) { | 221 | if (filtermask & SBOX_SECCOMP) { |
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 648ce1612..10a2a5665 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index 24b3665fc..a7d0b2fbe 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index fbace7374..52d4f7c03 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -82,7 +82,9 @@ static char *usage_str = | |||
82 | " --interface=name - move interface in sandbox.\n" | 82 | " --interface=name - move interface in sandbox.\n" |
83 | " --ip=address - set interface IP address.\n" | 83 | " --ip=address - set interface IP address.\n" |
84 | " --ip=none - no IP address and no default gateway are configured.\n" | 84 | " --ip=none - no IP address and no default gateway are configured.\n" |
85 | " --ip=dhcp - acquire IP address by running dhclient.\n" | ||
85 | " --ip6=address - set interface IPv6 address.\n" | 86 | " --ip6=address - set interface IPv6 address.\n" |
87 | " --ip6=dhcp - acquire IPv6 address by running dhclient.\n" | ||
86 | " --iprange=address,address - configure an IP address in this range.\n" | 88 | " --iprange=address,address - configure an IP address in this range.\n" |
87 | #endif | 89 | #endif |
88 | " --ipc-namespace - enable a new IPC namespace.\n" | 90 | " --ipc-namespace - enable a new IPC namespace.\n" |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 18d121ca9..6bfc80903 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index b390ad38e..9a50532c2 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/apparmor.c b/src/firemon/apparmor.c index cf5808b00..028dbc212 100644 --- a/src/firemon/apparmor.c +++ b/src/firemon/apparmor.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/arp.c b/src/firemon/arp.c index 9c8cb9f52..a43593ced 100644 --- a/src/firemon/arp.c +++ b/src/firemon/arp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/caps.c b/src/firemon/caps.c index c3e1aa5f1..951bd21a5 100644 --- a/src/firemon/caps.c +++ b/src/firemon/caps.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/cgroup.c b/src/firemon/cgroup.c index f2020eafb..251db0077 100644 --- a/src/firemon/cgroup.c +++ b/src/firemon/cgroup.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c index 6186ff3f0..6170ef8c1 100644 --- a/src/firemon/cpu.c +++ b/src/firemon/cpu.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index dad3b0afb..39c05d63e 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index 7f8bc698c..7a55a64fb 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/interface.c b/src/firemon/interface.c index 0a0801fee..325ffd80e 100644 --- a/src/firemon/interface.c +++ b/src/firemon/interface.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/list.c b/src/firemon/list.c index 68a066604..8a07f9eb2 100644 --- a/src/firemon/list.c +++ b/src/firemon/list.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/netstats.c b/src/firemon/netstats.c index e7a4354d1..c746cc127 100644 --- a/src/firemon/netstats.c +++ b/src/firemon/netstats.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 762d22514..c823943c0 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/route.c b/src/firemon/route.c index 105814434..9fd46505f 100644 --- a/src/firemon/route.c +++ b/src/firemon/route.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c index 099ac8819..7bc700ee6 100644 --- a/src/firemon/seccomp.c +++ b/src/firemon/seccomp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/top.c b/src/firemon/top.c index 514b9710e..ba707ef19 100644 --- a/src/firemon/top.c +++ b/src/firemon/top.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/tree.c b/src/firemon/tree.c index 9e9900c53..f3610eaec 100644 --- a/src/firemon/tree.c +++ b/src/firemon/tree.