fix --join for sandboxes with xdg-dbuss-proxy

netblue30 · Aug 22, 2020 · dbab21a · dbab21a
1 parent 2c76948
commit dbab21a
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 5 deletions.
diff --git a/src/firejail/join.c b/src/firejail/join.c
@@ -398,6 +398,7 @@ pid_t switch_to_child(pid_t pid) {
  exit(1);
  }
  EUID_USER();
+
  if (strcmp(comm, "firejail") == 0) {
  if (find_child(pid, &rv) == 1) {
  fprintf(stderr, "Error: no valid sandbox\n");

diff --git a/src/firejail/main.c b/src/firejail/main.c
@@ -523,7 +523,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
  if (checkcfg(CFG_SECCOMP)) {
  // print seccomp filter for a sandbox specified by pid or by name
  pid_t pid = require_pid(argv[i] + 17);
-printf("pid %d\n", pid);
  protocol_print_filter(pid);
  }
  else

diff --git a/src/firejail/util.c b/src/firejail/util.c
@@ -647,8 +647,13 @@ int find_child(pid_t parent, pid_t *child) {
  fprintf(stderr, "Error: cannot read /proc file\n");
  exit(1);
  }
- if (parent == atoi(ptr))
- *child = pid;
+ if (parent == atoi(ptr)) {
+ // we don't want /usr/bin/xdg-dbus-proxy!
+ char *cmdline = pid_proc_cmdline(pid);
+ if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) != 0)
+ *child = pid;
+ free(cmdline);
+ }
  break; // stop reading the file
  }
  }

diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
@@ -72,9 +72,11 @@ int find_child(int id) {
  if (pids[i].level == 2 && pids[i].parent == id) {
  // skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering)
  char *cmdline = pid_proc_cmdline(i);
- if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0)
+ if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) {
+ free(cmdline);
  continue;
-
+ }
+ free(cmdline);
  first_child = i;
  break;
  }