From dbab21a0187b558dd570754e914e47bc77929be8 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 22 Aug 2020 13:30:51 -0400
Subject: [PATCH] fix --join for sandboxes with xdg-dbuss-proxy

---
 src/firejail/join.c   | 1 +
 src/firejail/main.c   | 1 -
 src/firejail/util.c   | 9 +++++++--
 src/firemon/firemon.c | 6 ++++--
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/firejail/join.c b/src/firejail/join.c
index f202d1a9cc2..14eea46128b 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -398,6 +398,7 @@ pid_t switch_to_child(pid_t pid) {
 		exit(1);
 	}
 	EUID_USER();
+
 	if (strcmp(comm, "firejail") == 0) {
 		if (find_child(pid, &rv) == 1) {
 			fprintf(stderr, "Error: no valid sandbox\n");
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 96ba83cef95..df890eceaa8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -523,7 +523,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
 		if (checkcfg(CFG_SECCOMP)) {
 			// print seccomp filter for a sandbox specified by pid or by name
 			pid_t pid = require_pid(argv[i] + 17);
-printf("pid %d\n", pid);
 			protocol_print_filter(pid);
 		}
 		else
diff --git a/src/firejail/util.c b/src/firejail/util.c
index d65ac0071ea..9f878611ad1 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -647,8 +647,13 @@ int find_child(pid_t parent, pid_t *child) {
 					fprintf(stderr, "Error: cannot read /proc file\n");
 					exit(1);
 				}
-				if (parent == atoi(ptr))
-					*child = pid;
+				if (parent == atoi(ptr)) {
+					// we don't want /usr/bin/xdg-dbus-proxy!
+					char *cmdline = pid_proc_cmdline(pid);
+					if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) != 0)
+						*child = pid;
+					free(cmdline);
+				}
 				break;		  // stop reading the file
 			}
 		}
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 952659e396f..7468e3240cc 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -72,9 +72,11 @@ int find_child(int id) {
 		if (pids[i].level == 2 && pids[i].parent == id) {
 			// skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering)
 			char *cmdline = pid_proc_cmdline(i);
-			if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0)
+			if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) {
+				free(cmdline);
 				continue;
-
+			}
+			free(cmdline);
 			first_child = i;
 			break;
 		}