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/usage.c b/src/firemon/usage.c index 196fc32c3..0c3da00f8 100644 --- a/src/firemon/usage.c +++ b/src/firemon/usage.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/x11.c b/src/firemon/x11.c index 3eb06390a..a41f4825f 100644 --- a/src/firemon/x11.c +++ b/src/firemon/x11.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fldd/main.c b/src/fldd/main.c index d085ea59b..dd22e601e 100644 --- a/src/fldd/main.c +++ b/src/fldd/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fnet/arp.c b/src/fnet/arp.c index a4fe02987..122d0007c 100644 --- a/src/fnet/arp.c +++ b/src/fnet/arp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h index 4900967f7..b9cf96c64 100644 --- a/src/fnet/fnet.h +++ b/src/fnet/fnet.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -47,6 +47,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]); | |||
47 | void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu); | 47 | void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu); |
48 | int net_if_mac(const char *ifname, const unsigned char mac[6]); | 48 | int net_if_mac(const char *ifname, const unsigned char mac[6]); |
49 | void net_if_ip6(const char *ifname, const char *addr6); | 49 | void net_if_ip6(const char *ifname, const char *addr6); |
50 | void net_if_waitll(const char *ifname); | ||
50 | 51 | ||
51 | 52 | ||
52 | // arp.c | 53 | // arp.c |
diff --git a/src/fnet/interface.c b/src/fnet/interface.c index 7e7cceeed..62df0930e 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -28,6 +28,8 @@ | |||
28 | #include <net/if_arp.h> | 28 | #include <net/if_arp.h> |
29 | #include <net/route.h> | 29 | #include <net/route.h> |
30 | #include <linux/if_bridge.h> | 30 | #include <linux/if_bridge.h> |
31 | #include <linux/netlink.h> | ||
32 | #include <linux/rtnetlink.h> | ||
31 | 33 | ||
32 | static void check_if_name(const char *ifname) { | 34 | static void check_if_name(const char *ifname) { |
33 | if (strlen(ifname) > IFNAMSIZ) { | 35 | if (strlen(ifname) > IFNAMSIZ) { |
@@ -370,3 +372,129 @@ void net_if_ip6(const char *ifname, const char *addr6) { | |||
370 | 372 | ||
371 | close(sock); | 373 | close(sock); |
372 | } | 374 | } |
375 | |||
376 | static int net_netlink_address_tentative(struct nlmsghdr *current_header) { | ||
377 | struct ifaddrmsg *msg = NLMSG_DATA(current_header); | ||
378 | int has_flags = 0; | ||
379 | #ifdef IFA_FLAGS | ||
380 | struct rtattr *rta = IFA_RTA(msg); | ||
381 | size_t msg_len = IFA_PAYLOAD(current_header); | ||
382 | while (RTA_OK(rta, msg_len)) { | ||
383 | if (rta->rta_type == IFA_FLAGS) { | ||
384 | has_flags = 1; | ||
385 | uint32_t *flags = RTA_DATA(rta); | ||
386 | if (*flags & IFA_F_TENTATIVE) | ||
387 | return 1; | ||
388 | } | ||
389 | rta = RTA_NEXT(rta, msg_len); | ||
390 | } | ||
391 | #endif | ||
392 | // According to <linux/if_addr.h>, if an IFA_FLAGS attribute is present, | ||
393 | // the field ifa_flags should be ignored. | ||
394 | return !has_flags && (msg->ifa_flags & IFA_F_TENTATIVE); | ||
395 | } | ||
396 | |||
397 | static int net_netlink_if_has_ll(int sock, uint32_t index) { | ||
398 | struct { | ||
399 | struct nlmsghdr header; | ||
400 | struct ifaddrmsg message; | ||
401 | } req; | ||
402 | memset(&req, 0, sizeof(req)); | ||
403 | req.header.nlmsg_len = NLMSG_LENGTH(sizeof(req.message)); | ||
404 | req.header.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP; | ||
405 | req.header.nlmsg_type = RTM_GETADDR; | ||
406 | req.message.ifa_family = AF_INET6; | ||
407 | if (send(sock, &req, req.header.nlmsg_len, 0) != req.header.nlmsg_len) | ||
408 | errExit("send"); | ||
409 | |||
410 | int found = 0; | ||
411 | int all_parts_processed = 0; | ||
412 | while (!all_parts_processed) { | ||
