From e44f60a25011e388ae9f33ce8d16b9d8cb143502 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 9 Nov 2016 09:43:31 -0500
Subject: testing

---
 src/firejail/sandbox.c | 8 ++------
 src/firejail/sbox.c    | 2 ++
 src/fnet/interface.c   | 1 +
 3 files changed, 5 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 556cb1fca..6b7f7f003 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -481,28 +481,24 @@ int sandbox(void* sandbox_arg) {
 		sandbox_if_up(&cfg.bridge3);
 		
 
-// todo: this code seems to be dead!!!
-		// enable interfaces
+		// moving an interface in a namespace using --interface will reset the interface configuration;
+		// we need to put the configuration back
 		if (cfg.interface0.configured && cfg.interface0.ip) {
-assert(0);			
 			if (arg_debug)
 				printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface0.ip), cfg.interface0.dev);
 			net_config_interface(cfg.interface0.dev, cfg.interface0.ip, cfg.interface0.mask, cfg.interface0.mtu);
 		}			
 		if (cfg.interface1.configured && cfg.interface1.ip) {
-assert(0);			
 			if (arg_debug)
 				printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface1.ip), cfg.interface1.dev);
 			net_config_interface(cfg.interface1.dev, cfg.interface1.ip, cfg.interface1.mask, cfg.interface1.mtu);
 		}			
 		if (cfg.interface2.configured && cfg.interface2.ip) {
-assert(0);			
 			if (arg_debug)
 				printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface2.ip), cfg.interface2.dev);
 			net_config_interface(cfg.interface2.dev, cfg.interface2.ip, cfg.interface2.mask, cfg.interface2.mtu);
 		}			
 		if (cfg.interface3.configured && cfg.interface3.ip) {
-assert(0);			
 			if (arg_debug)
 				printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface3.ip), cfg.interface3.dev);
 			net_config_interface(cfg.interface3.dev, cfg.interface3.ip, cfg.interface3.mask, cfg.interface3.mtu);
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index b16736dee..3d4eef3aa 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -156,9 +156,11 @@ int sbox_run(unsigned filter, int num, ...) {
 			caps_drop_all();
 		}
 		else if (filter & SBOX_CAPS_NETWORK) {
+#ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files
 			uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN;
 			set |=  ((uint64_t) 1) << CAP_NET_RAW;
 			caps_set(set);
+#endif
 		}	
 
 		if (filter & SBOX_SECCOMP) {
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index 67af062bf..046b2c972 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -284,6 +284,7 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) {
 	((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip);
 	if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) {
 		close(sock);
+		fprintf(stderr, "Error fnet: cannot find interface %s\n", ifname);
 		errExit("ioctl");
 	}
 
-- 
cgit v1.2.3-54-g00ecf