github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

remove DNS lookup for --netfilter.print and --netfilter6.print commands

Browse source
This commit is contained in:
netblue30 2023-03-07 09:50:22 -05:00
parent a12601f02a
commit 51f25677e6
4 changed files with 46 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

44
gcov.sh
View file

@ -21,29 +21,29 @@ rm -fr gcov-dir gcov-file
firejail --version
gcov_generate
make test-firecfg | grep TESTING
gcov_generate
make test-apparmor | grep TESTING
gcov_generate
#make test-firecfg | grep TESTING
#gcov_generate
#make test-apparmor | grep TESTING
#gcov_generate
make test-network | grep TESTING
gcov_generate
make test-appimage | grep TESTING
gcov_generate
make test-chroot | grep TESTING
gcov_generate
make test-sysutils | grep TESTING
gcov_generate
make test-private-etc | grep TESTING
gcov_generate
make test-profiles | grep TESTING
gcov_generate
make test-fcopy | grep TESTING
gcov_generate
#make test-appimage | grep TESTING
#gcov_generate
#make test-chroot | grep TESTING
#gcov_generate
#make test-sysutils | grep TESTING
#gcov_generate
#make test-private-etc | grep TESTING
#gcov_generate
#make test-profiles | grep TESTING
#gcov_generate
#make test-fcopy | grep TESTING
#gcov_generate
make test-fnetfilter | grep TESTING
gcov_generate
make test-fs | grep TESTING
gcov_generate
make test-utils | grep TESTING
gcov_generate
make test-environment | grep TESTING
gcov_generate
#make test-fs | grep TESTING
#gcov_generate
#make test-utils | grep TESTING
#gcov_generate
#make test-environment | grep TESTING
#gcov_generate

2
src/firejail/netfilter.c
View file

@ -248,5 +248,5 @@ void netfilter_print(pid_t pid, int ipv6) {
exit(1);
}
sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, iptables, "-vL");
sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, iptables, "-nvL");
}

22
test/network/net_netfilter.exp
View file

@ -20,7 +20,27 @@ spawn $env(SHELL)
send -- "firejail --netfilter.print=test\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED"
"ACCEPT"
}
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"lo"
}
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"ACCEPT"
}
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"state RELATED,ESTABLISHED"
}
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"ACCEPT"
}
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"icmptype 8"
}
after 500

4
test/network/network.sh
View file

@ -39,8 +39,8 @@ echo "TESTING: bandwidth (net_bandwidth.exp)"
echo "TESTING: ipv6 (ip6.exp)"
./ip6.exp
#echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)"
#./ip6_netfilter.exp
echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)"
./ip6_netfilter.exp
sudo ip link set br0 down
sudo brctl delbr br0