413 | char buf[16384]; | ||
414 | ssize_t len = recv(sock, buf, sizeof(buf), 0); | ||
415 | if (len < 0) | ||
416 | errExit("recv"); | ||
417 | if (len < (ssize_t) sizeof(struct nlmsghdr)) { | ||
418 | fprintf(stderr, "Received incomplete netlink message\n"); | ||
419 | exit(1); | ||
420 | } | ||
421 | |||
422 | struct nlmsghdr *current_header = (struct nlmsghdr *) buf; | ||
423 | while (NLMSG_OK(current_header, len)) { | ||
424 | switch (current_header->nlmsg_type) { | ||
425 | case RTM_NEWADDR: { | ||
426 | struct ifaddrmsg *msg = NLMSG_DATA(current_header); | ||
427 | if (!found && msg->ifa_index == index && msg->ifa_scope == RT_SCOPE_LINK && | ||
428 | !net_netlink_address_tentative(current_header)) | ||
429 | found = 1; | ||
430 | } | ||
431 | break; | ||
432 | case NLMSG_NOOP: | ||
433 | break; | ||
434 | case NLMSG_DONE: | ||
435 | all_parts_processed = 1; | ||
436 | break; | ||
437 | case NLMSG_ERROR: { | ||
438 | struct nlmsgerr *err = NLMSG_DATA(current_header); | ||
439 | fprintf(stderr, "Netlink error: %d\n", err->error); | ||
440 | exit(1); | ||
441 | } | ||
442 | break; | ||
443 | default: | ||
444 | fprintf(stderr, "Unknown netlink message type: %u\n", current_header->nlmsg_type); | ||
445 | exit(1); | ||
446 | break; | ||
447 | } | ||
448 | |||
449 | current_header = NLMSG_NEXT(current_header, len); | ||
450 | } | ||
451 | } | ||
452 | |||
453 | return found; | ||
454 | } | ||
455 | |||
456 | // wait for a link-local IPv6 address for DHCPv6 | ||
457 | // ex: firejail --net=br0 --ip6=dhcp | ||
458 | void net_if_waitll(const char *ifname) { | ||
459 | // find interface index | ||
460 | int inet6_sock = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP); | ||
461 | if (inet6_sock < 0) { | ||
462 | fprintf(stderr, "Error fnet: IPv6 is not supported on this system\n"); | ||
463 | exit(1); | ||
464 | } | ||
465 | struct ifreq ifr; | ||
466 | memset(&ifr, 0, sizeof(ifr)); | ||
467 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); | ||
468 | ifr.ifr_addr.sa_family = AF_INET; | ||
469 | if (ioctl(inet6_sock, SIOGIFINDEX, &ifr) < 0) { | ||
470 | perror("ioctl SIOGIFINDEX"); | ||
471 | exit(1); | ||
472 | } | ||
473 | close(inet6_sock); | ||
474 | if (ifr.ifr_ifindex < 0) { | ||
475 | fprintf(stderr, "Error fnet: interface index is negative\n"); | ||
476 | exit(1); | ||
477 | } | ||
478 | uint32_t index = (uint32_t) ifr.ifr_ifindex; | ||
479 | |||
480 | // poll for link-local address | ||
481 | int netlink_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); | ||
482 | if (netlink_sock < 0) | ||
483 | errExit("socket"); | ||
484 | int tries = 0; | ||
485 | int found = 0; | ||
486 | while (tries < 60 && !found) { | ||
487 | if (tries >= 1) | ||
488 | usleep(500000); | ||
489 | |||
490 | found = net_netlink_if_has_ll(netlink_sock, index); | ||
491 | |||
492 | tries++; | ||
493 | } | ||
494 | close(netlink_sock); | ||
495 | |||
496 | if (!found) { | ||
497 | fprintf(stderr, "Waiting for link-local IPv6 address of %s timed out\n", ifname); | ||
498 | exit(1); | ||
499 | } | ||
500 | } | ||
diff --git a/src/fnet/main.c b/src/fnet/main.c index 890f842f6..95e12164e 100644 --- a/src/fnet/main.c +++ b/src/fnet/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -47,6 +47,7 @@ static void usage(void) { | |||
47 | printf("\tfnet config mac addr\n"); | 47 | printf("\tfnet config mac addr\n"); |
48 | printf("\tfnet config ipv6 dev ip\n"); | 48 | printf("\tfnet config ipv6 dev ip\n"); |
49 | printf("\tfnet ifup dev\n"); | 49 | printf("\tfnet ifup dev\n"); |
50 | printf("\tfnet waitll dev\n"); | ||
50 | } | 51 | } |
51 | 52 | ||
52 | int main(int argc, char **argv) { | 53 | int main(int argc, char **argv) { |
