diff --git a/src/firejail/join.c b/src/firejail/join.c index f202d1a9cc2..14eea46128b 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c @@ -398,6 +398,7 @@ pid_t switch_to_child(pid_t pid) { exit(1); } EUID_USER(); + if (strcmp(comm, "firejail") == 0) { if (find_child(pid, &rv) == 1) { fprintf(stderr, "Error: no valid sandbox\n"); diff --git a/src/firejail/main.c b/src/firejail/main.c index 96ba83cef95..df890eceaa8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -523,7 +523,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { if (checkcfg(CFG_SECCOMP)) { // print seccomp filter for a sandbox specified by pid or by name pid_t pid = require_pid(argv[i] + 17); -printf("pid %d\n", pid); protocol_print_filter(pid); } else diff --git a/src/firejail/util.c b/src/firejail/util.c index d65ac0071ea..9f878611ad1 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -647,8 +647,13 @@ int find_child(pid_t parent, pid_t *child) { fprintf(stderr, "Error: cannot read /proc file\n"); exit(1); } - if (parent == atoi(ptr)) - *child = pid; + if (parent == atoi(ptr)) { + // we don't want /usr/bin/xdg-dbus-proxy! + char *cmdline = pid_proc_cmdline(pid); + if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) != 0) + *child = pid; + free(cmdline); + } break; // stop reading the file } } diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 952659e396f..7468e3240cc 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c @@ -72,9 +72,11 @@ int find_child(int id) { if (pids[i].level == 2 && pids[i].parent == id) { // skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering) char *cmdline = pid_proc_cmdline(i); - if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) + if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) { + free(cmdline); continue; - + } + free(cmdline); first_child = i; break; }