From d3d806ddb25249cf0c404904b3f5ffc7011204ce Mon Sep 17 00:00:00 2001 From: Kristóf Marussy Date: Fri, 27 Dec 2019 18:41:29 +0100 Subject: Allow resolv.conf be written by dhclient When dhclient is used to assign and IP to the container, it should be able to overwrite resolv.conf Therefore, we do the /etc mirroring similarly to the situation with manually configured nameservers. When both DHCP and manually set nameservers are in use, warn that the manual ones will be overwritten --- src/firejail/firejail.h | 18 ++++++++++++++++++ src/firejail/fs_hostname.c | 10 +++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a5eeb4067..bfe680d24 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -239,6 +239,24 @@ static inline int any_interface_configured(void) { return 0; } +static inline int any_ip_dhcp(void) { + if (cfg.bridge0.arg_ip_dhcp || cfg.bridge1.arg_ip_dhcp || cfg.bridge2.arg_ip_dhcp || cfg.bridge3.arg_ip_dhcp) + return 1; + else + return 0; +} + +static inline int any_ip6_dhcp(void) { + if (cfg.bridge0.arg_ip6_dhcp || cfg.bridge1.arg_ip6_dhcp || cfg.bridge2.arg_ip6_dhcp || cfg.bridge3.arg_ip6_dhcp) + return 1; + else + return 0; +} + +static inline int any_dhcp(void) { + return any_ip_dhcp() || any_ip6_dhcp(); +} + extern int arg_private; // mount private /home extern int arg_private_cache; // private home/.cache extern int arg_debug; // print debug messages diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 9da01b24c..60c65746b 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c @@ -89,7 +89,7 @@ errexit: } void fs_resolvconf(void) { - if (cfg.dns1 == NULL) + if (cfg.dns1 == NULL && !any_dhcp()) return; if (arg_debug) @@ -108,7 +108,8 @@ void fs_resolvconf(void) { if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) continue; // for resolv.conf we create a brand new file - if (strcmp(entry->d_name, "resolv.conf") == 0) + if (strcmp(entry->d_name, "resolv.conf") == 0 || + strcmp(entry->d_name, "resolv.conf.dhclient-new") == 0) continue; // printf("linking %s\n", entry->d_name); @@ -169,8 +170,11 @@ void fs_resolvconf(void) { exit(1); } - if (cfg.dns1) + if (cfg.dns1) { + if (any_dhcp()) + fwarning("network setup uses DHCP, nameservers will likely be overwritten\n"); fprintf(fp, "nameserver %s\n", cfg.dns1); + } if (cfg.dns2) fprintf(fp, "nameserver %s\n", cfg.dns2); if (cfg.dns3) -- cgit v1.2.3-54-g00ecf