@@ -141,6 +142,9 @@ printf("\n"); | |||
141 | else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) { | 142 | else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) { |
142 | net_if_ip6(argv[3], argv[4]); | 143 | net_if_ip6(argv[3], argv[4]); |
143 | } | 144 | } |
145 | else if (argc == 3 && strcmp(argv[1], "waitll") == 0) { | ||
146 | net_if_waitll(argv[2]); | ||
147 | } | ||
144 | else { | 148 | else { |
145 | fprintf(stderr, "Error fnet: invalid arguments\n"); | 149 | fprintf(stderr, "Error fnet: invalid arguments\n"); |
146 | return 1; | 150 | return 1; |
diff --git a/src/fnet/veth.c b/src/fnet/veth.c index 7a32da2d1..777e4e07e 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c | |||
@@ -26,7 +26,7 @@ | |||
26 | * | 26 | * |
27 | */ | 27 | */ |
28 | /* | 28 | /* |
29 | * Copyright (C) 2014-2019 Firejail Authors | 29 | * Copyright (C) 2014-2020 Firejail Authors |
30 | * | 30 | * |
31 | * This file is part of firejail project | 31 | * This file is part of firejail project |
32 | * | 32 | * |
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c index 7be6390e5..8124beb1a 100644 --- a/src/fnetfilter/main.c +++ b/src/fnetfilter/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h index 279118bee..211111641 100644 --- a/src/fsec-optimize/fsec_optimize.h +++ b/src/fsec-optimize/fsec_optimize.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c index b968bd5f3..416d85b88 100644 --- a/src/fsec-optimize/main.c +++ b/src/fsec-optimize/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fsec-optimize/optimizer.c b/src/fsec-optimize/optimizer.c index 69b99f595..776beaa75 100644 --- a/src/fsec-optimize/optimizer.c +++ b/src/fsec-optimize/optimizer.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h index 777bc609a..0237fd020 100644 --- a/src/fsec-print/fsec_print.h +++ b/src/fsec-print/fsec_print.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c index ed942c806..728308dac 100644 --- a/src/fsec-print/main.c +++ b/src/fsec-print/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c index 8a5d69120..5c244b000 100644 --- a/src/fsec-print/print.c +++ b/src/fsec-print/print.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fsec-print/syscall_list.c b/src/fsec-print/syscall_list.c index db443f5e2..274908cef 100644 --- a/src/fsec-print/syscall_list.c +++ b/src/fsec-print/syscall_list.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fseccomp/errno.c b/src/fseccomp/errno.c index d4c2b9249..9c5aa770c 100644 --- a/src/fseccomp/errno.c +++ b/src/fseccomp/errno.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h index e1579d098..bf55870f2 100644 --- a/src/fseccomp/fseccomp.h +++ b/src/fseccomp/fseccomp.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index faf38ade1..82b96f476 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index cdd9f3a40..7a21eb2c2 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 95c20d388..29aa2f2f5 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c index 266ef0c55..e47e8db25 100644 --- a/src/fseccomp/seccomp_file.c +++ b/src/fseccomp/seccomp_file.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c index fd0bc5a50..9a00d1884 100644 --- a/src/fseccomp/seccomp_secondary.c +++ b/src/fseccomp/seccomp_secondary.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index 1683d3140..2b112245c 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/fshaper/fshaper.sh b/src/fshaper/fshaper.sh index 30a07fb86..936a23512 100755 --- a/src/fshaper/fshaper.sh +++ b/src/fshaper/fshaper.sh | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | usage() { | 6 | usage() { |
4 | echo "Usage:" | 7 | echo "Usage:" |
