-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot use tap device with --net= #6430
Comments
I do not get what you want. However it sounds XY to me. So can you rephrase it, start with the problem you want to solve and then your suggested fix. |
Firejail will not try to configure the interface inside the sandbox. Besides |
I added a tap device using ip command
Ping says missing cap_net_raw+p capability or setuid. @glitsj16 @rusty-snake |
If your kernel allows $ cat ~/.config/firejail/ping.local
include ping-hardened.inc.profile Otherwise, you can try: $ cat ~/.config/firejail/ping.local
caps.keep net_raw,setgid,setuid
ignore caps.keep HTH |
What's the solution for web browsers? |
If this needs the net_raw, setgid and setuid $ cat ~/.config/firejail/firefox.local
caps.keep net_raw,setgid,setuid
ignore caps.drop |
Will you let firejail automatically apply these settings for --net parameter? |
Doesn't work on
Parabola is based on ArchLinux, so it may not work on Arch too. |
And the browser cannot use the proxy. But if I use:
And input the same proxy settings again, it can use the proxy. 192.168.5.1 is the address of ta0 tap device.
The text was updated successfully, but these errors were encountered: