refactor, check the sandbox status for all join options

author: smitsohu <smitsohu@gmail.com> 2018-08-20 23:34:28 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-08-20 23:34:28 +0200
commit: ec7f59b8d370c29bd229fa9124640611c0667159 (patch)
tree: 30b12ce89fd04343aa5cbf5b5254ce63cb8af9fc /src/firejail/protocol.c
parent: Document how to access local mail with thunderbird and claws-mail (fixes #1509) (diff)
download: firejail-ec7f59b8d370c29bd229fa9124640611c0667159.tar.gz
firejail-ec7f59b8d370c29bd229fa9124640611c0667159.tar.zst
firejail-ec7f59b8d370c29bd229fa9124640611c0667159.zip
1 files changed, 7 insertions, 12 deletions
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index eb3763253..9989ddb68 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -64,18 +64,13 @@ void protocol_print_filter(pid_t pid) {
        (void) pid;
 #ifdef SYS_socket
-        // if the pid is that of a firejail  process, use the pid of the first child process
+        // in case the pid is that of a firejail process, use the pid of the first child process
-        EUID_ROOT();
+        pid = switch_to_child(pid);
-        char *comm = pid_proc_comm(pid);
-        EUID_USER();
+        // now check if the pid belongs to a firejail sandbox
-        if (comm) {
+        if (invalid_sandbox(pid)) {
-                if (strcmp(comm, "firejail") == 0) {
+                fprintf(stderr, "Error: no valid sandbox\n");
-                        pid_t child;
+                exit(1);
-                        if (find_child(pid, &child) == 0) {
-                                pid = child;
-                        }
-                }
-                free(comm);
        }
        // check privileges for non-root users
author	smitsohu <smitsohu@gmail.com>	2018-08-20 23:34:28 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-08-20 23:34:28 +0200
commit	ec7f59b8d370c29bd229fa9124640611c0667159 (patch)
tree	30b12ce89fd04343aa5cbf5b5254ce63cb8af9fc /src/firejail/protocol.c
parent	Document how to access local mail with thunderbird and claws-mail (fixes #1509) (diff)
download	firejail-ec7f59b8d370c29bd229fa9124640611c0667159.tar.gz firejail-ec7f59b8d370c29bd229fa9124640611c0667159.tar.zst firejail-ec7f59b8d370c29bd229fa9124640611c0667159.zip

diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index eb3763253..9989ddb68 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c
@@ -64,18 +64,13 @@ void protocol_print_filter(pid_t pid) {
64		64
65	(void) pid;	65	(void) pid;
66	#ifdef SYS_socket	66	#ifdef SYS_socket
67	// if the pid is that of a firejail process, use the pid of the first child process	67	// in case the pid is that of a firejail process, use the pid of the first child process
68	EUID_ROOT();	68	pid = switch_to_child(pid);
69	char *comm = pid_proc_comm(pid);	69
70	EUID_USER();	70	// now check if the pid belongs to a firejail sandbox
71	if (comm) {	71	if (invalid_sandbox(pid)) {
72	if (strcmp(comm, "firejail") == 0) {	72	fprintf(stderr, "Error: no valid sandbox\n");
73	pid_t child;	73	exit(1);
74	if (find_child(pid, &child) == 0) {
75	pid = child;
76	}
77	}
78	free(comm);
79	}	74	}
80		75
81	// check privileges for non-root users	76	// check privileges for non-root users