diff --git a/src/ftee/ftee.h b/src/ftee/ftee.h index 0b026aa7f..aec64595d 100644 --- a/src/ftee/ftee.h +++ b/src/ftee/ftee.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/ftee/main.c b/src/ftee/main.c index f488c10a2..a1e42ed32 100644 --- a/src/ftee/main.c +++ b/src/ftee/main.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/include/common.h b/src/include/common.h index 699ed765d..c65ba0d55 100644 --- a/src/include/common.h +++ b/src/include/common.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/include/euid_common.h b/src/include/euid_common.h index 9975c72bf..d8277ade7 100644 --- a/src/include/euid_common.h +++ b/src/include/euid_common.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/include/firejail_user.h b/src/include/firejail_user.h index 21311bc5d..a8d269daa 100644 --- a/src/include/firejail_user.h +++ b/src/include/firejail_user.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/include/ldd_utils.h b/src/include/ldd_utils.h index c9e8b4098..29dd8926e 100644 --- a/src/include/ldd_utils.h +++ b/src/include/ldd_utils.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/include/pid.h b/src/include/pid.h index 9d4735bdd..1f15d3c68 100644 --- a/src/include/pid.h +++ b/src/include/pid.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/include/rundefs.h b/src/include/rundefs.h index df135b9ca..7f9c68be2 100644 --- a/src/include/rundefs.h +++ b/src/include/rundefs.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -49,6 +49,12 @@ | |||
49 | #define RUN_LIB_DIR RUN_MNT_DIR "/lib" | 49 | #define RUN_LIB_DIR RUN_MNT_DIR "/lib" |
50 | #define RUN_LIB_FILE RUN_MNT_DIR "/libfiles" | 50 | #define RUN_LIB_FILE RUN_MNT_DIR "/libfiles" |
51 | #define RUN_DNS_ETC RUN_MNT_DIR "/dns-etc" | 51 | #define RUN_DNS_ETC RUN_MNT_DIR "/dns-etc" |
52 | #define RUN_DHCLIENT_DIR RUN_MNT_DIR "/dhclient" | ||
53 | #define RUN_DHCLIENT_4_LEASES_FILE RUN_DHCLIENT_DIR "/dhclient.leases" | ||
54 | #define RUN_DHCLIENT_6_LEASES_FILE RUN_DHCLIENT_DIR "/dhclient6.leases" | ||
55 | #define RUN_DHCLIENT_4_LEASES_FILE RUN_DHCLIENT_DIR "/dhclient.leases" | ||
56 | #define RUN_DHCLIENT_4_PID_FILE RUN_DHCLIENT_DIR "/dhclient.pid" | ||
57 | #define RUN_DHCLIENT_6_PID_FILE RUN_DHCLIENT_DIR "/dhclient6.pid" | ||
52 | 58 | ||
53 | #define RUN_SECCOMP_DIR RUN_MNT_DIR "/seccomp" | 59 | #define RUN_SECCOMP_DIR RUN_MNT_DIR "/seccomp" |
54 | #define RUN_SECCOMP_LIST RUN_SECCOMP_DIR "/seccomp.list" // list of seccomp files installed | 60 | #define RUN_SECCOMP_LIST RUN_SECCOMP_DIR "/seccomp.list" // list of seccomp files installed |
diff --git a/src/include/seccomp.h b/src/include/seccomp.h index 6af84f821..80a83df34 100644 --- a/src/include/seccomp.h +++ b/src/include/seccomp.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/include/syscall.h b/src/include/syscall.h index 766f771cf..e11c56a05 100644 --- a/src/include/syscall.h +++ b/src/include/syscall.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/lib/common.c b/src/lib/common.c index 3a7f910e1..1fd317d4f 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c index f7234cc08..dbf2ca94b 100644 --- a/src/lib/firejail_user.c +++ b/src/lib/firejail_user.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/lib/ldd_utils.c b/src/lib/ldd_utils.c index 453c7e9dc..32bfb0974 100644 --- a/src/lib/ldd_utils.c +++ b/src/lib/ldd_utils.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/lib/pid.c b/src/lib/pid.c index 04bc8d132..cad0e5424 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
@@ -17,6 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | |||
20 | #include "../include/common.h" | 21 | #include "../include/common.h" |
21 | #include "../include/pid.h" | 22 | #include "../include/pid.h" |
22 | #include <string.h> | 23 | #include <string.h> |
