fix --dns.print for systemd-resolvd systems

1 files changed, 27 insertions, 14 deletions

diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index 172395146..91f1274bd 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -24,6 +24,7 @@
 #include <unistd.h>
 #include <net/if.h>
 #include <stdarg.h>
+#include <sys/wait.h>
 
 // configure bridge structure
 // - extract ip address and mask from the bridge interface
@@ -250,24 +251,36 @@ void net_dns_print(pid_t pid) {
                 free(comm);
         }
 
-        char *fname;
         EUID_ROOT();
-        if (asprintf(&fname, "/proc/%d/root/etc/resolv.conf", pid) == -1)
-                errExit("asprintf");
-
-        // access /etc/resolv.conf
-        FILE *fp = fopen(fname, "r");
-        if (!fp) {
-                fprintf(stderr, "Error: cannot access /etc/resolv.conf\n");
+        if (join_namespace(pid, "mnt"))
                 exit(1);
+
+        pid_t child = fork();
+        if (child < 0)
+                errExit("fork");
+        if (child == 0) {
+                caps_drop_all();
+                if (chdir("/") < 0)
+                        errExit("chdir");
+                
+                // access /etc/resolv.conf
+                FILE *fp = fopen("/etc/resolv.conf", "r");
+                if (!fp) {
+                        fprintf(stderr, "Error: cannot access /etc/resolv.conf\n");
+                        exit(1);
+                }
+        
+                char buf[MAXBUF];
+                while (fgets(buf, MAXBUF, fp))
+                        printf("%s", buf);
+                printf("\n");
+                fclose(fp);
+                exit(0);
         }
 
-        char buf[MAXBUF];
-        while (fgets(buf, MAXBUF, fp))
-                printf("%s", buf);
-        printf("\n");
-        fclose(fp);
-        free(fname);
+        // wait for the child to finish
+        waitpid(child, NULL, 0);
+        flush_stdin();
         exit(0);
 }