From a50e86844715442008ef75aff0d466e19e473f04 Mon Sep 17 00:00:00 2001 From: Kristóf Marussy Date: Thu, 26 Dec 2019 19:08:00 +0100 Subject: Add --ip=dhcp and --ip6=dhcp options Currently, --ip=dhcp is equivalent to --ip=none and --ip6=dhcp does nothing either, except for parsing correctly --- src/firejail/firejail.h | 2 ++ src/firejail/main.c | 27 +++++++++++++++++---------- src/firejail/profile.c | 30 ++++++++++++++++++------------ 3 files changed, 37 insertions(+), 22 deletions(-) (limited to 'src') diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 03bcbda46..a5eeb4067 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -103,6 +103,8 @@ typedef struct bridge_t { // flags uint8_t arg_ip_none; // --ip=none + uint8_t arg_ip_dhcp; + uint8_t arg_ip6_dhcp; uint8_t macvlan; // set by --net=eth0 (or eth1, ...); reset by --net=br0 (or br1, ...) uint8_t configured; uint8_t scan; // set by --scan diff --git a/src/firejail/main.c b/src/firejail/main.c index 179f8ddf9..0b9ebc482 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -2144,7 +2144,10 @@ int main(int argc, char **argv) { // configure this IP address for the last bridge defined if (strcmp(argv[i] + 5, "none") == 0) br->arg_ip_none = 1; - else { + else if (strcmp(argv[i] + 5, "dhcp") == 0) { + br->arg_ip_none = 1; + br->arg_ip_dhcp = 1; + } else { if (atoip(argv[i] + 5, &br->ipsandbox)) { fprintf(stderr, "Error: invalid IP address\n"); exit(1); @@ -2184,20 +2187,24 @@ int main(int argc, char **argv) { fprintf(stderr, "Error: no network device configured\n"); exit(1); } - if (br->ip6sandbox) { + if (br->arg_ip6_dhcp || br->ip6sandbox) { fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); exit(1); } // configure this IP address for the last bridge defined - if (check_ip46_address(argv[i] + 6) == 0) { - fprintf(stderr, "Error: invalid IPv6 address\n"); - exit(1); - } - - br->ip6sandbox = strdup(argv[i] + 6); - if (br->ip6sandbox == NULL) - errExit("strdup"); + if (strcmp(argv[i] + 6, "dhcp") == 0) + br->arg_ip6_dhcp = 1; + else { + if (check_ip46_address(argv[i] + 6) == 0) { + fprintf(stderr, "Error: invalid IPv6 address\n"); + exit(1); + } + + br->ip6sandbox = strdup(argv[i] + 6); + if (br->ip6sandbox == NULL) + errExit("strdup"); + } } else exit_err_feature("networking"); diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 9a724331b..959678501 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -672,7 +672,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { // configure this IP address for the last bridge defined if (strcmp(ptr + 3, "none") == 0) br->arg_ip_none = 1; - else { + else if (strcmp(ptr + 3, "dhcp") == 0) { + br->arg_ip_none = 1; + br->arg_ip_dhcp = 1; + } else { if (atoip(ptr + 3, &br->ipsandbox)) { fprintf(stderr, "Error: invalid IP address\n"); exit(1); @@ -693,21 +696,24 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { fprintf(stderr, "Error: no network device configured\n"); exit(1); } - if (br->ip6sandbox) { + if (br->arg_ip6_dhcp || br->ip6sandbox) { fprintf(stderr, "Error: cannot configure the IP address twice for the same interface\n"); exit(1); } - // configure this IP address for the last bridge defined - if (check_ip46_address(ptr + 4) == 0) { - fprintf(stderr, "Error: invalid IPv6 address\n"); - exit(1); - } - - br->ip6sandbox = strdup(ptr + 4); - if (br->ip6sandbox == NULL) - errExit("strdup"); - + // configure this IP address for the last bridge defined + if (strcmp(ptr + 4, "dhcp") == 0) + br->arg_ip6_dhcp = 1; + else { + if (check_ip46_address(ptr + 4) == 0) { + fprintf(stderr, "Error: invalid IPv6 address\n"); + exit(1); + } + + br->ip6sandbox = strdup(ptr + 4); + if (br->ip6sandbox == NULL) + errExit("strdup"); + } } else warning_feature_disabled("networking"); -- cgit v1.2.3-54-g00ecf