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c index b2f64f18e..c86faa329 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.c +++ b/src/libpostexecseccomp/libpostexecseccomp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c index 93fa9d5f8..a27fa7a03 100644 --- a/src/libtrace/libtrace.c +++ b/src/libtrace/libtrace.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index 3641a81af..9102a8ef6 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 719a80c2c..84aed41a4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -582,6 +582,33 @@ net eth0 | |||
582 | ip none | 582 | ip none |
583 | 583 | ||
584 | .TP | 584 | .TP |
585 | \fBip dhcp | ||
586 | Acquire an IP address and default gateway for the last interface defined by a | ||
587 | net command, as well as set the DNS servers according to the DHCP response. | ||
588 | This command requires the ISC dhclient DHCP client to be installed and will start | ||
589 | it automatically inside the sandbox. | ||
590 | .br | ||
591 | |||
592 | .br | ||
593 | Example: | ||
594 | .br | ||
595 | net br0 | ||
596 | .br | ||
597 | ip dhcp | ||
598 | .br | ||
599 | |||
600 | .br | ||
601 | This command should not be used in conjunction with the dns command if the | ||
602 | DHCP server is set to configure DNS servers for the clients, because the | ||
603 | manually specified DNS servers will be overwritten. | ||
604 | |||
605 | .br | ||
606 | The DHCP client will NOT release the DHCP lease when the sandbox terminates. | ||
607 | If your DHCP server requires leases to be explicitly released, consider running | ||
608 | a DHCP client and releasing the lease manually in conjunction with the | ||
609 | net none command. | ||
610 | |||
611 | .TP | ||
585 | \fBip6 address | 612 | \fBip6 address |
586 | Assign IPv6 addresses to the last network interface defined by a net command. | 613 | Assign IPv6 addresses to the last network interface defined by a net command. |
587 | .br | 614 | .br |
@@ -594,6 +621,32 @@ net eth0 | |||
594 | ip6 2001:0db8:0:f101::1/64 | 621 | ip6 2001:0db8:0:f101::1/64 |
595 | 622 | ||
596 | .TP | 623 | .TP |
624 | \fBip6 dhcp | ||
625 | Acquire an IPv6 address and default gateway for the last interface defined by a | ||
626 | net command, as well as set the DNS servers according to the DHCP response. | ||
627 | This command requires the ISC dhclient DHCP client to be installed and will start | ||
628 | it automatically inside the sandbox. | ||
629 | .br | ||
630 | |||
631 | .br | ||
632 | Example: | ||
633 | .br | ||
634 | net br0 | ||
635 | .br | ||
636 | ip6 dhcp | ||
637 | .br | ||
638 | |||
639 | .br | ||
640 | This command should not be used in conjunction with the dns command if the | ||
641 | DHCP server is set to configure DNS servers for the clients, because the | ||
642 | manually specified DNS servers will be overwritten. | ||
643 | |||
644 | .br | ||
645 | The DHCP client will NOT release the DHCP lease when the sandbox terminates. | ||
646 | If your DHCP server requires leases to be explicitly released, consider running | ||
647 | a DHCP client and releasing the lease manually. | ||
648 | |||
649 | .TP | ||
597 | \fBiprange address,address | 650 | \fBiprange address,address |
598 | Assign an IP address in the provided range to the last network | 651 | Assign an IP address in the provided range to the last network |
599 | interface defined by a net command. A default gateway is assigned by default. | 652 | interface defined by a net command. A default gateway is assigned by default. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 32ac07d72..4b1134686 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -567,6 +567,31 @@ If the corresponding interface doesn't have an IP address configured, this | |||
