From 8efb4d3a7e1a99794eb27d6ec4c093a46f9d34b3 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 13 Oct 2020 08:55:35 -0400
Subject: merges, fix for #3662 etc.

---
 README                       |  2 ++
 etc/profile-a-l/fdns.profile |  8 ++++----
 src/firejail/main.c          | 14 ++++++++++++--
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/README b/README
index f6e384d4a..e394fe524 100644
--- a/README
+++ b/README
@@ -249,6 +249,8 @@ Danil Semelenov (https://github.com/sgtpep)
 Dara Adib (https://github.com/daradib)
 	- ssh profile fix
 	- evince profile fix
+Dario Pellegrini (https://github.com/dpellegr)
+	- allowing links in netns
 David Thole (https://github.com/TheDarkTrumpet)
 	- added profile for teams-for-linux
 Davide Beatrici (https://github.com/davidebeatrici)
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index 179540806..31cb1776c 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -29,20 +29,20 @@ no3d
 nodvd
 nogroups
 nonewprivs
-# noroot
+noroot
 nosound
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 #seccomp
 #shell none
 
 disable-mnt
 private
 private-bin bash,fdns,sh
-# private-cache
-private-dev
+private-cache
+#private-dev
 private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl
 # private-lib
 private-tmp
diff --git a/src/firejail/main.c b/src/firejail/main.c
index daa924698..06f81a987 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -3080,17 +3080,27 @@ int main(int argc, char **argv, char **envp) {
 	// end of signal-safe code
 	//*****************************
 
+#if 0
+// at this point the sandbox was closed and we are on our way out
+// it would make sense to move this before waitpid above to free some memory
+// crash for now as of issue #3662 from dhcp code
 	// free globals
 	if (cfg.profile) {
 		ProfileEntry *prf = cfg.profile;
 		while (prf != NULL) {
 			ProfileEntry *next = prf->next;
-			free(prf->data);
-			free(prf->link);
+printf("data #%s#\n", prf->data);
+			if (prf->data)
+				free(prf->data);
+printf("link #%s#\n", prf->link);
+			if (prf->link)
+				free(prf->link);
 			free(prf);
 			prf = next;
 		}
 	}
+#endif
+
 
 	if (WIFEXITED(status)){
 		myexit(WEXITSTATUS(status));
-- 
cgit v1.2.3-54-g00ecf