From 39a175d692bfa8514a649449c938afbc2c12dc6f Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 13 Nov 2017 07:55:29 -0500 Subject: cleanup --- src/firejail/netfilter.c | 4 ++-- src/firejail/sbox.c | 9 +-------- 2 files changed, 3 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index cb0d9d7af..7246be8cf 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c @@ -98,7 +98,7 @@ void netfilter(const char *fname) { // first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter // we run this command with caps and seccomp disabled in order to allow the loading of these modules - sbox_run(SBOX_ROOT /* | SBOX_CAPS_NETWORK | SBOX_SECCOMP*/ | SBOX_STDIN_FROM_FILE, 1, iptables_restore); + sbox_run(SBOX_ROOT | SBOX_STDIN_FROM_FILE, 1, iptables_restore); unlink(SBOX_STDIN_FILE); // debug @@ -147,7 +147,7 @@ void netfilter6(const char *fname) { // first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter // we run this command with caps and seccomp disabled in order to allow the loading of these modules - sbox_run(SBOX_ROOT | /* SBOX_CAPS_NETWORK | SBOX_SECCOMP | */ SBOX_STDIN_FROM_FILE, 1, ip6tables_restore); + sbox_run(SBOX_ROOT | SBOX_STDIN_FROM_FILE, 1, ip6tables_restore); unlink(SBOX_STDIN_FILE); // debug diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 1d6cc2353..274a4353f 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c @@ -104,13 +104,6 @@ static struct sock_fprog prog = { .filter = filter, }; -typedef struct sbox_config { - char *name; - char *path; - unsigned filters; -} SboxConfig; - - int sbox_run(unsigned filter, int num, ...) { EUID_ROOT(); @@ -142,7 +135,7 @@ int sbox_run(unsigned filter, int num, ...) { if (filter & SBOX_STDIN_FROM_FILE) { int fd; if((fd = open(SBOX_STDIN_FILE, O_RDONLY)) == -1) { - fprintf(stderr,"Error: cannot open /tmp/netfilter\n"); + fprintf(stderr,"Error: cannot open %s\n", SBOX_STDIN_FILE); exit(1); } dup2(fd,STDIN_FILENO); -- cgit v1.2.3-70-g09d2