567 | option is enabled by default. | 567 | option is enabled by default. |
568 | 568 | ||
569 | .TP | 569 | .TP |
570 | \fB\-\-ip=dhcp | ||
571 | Acquire an IP address and default gateway for the last interface defined by a | ||
572 | \-\-net option, as well as set the DNS servers according to the DHCP response. | ||
573 | This option requires the ISC dhclient DHCP client to be installed and will start | ||
574 | it automatically inside the sandbox. | ||
575 | .br | ||
576 | |||
577 | .br | ||
578 | Example: | ||
579 | .br | ||
580 | $ firejail \-\-net=br0 \-\-ip=dhcp | ||
581 | .br | ||
582 | |||
583 | .br | ||
584 | This option should not be used in conjunction with the \-\-dns option if the | ||
585 | DHCP server is set to configure DNS servers for the clients, because the | ||
586 | manually specified DNS servers will be overwritten. | ||
587 | |||
588 | .br | ||
589 | The DHCP client will NOT release the DHCP lease when the sandbox terminates. | ||
590 | If your DHCP server requires leases to be explicitly released, consider running | ||
591 | a DHCP client and releasing the lease manually in conjunction with the | ||
592 | \-\-net=none option. | ||
593 | |||
594 | .TP | ||
570 | \fB\-\-ip6=address | 595 | \fB\-\-ip6=address |
571 | Assign IPv6 addresses to the last network interface defined by a \-\-net option. | 596 | Assign IPv6 addresses to the last network interface defined by a \-\-net option. |
572 | .br | 597 | .br |
@@ -579,6 +604,30 @@ $ firejail \-\-net=eth0 \-\-ip6=2001:0db8:0:f101::1/64 firefox | |||
579 | Note: you don't need this option if you obtain your ip6 address from router via SLAAC (your ip6 address and default route will be configured by kernel automatically). | 604 | Note: you don't need this option if you obtain your ip6 address from router via SLAAC (your ip6 address and default route will be configured by kernel automatically). |
580 | 605 | ||
581 | .TP | 606 | .TP |
607 | \fB\-\-ip6=dhcp | ||
608 | Acquire an IPv6 address and default gateway for the last interface defined by a | ||
609 | \-\-net option, as well as set the DNS servers according to the DHCP response. | ||
610 | This option requires the ISC dhclient DHCP client to be installed and will start | ||
611 | it automatically inside the sandbox. | ||
612 | .br | ||
613 | |||
614 | .br | ||
615 | Example: | ||
616 | .br | ||
617 | $ firejail \-\-net=br0 \-\-ip6=dhcp | ||
618 | .br | ||
619 | |||
620 | .br | ||
621 | This option should not be used in conjunction with the \-\-dns option if the | ||
622 | DHCP server is set to configure DNS servers for the clients, because the | ||
623 | manually specified DNS servers will be overwritten. | ||
624 | |||
625 | .br | ||
626 | The DHCP client will NOT release the DHCP lease when the sandbox terminates. | ||
627 | If your DHCP server requires leases to be explicitly released, consider running | ||
628 | a DHCP client and releasing the lease manually. | ||
629 | |||
630 | .TP | ||
582 | \fB\-\-iprange=address,address | 631 | \fB\-\-iprange=address,address |
583 | Assign an IP address in the provided range to the last network interface defined by a \-\-net option. A | 632 | Assign an IP address in the provided range to the last network interface defined by a \-\-net option. A |
584 | default gateway is assigned by default. | 633 | default gateway is assigned by default. |
@@ -2235,7 +2284,7 @@ $ firejail --tunnel firefox | |||
2235 | .br | 2284 | .br |
2236 | .TP | 2285 | .TP |
2237 | \fB\-\-version | 2286 | \fB\-\-version |
2238 | Print program version and exit. | 2287 | Print program version/compile time support and exit. |
2239 | .br | 2288 | .br |
2240 | 2289 | ||
2241 | .br | 2290 | .br |
