4 files changed, 12 insertions, 2 deletions

diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index 6609e48bd..36d110ac7 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -41,7 +41,7 @@
 #define DBUS_USER_PROXY_SOCKET_FORMAT DBUS_USER_DIR_FORMAT "/%d-user"
 #define DBUS_SYSTEM_PROXY_SOCKET_FORMAT DBUS_USER_DIR_FORMAT "/%d-system"
 #define DBUS_MAX_NAME_LENGTH 255
-#define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy"
+// moved to include/common.h - #define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy"
 
 static pid_t dbus_proxy_pid = 0;
 static int dbus_proxy_status_fd = -1;
diff --git a/src/firejail/main.c b/src/firejail/main.c
index df890ecea..96ba83cef 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -523,6 +523,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                 if (checkcfg(CFG_SECCOMP)) {
                         // print seccomp filter for a sandbox specified by pid or by name
                         pid_t pid = require_pid(argv[i] + 17);
+printf("pid %d\n", pid);
                         protocol_print_filter(pid);
                 }
                 else
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 39c05d63e..952659e39 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -70,6 +70,11 @@ int find_child(int id) {
         // find the first child
         for (i = 0; i < max_pids; i++) {
                 if (pids[i].level == 2 && pids[i].parent == id) {
+                        // skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering)
+                        char *cmdline = pid_proc_cmdline(i);
+                        if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0)
+                                continue;
+
                         first_child = i;
                         break;
                 }
@@ -78,7 +83,7 @@ int find_child(int id) {
         if (first_child == -1)
                 return -1;
 
-        // find the second child
+        // find the second-level child
         for (i = 0; i < max_pids; i++) {
                 if (pids[i].level == 3 && pids[i].parent == first_child)
                         return i;
diff --git a/src/include/common.h b/src/include/common.h
index 025f3c247..68d60fef3 100644
--- a/src/include/common.h
+++ b/src/include/common.h
@@ -32,6 +32,10 @@
 #include <ctype.h>
 #include <assert.h>
 
+// dbus proxy path used by firejail and firemon
+#define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy"
+
+
 #define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
 
 // check if processes run with dumpable flag set