From c92dc59bef0d34541c10fd535d91d876d214a5d8 Mon Sep 17 00:00:00 2001
From: root <root@debian>
Date: Mon, 25 Apr 2016 09:54:17 -0400
Subject: fixed interface/defaultgw problem

---
 src/firejail/sandbox.c       | 25 ++++++++++++++++---------
 test/compile/compile.sh      |  2 +-
 test/dist-compile/compile.sh |  2 +-
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 3f3564295..4473e306c 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -539,6 +539,7 @@ int sandbox(void* sandbox_arg) {
 	//****************************
 	// networking
 	//****************************
+	int gw_cfg_failed = 0; // default gw configuration flag
 	if (arg_nonetwork) {
 		net_if_up("lo");
 		if (arg_debug)
@@ -564,13 +565,6 @@ int sandbox(void* sandbox_arg) {
 			net_config_mac(cfg.bridge3.devsandbox, cfg.bridge3.macsandbox);
 		sandbox_if_up(&cfg.bridge3);
 		
-		// add a default route
-		if (cfg.defaultgw) {
-			// set the default route
-			if (net_add_route(0, 0, cfg.defaultgw))
-				fprintf(stderr, "Warning: cannot configure default route\n");
-		}
-		
 		// enable interfaces
 		if (cfg.interface0.configured && cfg.interface0.ip) {
 			if (arg_debug)
@@ -597,6 +591,15 @@ int sandbox(void* sandbox_arg) {
 			net_if_up(cfg.interface3.dev);
 		}			
 			
+		// add a default route
+		if (cfg.defaultgw) {
+			// set the default route
+			if (net_add_route(0, 0, cfg.defaultgw)) {
+				fprintf(stderr, "Warning: cannot configure default route\n");
+				gw_cfg_failed = 1;
+			}
+		}
+
 		if (arg_debug)
 			printf("Network namespace enabled\n");
 	}
@@ -612,8 +615,12 @@ int sandbox(void* sandbox_arg) {
 			printf("\n");
 			if (any_bridge_configured() || any_interface_configured())
 				net_ifprint();
-			if (cfg.defaultgw != 0)
-				printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw));
+			if (cfg.defaultgw != 0) {
+				if (gw_cfg_failed)
+					printf("Default gateway configuration failed\n");
+				else
+					printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw));
+			}
 			if (cfg.dns1 != 0)
 				printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1));
 			if (cfg.dns2 != 0)
diff --git a/test/compile/compile.sh b/test/compile/compile.sh
index e3e9bef2b..c6b1d1928 100755
--- a/test/compile/compile.sh
+++ b/test/compile/compile.sh
@@ -15,7 +15,7 @@ arr[9]="TEST 9: compile file transfer disabled"
 cleanup() {
 	rm -f report*
 	rm -fr firejail
-	rm oc* om*
+	rm -f oc* om*
 }
 
 print_title() {
diff --git a/test/dist-compile/compile.sh b/test/dist-compile/compile.sh
index a9c1656ee..e0d29281b 100755
--- a/test/dist-compile/compile.sh
+++ b/test/dist-compile/compile.sh
@@ -15,7 +15,7 @@ arr[9]="TEST 9: compile file transfer disabled"
 cleanup() {
 	rm -f report*
 	rm -fr firejail
-	rm oc* om*
+	rm -f oc* om*
 }
 
 print_title() {
-- 
cgit v1.2.3-54-g00ecf