diff options
-rw-r--r-- | src/firejail/dbus.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 1 | ||||
-rw-r--r-- | src/firemon/firemon.c | 7 | ||||
-rw-r--r-- | src/include/common.h | 4 |
4 files changed, 12 insertions, 2 deletions
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c index 6609e48bd..36d110ac7 100644 --- a/src/firejail/dbus.c +++ b/src/firejail/dbus.c | |||
@@ -41,7 +41,7 @@ | |||
41 | #define DBUS_USER_PROXY_SOCKET_FORMAT DBUS_USER_DIR_FORMAT "/%d-user" | 41 | #define DBUS_USER_PROXY_SOCKET_FORMAT DBUS_USER_DIR_FORMAT "/%d-user" |
42 | #define DBUS_SYSTEM_PROXY_SOCKET_FORMAT DBUS_USER_DIR_FORMAT "/%d-system" | 42 | #define DBUS_SYSTEM_PROXY_SOCKET_FORMAT DBUS_USER_DIR_FORMAT "/%d-system" |
43 | #define DBUS_MAX_NAME_LENGTH 255 | 43 | #define DBUS_MAX_NAME_LENGTH 255 |
44 | #define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy" | 44 | // moved to include/common.h - #define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy" |
45 | 45 | ||
46 | static pid_t dbus_proxy_pid = 0; | 46 | static pid_t dbus_proxy_pid = 0; |
47 | static int dbus_proxy_status_fd = -1; | 47 | static int dbus_proxy_status_fd = -1; |
diff --git a/src/firejail/main.c b/src/firejail/main.c index df890ecea..96ba83cef 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -523,6 +523,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
523 | if (checkcfg(CFG_SECCOMP)) { | 523 | if (checkcfg(CFG_SECCOMP)) { |
524 | // print seccomp filter for a sandbox specified by pid or by name | 524 | // print seccomp filter for a sandbox specified by pid or by name |
525 | pid_t pid = require_pid(argv[i] + 17); | 525 | pid_t pid = require_pid(argv[i] + 17); |
526 | printf("pid %d\n", pid); | ||
526 | protocol_print_filter(pid); | 527 | protocol_print_filter(pid); |
527 | } | 528 | } |
528 | else | 529 | else |
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 39c05d63e..952659e39 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -70,6 +70,11 @@ int find_child(int id) { | |||
70 | // find the first child | 70 | // find the first child |
71 | for (i = 0; i < max_pids; i++) { | 71 | for (i = 0; i < max_pids; i++) { |
72 | if (pids[i].level == 2 && pids[i].parent == id) { | 72 | if (pids[i].level == 2 && pids[i].parent == id) { |
73 | // skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering) | ||
74 | char *cmdline = pid_proc_cmdline(i); | ||
75 | if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) | ||
76 | continue; | ||
77 | |||
73 | first_child = i; | 78 | first_child = i; |
74 | break; | 79 | break; |
75 | } | 80 | } |
@@ -78,7 +83,7 @@ int find_child(int id) { | |||
78 | if (first_child == -1) | 83 | if (first_child == -1) |
79 | return -1; | 84 | return -1; |
80 | 85 | ||
81 | // find the second child | 86 | // find the second-level child |
82 | for (i = 0; i < max_pids; i++) { | 87 | for (i = 0; i < max_pids; i++) { |
83 | if (pids[i].level == 3 && pids[i].parent == first_child) | 88 | if (pids[i].level == 3 && pids[i].parent == first_child) |
84 | return i; | 89 | return i; |
diff --git a/src/include/common.h b/src/include/common.h index 025f3c247..68d60fef3 100644 --- a/src/include/common.h +++ b/src/include/common.h | |||
@@ -32,6 +32,10 @@ | |||
32 | #include <ctype.h> | 32 | #include <ctype.h> |
33 | #include <assert.h> | 33 | #include <assert.h> |
34 | 34 | ||
35 | // dbus proxy path used by firejail and firemon | ||
36 | #define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy" | ||
37 | |||
38 | |||
35 | #define errExit(msg) do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0) | 39 | #define errExit(msg) do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0) |
36 | 40 | ||
37 | // check if processes run with dumpable flag set | 41 | // check if processes run with dumpable flag set |