4 files changed, 12 insertions, 5 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c
index f202d1a9c..14eea4612 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -398,6 +398,7 @@ pid_t switch_to_child(pid_t pid) {
                exit(1);
        }
        EUID_USER();
        if (strcmp(comm, "firejail") == 0) {
                if (find_child(pid, &rv) == 1) {
                        fprintf(stderr, "Error: no valid sandbox\n");
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 96ba83cef..df890ecea 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -523,7 +523,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                if (checkcfg(CFG_SECCOMP)) {
                        // print seccomp filter for a sandbox specified by pid or by name
                        pid_t pid = require_pid(argv[i] + 17);
-printf("pid %d\n", pid);
                        protocol_print_filter(pid);
                }
                else
diff --git a/src/firejail/util.c b/src/firejail/util.c
index d65ac0071..9f878611a 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -647,8 +647,13 @@ int find_child(pid_t parent, pid_t *child) {
                                        fprintf(stderr, "Error: cannot read /proc file\n");
                                        exit(1);
                                }
-                                if (parent == atoi(ptr))
+                                if (parent == atoi(ptr)) {
-                                        *child = pid;
+                                        // we don't want /usr/bin/xdg-dbus-proxy!
+                                        char *cmdline = pid_proc_cmdline(pid);
+                                        if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) != 0)
+                                                *child = pid;
+                                        free(cmdline);
+                                }
                                break;            // stop reading the file
                        }
                }
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 952659e39..7468e3240 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -72,9 +72,11 @@ int find_child(int id) {
                if (pids[i].level == 2 && pids[i].parent == id) {
                        // skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering)
                        char *cmdline = pid_proc_cmdline(i);
-                        if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0)
+                        if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) {
+                                free(cmdline);
                                continue;
+                        }
+                        free(cmdline);
                        first_child = i;
                        break;
                }

diff --git a/src/firejail/join.c b/src/firejail/join.c index f202d1a9c..14eea4612 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c
@@ -398,6 +398,7 @@ pid_t switch_to_child(pid_t pid) {
398	exit(1);	398	exit(1);
399	}	399	}
400	EUID_USER();	400	EUID_USER();
		401
401	if (strcmp(comm, "firejail") == 0) {	402	if (strcmp(comm, "firejail") == 0) {
402	if (find_child(pid, &rv) == 1) {	403	if (find_child(pid, &rv) == 1) {
403	fprintf(stderr, "Error: no valid sandbox\n");	404	fprintf(stderr, "Error: no valid sandbox\n");


diff --git a/src/firejail/main.c b/src/firejail/main.c index 96ba83cef..df890ecea 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -523,7 +523,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
523	if (checkcfg(CFG_SECCOMP)) {	523	if (checkcfg(CFG_SECCOMP)) {
524	// print seccomp filter for a sandbox specified by pid or by name	524	// print seccomp filter for a sandbox specified by pid or by name
525	pid_t pid = require_pid(argv[i] + 17);	525	pid_t pid = require_pid(argv[i] + 17);
526	printf("pid %d\n", pid);
527	protocol_print_filter(pid);	526	protocol_print_filter(pid);
528	}	527	}
529	else	528	else


diff --git a/src/firejail/util.c b/src/firejail/util.c index d65ac0071..9f878611a 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c
@@ -647,8 +647,13 @@ int find_child(pid_t parent, pid_t *child) {
647	fprintf(stderr, "Error: cannot read /proc file\n");	647	fprintf(stderr, "Error: cannot read /proc file\n");
648	exit(1);	648	exit(1);
649	}	649	}
650	if (parent == atoi(ptr))	650	if (parent == atoi(ptr)) {
651	*child = pid;	651	// we don't want /usr/bin/xdg-dbus-proxy!
		652	char *cmdline = pid_proc_cmdline(pid);
		653	if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) != 0)
		654	*child = pid;
		655	free(cmdline);
		656	}
652	break; // stop reading the file	657	break; // stop reading the file
653	}	658	}
654	}	659	}


diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 952659e39..7468e3240 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c
@@ -72,9 +72,11 @@ int find_child(int id) {
72	if (pids[i].level == 2 && pids[i].parent == id) {	72	if (pids[i].level == 2 && pids[i].parent == id) {
73	// skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering)	73	// skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering)
74	char *cmdline = pid_proc_cmdline(i);	74	char *cmdline = pid_proc_cmdline(i);
75	if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0)	75	if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) {
		76	free(cmdline);
76	continue;	77	continue;
77		78	}
		79	free(cmdline);
78	first_child = i;	80	first_child = i;
79	break;	81	break;
80	}	82	}