1 files changed, 9 insertions, 17 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 3a5a21cad..a1e67c298 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -90,7 +90,6 @@ char *fullargv[MAX_ARGS];			// expanded argv for restricted shell
 int fullargc = 0;
 static pid_t child = 0;
 pid_t sandbox_pid;
-int firejail_in_firejail = 0;                   // firejail started in a firejail sandbox
 static void myexit(int rv) {
        logmsg("exiting...");
@@ -114,10 +113,8 @@ static void my_handler(int s){
 static void extract_user_data(void) {
        // check suid
        if (geteuid()) {
-                if (firejail_in_firejail == 0) {
+                fprintf(stderr, "Error: the sandbox is not setuid root\n");
-                        fprintf(stderr, "Error: the sandbox is not setuid root\n");
+                exit(1);
-                        exit(1);
-                }
        }
        struct passwd *pw = getpwuid(getuid());
@@ -392,12 +389,13 @@ int main(int argc, char **argv) {
        // check if we already have a sandbox running
        int rv = check_kernel_procs();
-        if (rv == 0)
+        if (rv == 0) {
-                firejail_in_firejail = 1;
+                // start the program directly without sandboxing
+                run_no_sandbox(argc, argv);
+                // it will never get here!
+                assert(0);
+        }
-        
        // initialize globals
        init_cfg();
        cfg.original_argv = argv;
@@ -697,6 +695,7 @@ int main(int argc, char **argv) {
                        }
                        
                        // extract private home dirname
+printf("here %s:%d\n", __FILE__, __LINE__);                     
                        cfg.home_private = argv[i] + 10;
                        fs_check_private_dir();
                        arg_private = 1;
@@ -974,13 +973,6 @@ int main(int argc, char **argv) {
                }
        }
-        // if a sandbox is already running, start the program directly without sandboxing
-        if (firejail_in_firejail) {
-                run_no_sandbox(argc, argv);
-                // it will never get here!
-                assert(0);
-        }
        // check network configuration options - it will exit if anything went wrong
        net_check_cfg();

diff --git a/src/firejail/main.c b/src/firejail/main.c index 3a5a21cad..a1e67c298 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -90,7 +90,6 @@ char *fullargv[MAX_ARGS]; // expanded argv for restricted shell
90	int fullargc = 0;	90	int fullargc = 0;
91	static pid_t child = 0;	91	static pid_t child = 0;
92	pid_t sandbox_pid;	92	pid_t sandbox_pid;
93	int firejail_in_firejail = 0; // firejail started in a firejail sandbox
94		93
95	static void myexit(int rv) {	94	static void myexit(int rv) {
96	logmsg("exiting...");	95	logmsg("exiting...");
@@ -114,10 +113,8 @@ static void my_handler(int s){
114	static void extract_user_data(void) {	113	static void extract_user_data(void) {
115	// check suid	114	// check suid
116	if (geteuid()) {	115	if (geteuid()) {
117	if (firejail_in_firejail == 0) {	116	fprintf(stderr, "Error: the sandbox is not setuid root\n");
118	fprintf(stderr, "Error: the sandbox is not setuid root\n");	117	exit(1);
119	exit(1);
120	}
121	}	118	}
122		119
123	struct passwd *pw = getpwuid(getuid());	120	struct passwd *pw = getpwuid(getuid());
@@ -392,12 +389,13 @@ int main(int argc, char **argv) {
392		389
393	// check if we already have a sandbox running	390	// check if we already have a sandbox running
394	int rv = check_kernel_procs();	391	int rv = check_kernel_procs();
395	if (rv == 0)	392	if (rv == 0) {
396	firejail_in_firejail = 1;	393	// start the program directly without sandboxing
397		394	run_no_sandbox(argc, argv);
398		395	// it will never get here!
		396	assert(0);
		397	}
399		398
400
401	// initialize globals	399	// initialize globals
402	init_cfg();	400	init_cfg();
403	cfg.original_argv = argv;	401	cfg.original_argv = argv;
@@ -697,6 +695,7 @@ int main(int argc, char **argv) {
697	}	695	}
698		696
699	// extract private home dirname	697	// extract private home dirname
		698	printf("here %s:%d\n", __FILE__, __LINE__);
700	cfg.home_private = argv[i] + 10;	699	cfg.home_private = argv[i] + 10;
701	fs_check_private_dir();	700	fs_check_private_dir();
702	arg_private = 1;	701	arg_private = 1;
@@ -974,13 +973,6 @@ int main(int argc, char **argv) {
974	}	973	}
975	}	974	}
976		975
977	// if a sandbox is already running, start the program directly without sandboxing
978	if (firejail_in_firejail) {
979	run_no_sandbox(argc, argv);
980	// it will never get here!
981	assert(0);
982	}
983
984	// check network configuration options - it will exit if anything went wrong	976	// check network configuration options - it will exit if anything went wrong
985	net_check_cfg();	977	net_check_cfg();
986		978