join fixes

2 files changed, 23 insertions, 3 deletions

diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index d29184b7c..43b849ecf 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -286,12 +286,12 @@ static void write_seccomp_file(void) {
 // read seccomp filter from /run/firejail/mnt/seccomp
 static void read_seccomp_file(const char *fname) {
         assert(sfilter == NULL && sfilter_index == 0);
-printf("***%s***\n", fname);
+
         // check file
         struct stat s;
         if (stat(fname, &s) == -1) {
-                fprintf(stderr, "Error: seccomp file not found\n");
-                exit(1);
+                fprintf(stderr, "Warning: seccomp file not found\n");
+                return;
         }
         ssize_t sz = s.st_size;
         if (sz == 0 || (sz % sizeof(struct sock_filter)) != 0) {
diff --git a/todo b/todo
index e45d86eba..b631e6a06 100644
--- a/todo
+++ b/todo
@@ -35,3 +35,23 @@ socat ABSTRACT-LISTEN:/tmp/dbus-awBoQTCc,fork UNIX-CONNECT:/tmp/mysock
 8. profile for dillo
 Also, in dillo open a directory (file:///etc), when the browser window is closed the sandbox still remains active.
 This is probably a dillo problem.
+
+9. --force sandbox in a overlayfs sandbox
+
+$ sudo firejail --overlay
+# su netblue
+$ xterm &
+$ firejail --force --private
+Parent pid 77, child pid 78
+Warning: failed to unmount /sys
+
+Warning: cannot mount a new user namespace, going forward without it...
+Child process initialized
+
+Try to join the forced sandbox in xterm window:
+$ firejail --join=77
+Switching to pid 78, the first child process inside the sandbox
+Warning: seccomp file not found
+Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.
+$ ls ~ <----------------- all files are available, the directory is not empty!
+