firejail took over the default gateway IP

[mdkent]

Bug and expected behavior
Rather than aborting, firejail took over the default gateway IP leading to a site wide issue.

Could firejail do a sanity check to make sure it's not assigning the default gateway IP to the interface?

Reproduce

# firejail --net=ens3 --profile=/etc/firejail/demo.profile bash

resulted in

Reading profile /etc/firejail/demo.profile
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: noroot option is not available
Parent pid 16929, child pid 16930
The new log directory is /proc/16930/root/var/log

Interface        MAC                IP               Mask             Status
lo                                  127.0.0.1        255.0.0.0        UP
eth0-16929       ea:8a:3a:e1:07:fd  10.20.0.1        255.255.240.0    UP
Default gateway 10.20.0.1

Child process initialized in 443.03 ms
[test] root@foo:~# 

Environment

ubuntu 18.04
firejail version 0.9.52

[netblue30]

The default gw information is extracted from /proc/self/net/route. Do a "cat /proc/self/net/route" in a terminal and post it here. This could be a bug on our side.

[mdkent]

# cat /proc/self/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT
ens3	00000000	0100140A	0003	0	0	0	00000000	0	0	0
ens3	0000140A	00000000	0001	0	0	0	00F0FFFF	0	0	0
ens4	000014AC	00000000	0001	0	0	0	00F0FFFF	0	0	0

Thanks for looking!

[netblue30]

Yes, that's our bug! Fixed in the commit above, thanks!