merges, fix for #3662 etc.

README

@@ -249,6 +249,8 @@ Danil Semelenov (https://github.com/sgtpep)
 Dara Adib (https://github.com/daradib)
 	- ssh profile fix
 	- evince profile fix
+Dario Pellegrini (https://github.com/dpellegr)
+	- allowing links in netns
 David Thole (https://github.com/TheDarkTrumpet)
 	- added profile for teams-for-linux
 Davide Beatrici (https://github.com/davidebeatrici)

etc/profile-a-l/fdns.profile

@@ -29,20 +29,20 @@ no3d
 nodvd
 nogroups
 nonewprivs
-# noroot
+noroot
 nosound
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 #seccomp
 #shell none
 
 disable-mnt
 private
 private-bin bash,fdns,sh
-# private-cache
-private-dev
+private-cache
+#private-dev
 private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl
 # private-lib
 private-tmp

src/firejail/main.c

@@ -3080,17 +3080,27 @@ int main(int argc, char **argv, char **envp) {
 	// end of signal-safe code
 	//*****************************
 
+#if 0
+// at this point the sandbox was closed and we are on our way out
+// it would make sense to move this before waitpid above to free some memory
+// crash for now as of issue #3662 from dhcp code
 	// free globals
 	if (cfg.profile) {
 		ProfileEntry *prf = cfg.profile;
 		while (prf != NULL) {
 			ProfileEntry *next = prf->next;
-			free(prf->data);
-			free(prf->link);
+printf("data #%s#\n", prf->data);
+			if (prf->data)
+				free(prf->data);
+printf("link #%s#\n", prf->link);
+			if (prf->link)
+				free(prf->link);
 			free(prf);
 			prf = next;
 		}
 	}
+#endif
+
 
 	if (WIFEXITED(status)){
 		myexit(WEXITSTATUS(status));