@@ -2245,6 +2294,20 @@ $ firejail \-\-version | |||
2245 | .br | 2294 | .br |
2246 | firejail version 0.9.27 | 2295 | firejail version 0.9.27 |
2247 | 2296 | ||
2297 | Compile time support: | ||
2298 | - AppArmor support is enabled | ||
2299 | - AppImage support is enabled | ||
2300 | - chroot support is enabled | ||
2301 | - file and directory whitelisting support is enabled | ||
2302 | - file transfer support is enabled | ||
2303 | - firetunnel support is enabled | ||
2304 | - networking support is enabled | ||
2305 | - overlayfs support is enabled | ||
2306 | - private-home support is enabled | ||
2307 | - seccomp-bpf support is enabled | ||
2308 | - user namespace support is enabled | ||
2309 | - X11 sandboxing support is enabled | ||
2310 | .br | ||
2248 | .TP | 2311 | .TP |
2249 | \fB\-\-veth-name=name | 2312 | \fB\-\-veth-name=name |
2250 | Use this name for the interface connected to the bridge for --net=bridge_interface commands, | 2313 | Use this name for the interface connected to the bridge for --net=bridge_interface commands, |
diff --git a/src/tools/check-caps.sh b/src/tools/check-caps.sh index 13525677b..34ac5993d 100755 --- a/src/tools/check-caps.sh +++ b/src/tools/check-caps.sh | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | if [ $# -eq 0 ] | 6 | if [ $# -eq 0 ] |
4 | then | 7 | then |
diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c index 24c2b1bd1..d76749e44 100644 --- a/src/tools/extract_caps.c +++ b/src/tools/extract_caps.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/tools/extract_errnos.sh b/src/tools/extract_errnos.sh index 43b225828..286fdd767 100644 --- a/src/tools/extract_errnos.sh +++ b/src/tools/extract_errnos.sh | |||
@@ -1,3 +1,8 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
1 | echo -e "#include <errno.h>\n#include <attr/xattr.h>" | \ | 6 | echo -e "#include <errno.h>\n#include <attr/xattr.h>" | \ |
2 | cpp -dD | \ | 7 | cpp -dD | \ |
3 | grep "^#define E" | \ | 8 | grep "^#define E" | \ |
diff --git a/src/tools/extract_syscalls.c b/src/tools/extract_syscalls.c index d762d283b..83c2f65f3 100644 --- a/src/tools/extract_syscalls.c +++ b/src/tools/extract_syscalls.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh index d4a68e397..b21418d5c 100755 --- a/src/tools/mkcoverit.sh +++ b/src/tools/mkcoverit.sh | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | # unpack firejail archive | 6 | # unpack firejail archive |
4 | ARCFIREJAIL=`ls *.tar.xz| grep firejail` | 7 | ARCFIREJAIL=`ls *.tar.xz| grep firejail` |
diff --git a/src/tools/testuid.c b/src/tools/testuid.c index 2f85d0252..ad3d2be5f 100644 --- a/src/tools/testuid.c +++ b/src/tools/testuid.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2019 Firejail Authors | 2 | * Copyright (C) 2014-2020 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/tools/ttytest.c b/src/tools/ttytest.c index a449bf9ba..beaeb4fbe 100644 --- a/src/tools/ttytest.c +++ b/src/tools/ttytest.c | |||
@@ -1,3 +1,23 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2020 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
1 | #define _XOPEN_SOURCE 600 | 21 | #define _XOPEN_SOURCE 600 |
2 | #include <stdlib.h> | 22 | #include <stdlib.h> |
3 | #include <stdio.h> | 23 | #include <stdio.h> |
diff --git a/src/tools/unixsocket.c b/src/tools/unixsocket.c index c4302eed3..0987deb7a 100644 --- a/src/tools/unixsocket.c +++ b/src/tools/unixsocket.c | |||
@@ -1,3 +1,23 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2020 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
1 | #include <stdio.h> | 21 | #include <stdio.h> |
2 | #include <sys/types.h> | 22 | #include <sys/types.h> |
3 | #include <sys/socket.h> | 23 | #include <sys/socket.h> |