2 files changed, 4 insertions, 7 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c
index 9cc4cd75d..4259644f7 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -365,8 +365,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
                                printf("changing root to %s\n", rootdir);
                }
-                prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
                EUID_USER();
                if (chdir("/") < 0)
                        errExit("chdir");
@@ -460,6 +458,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
                }
                drop_privs(arg_nogroups);
+                prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
                start_application(0, NULL);
                // it will never get here!!!
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 6a9977455..475779f47 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -984,8 +984,6 @@ int sandbox(void* sandbox_arg) {
        //****************************
        // set application environment
        //****************************
-        prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
        EUID_USER();
        int cwd = 0;
        if (cfg.cwd) {
@@ -1153,6 +1151,7 @@ int sandbox(void* sandbox_arg) {
        // drop privileges, fork the application and monitor it
        //****************************************
        drop_privs(arg_nogroups);
+        prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
        pid_t app_pid = fork();
        if (app_pid == -1)
                errExit("fork");
@@ -1172,9 +1171,8 @@ int sandbox(void* sandbox_arg) {
 #endif
                // set rlimits
                set_rlimits();
+                // start app
-                prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
+                start_application(0, fp);
-                start_application(0, fp);       // start app
        }
        fclose(fp);

diff --git a/src/firejail/join.c b/src/firejail/join.c index 9cc4cd75d..4259644f7 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c
@@ -365,8 +365,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
365	printf("changing root to %s\n", rootdir);	365	printf("changing root to %s\n", rootdir);
366	}	366	}
367		367
368	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
369
370	EUID_USER();	368	EUID_USER();
371	if (chdir("/") < 0)	369	if (chdir("/") < 0)
372	errExit("chdir");	370	errExit("chdir");
@@ -460,6 +458,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
460	}	458	}
461		459
462	drop_privs(arg_nogroups);	460	drop_privs(arg_nogroups);
		461	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
463	start_application(0, NULL);	462	start_application(0, NULL);
464		463
465	// it will never get here!!!	464	// it will never get here!!!


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 6a9977455..475779f47 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -984,8 +984,6 @@ int sandbox(void* sandbox_arg) {
984	//****************************	984	//****************************
985	// set application environment	985	// set application environment
986	//****************************	986	//****************************
987	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
988
989	EUID_USER();	987	EUID_USER();
990	int cwd = 0;	988	int cwd = 0;
991	if (cfg.cwd) {	989	if (cfg.cwd) {
@@ -1153,6 +1151,7 @@ int sandbox(void* sandbox_arg) {
1153	// drop privileges, fork the application and monitor it	1151	// drop privileges, fork the application and monitor it
1154	//****************************************	1152	//****************************************
1155	drop_privs(arg_nogroups);	1153	drop_privs(arg_nogroups);
		1154	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
1156	pid_t app_pid = fork();	1155	pid_t app_pid = fork();
1157	if (app_pid == -1)	1156	if (app_pid == -1)
1158	errExit("fork");	1157	errExit("fork");
@@ -1172,9 +1171,8 @@ int sandbox(void* sandbox_arg) {
1172	#endif	1171	#endif
1173	// set rlimits	1172	// set rlimits
1174	set_rlimits();	1173	set_rlimits();
1175		1174	// start app
1176	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died	1175	start_application(0, fp);
1177	start_application(0, fp); // start app
1178	}	1176	}
1179		1177
1180	fclose(fp);	1178	fclose(fp);