github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3784] Error ioctl: interface.c:302 net_if_mac: Cannot assign requested address #2386

New issue

Closed

opened 2026-05-05 09:03:54 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 09:03:54 -06:00

Owner

Originally created by @svc88 on GitHub (Dec 2, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3784

Bug and expected behavior

I Tried to randomize a mac address and use it when using a bridge/other network adapter but i only get an error when using a B in as a second letter in the first sector of a mac address
for example:
firejail --noprofile --net=eno5 --mac=4B:8B:0B:CB:1B:FC xterm

No profile and disabling firejail

What changed calling firejail --noprofile /path/to/program in a terminal? Nothing
What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)? Nothing

Reproduce
Steps to reproduce the behavior:

Run in bash firejail --noprofile --net=eno5 --mac=4B:8B:0B:CB:1B:FC xterm
See error

Parent pid 962, child pid 967
Error ioctl: interface.c:302 net_if_mac: Cannot assign requested address
Error: failed to run /run/firejail/lib/fnet
Error: proc 962 cannot sync with peer: unexpected EOF
Peer 967 unexpectedly exited with status 1

Environment

Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)
Ubuntu 18.04.5
Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)
firejail version 0.9.64 release

Additional context
This crashes with an error strangely only when using a B as a second letter in the first sector of a mac address.
Another important thing i noticed separate from the above issue, i tried entering a random invalid MAC by using the letter L in the last sector as the last letter and strangely enough it worked. Something is wrong with the validation of the mac address handling it seems?
Can you try reproduce please?

debug output

Parent pid 962, child pid 967
Error ioctl: interface.c:302 net_if_mac: Cannot assign requested address
Error: failed to run /run/firejail/lib/fnet
Error: proc 962 cannot sync with peer: unexpected EOF
Peer 967 unexpectedly exited with status 1

Originally created by @svc88 on GitHub (Dec 2, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3784 **Bug and expected behavior** - I Tried to randomize a mac address and use it when using a bridge/other network adapter but i only get an error when using a `B` in as a second letter in the first sector of a mac address for example: firejail --noprofile --net=eno5 --mac=4B:8B:0B:CB:1B:FC xterm **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? Nothing - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? Nothing **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail --noprofile --net=eno5 --mac=4B:8B:0B:CB:1B:FC xterm` 2. See error ``` Parent pid 962, child pid 967 Error ioctl: interface.c:302 net_if_mac: Cannot assign requested address Error: failed to run /run/firejail/lib/fnet Error: proc 962 cannot sync with peer: unexpected EOF Peer 967 unexpectedly exited with status 1 ``` **Environment** - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) Ubuntu 18.04.5 - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) firejail version 0.9.64 release **Additional context** This crashes with an error strangely **only** when using a `B` as a second letter in the first sector of a mac address. Another important thing i noticed separate from the above issue, i tried entering a random invalid MAC by using the letter `L` in the last sector as the last letter and strangely enough it worked. Something is wrong with the validation of the mac address handling it seems? Can you try reproduce please? <details><summary> debug output </summary> ``` Parent pid 962, child pid 967 Error ioctl: interface.c:302 net_if_mac: Cannot assign requested address Error: failed to run /run/firejail/lib/fnet Error: proc 962 cannot sync with peer: unexpected EOF Peer 967 unexpectedly exited with status 1 ``` </details>

gitea-mirror

2026-05-05 09:03:54 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 09:03:57 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Dec 2, 2020):

4B:8B:0B:CB:1B:FL

That isn't a valid MAC address.
Needs to be HEX

Edit: Apologies, you knew that. I didn't read enough.

I can indeed reproduce this exactly.

@SkewedZeppelin commented on GitHub (Dec 2, 2020): > 4B:8B:0B:CB:1B:FL That isn't a valid MAC address. Needs to be HEX Edit: Apologies, you knew that. I didn't read enough. I can indeed reproduce this exactly.

gitea-mirror commented

2026-05-05 09:03:58 -06:00

Author

Owner

@svc88 commented on GitHub (Dec 2, 2020):

Yes, in summary 2 issues i noticed:

the specific error happens with the first sector and second char position being B
and
when using ANY letter of the alphabet in the last sector of the address in the second char position will not show that it is invalid, it will execute the command nevertheless.

@svc88 commented on GitHub (Dec 2, 2020): Yes, in summary 2 issues i noticed: 1. the specific error happens with the first sector and second char position being `B` and 2. when using ANY letter of the alphabet in the last sector of the address in the second char position will not show that it is invalid, it will execute the command nevertheless.

gitea-mirror commented

2026-05-05 09:04:00 -06:00

Author

Owner

@smitsohu commented on GitHub (Dec 6, 2020):

the specific error happens with the first sector and second char position being B
and

If you go through all possible values, you'll find that even numbers work and odd numbers do not (B in your example equals 11). An odd number in this position signifies a multicast address. It is not possible to assign a multicast address to an interface this way, and most likely it is not what you want anyway.

when using ANY letter of the alphabet in the last sector of the address in the second char position will not show that it is invalid, it will execute the command nevertheless.

Good catch! Firejail should return an error here.

@smitsohu commented on GitHub (Dec 6, 2020): > the specific error happens with the first sector and second char position being B > and If you go through all possible values, you'll find that even numbers work and odd numbers do not (B in your example equals 11). An odd number in this position signifies a [multicast address](https://en.wikipedia.org/wiki/MAC_address#Unicast_vs._multicast). It is not possible to assign a multicast address to an interface this way, and most likely it is not what you want anyway. > when using ANY letter of the alphabet in the last sector of the address in the second char position will not show that it is invalid, it will execute the command nevertheless. Good catch! Firejail should return an error here.

gitea-mirror commented

2026-05-05 09:04:00 -06:00

Author

Owner

@netblue30 commented on GitHub (Dec 7, 2020):

Yes, it is a multicast address. Fixed, thanks for the bug.

@netblue30 commented on GitHub (Dec 7, 2020): Yes, it is a multicast address. Fixed, thanks for the bug.

gitea-mirror referenced this issue

2026-05-05 10:17:11 -06:00

[PR #2386] [MERGED] Temporary fix for noexec ${HOME} breakage #4282

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2386

No description provided.

Rows
Columns