15 files changed, 103 insertions, 69 deletions
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 05c5681d5..0574daae6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -327,6 +327,9 @@ gradio
 gramps
 gravity-beams-and-evaporating-stars
 gthumb
+gtk-youtube-viewer
+gtk2-youtube-viewer
+gtk3-youtube-viewer
 guayadeque
 gucharmap
 gummi
@@ -816,6 +819,7 @@ xviewer
 yandex-browser
 yelp
 youtube-dl
+youtube-viewer
 zaproxy
 zart
 zathura
diff --git a/src/firejail/arp.c b/src/firejail/arp.c
index 3714af9a3..f88d0a1dd 100644
--- a/src/firejail/arp.c
+++ b/src/firejail/arp.c
@@ -239,9 +239,7 @@ int arp_check(const char *dev, uint32_t destaddr) {
                }
        }
-        // it will never get here!
+        __builtin_unreachable();
-        close(sock);
-        return -1;
 }
 // assign a random IP address and check it
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index cae52e20b..5fc6c8298 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -165,7 +165,8 @@ void fs_chroot(const char *rootdir) {
        close(fd);
        // x11
-        if (getenv("FIREJAIL_X11")) {
+        // if users want this mount, they should set FIREJAIL_CHROOT_X11
+        if (getenv("FIREJAIL_X11") || getenv("FIREJAIL_CHROOT_X11")) {
                if (arg_debug)
                        printf("Mounting /tmp/.X11-unix on chroot /tmp/.X11-unix\n");
                check_subdir(parentfd, "tmp/.X11-unix", 0);
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index ecabd7d71..c98f80d13 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -371,14 +371,14 @@ char *guess_shell(void);
 // sandbox.c
 int sandbox(void* sandbox_arg);
-void start_application(int no_sandbox, FILE *fp);
+void start_application(int no_sandbox, FILE *fp) __attribute__((noreturn));
 void set_apparmor(void);
 // network_main.c
 void net_configure_sandbox_ip(Bridge *br);
 void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child);
 void net_check_cfg(void);
-void net_dns_print(pid_t pid);
+void net_dns_print(pid_t pid) __attribute__((noreturn));
 void network_main(pid_t child);
 void net_print(pid_t pid);
@@ -453,13 +453,12 @@ void profile_add_ignore(const char *str);
 void list(void);
 void tree(void);
 void top(void);
-void netstats(void);
 // usage.c
 void usage(void);
 // join.c
-void join(pid_t pid, int argc, char **argv, int index);
+void join(pid_t pid, int argc, char **argv, int index) __attribute__((noreturn));
 bool is_ready_for_join(const pid_t pid);
 void check_join_permission(pid_t pid);
 pid_t switch_to_child(pid_t pid);
@@ -486,7 +485,7 @@ int macro_id(const char *name);
 // util.c
-void errLogExit(char* fmt, ...);
+void errLogExit(char* fmt, ...) __attribute__((noreturn));
 void fwarning(char* fmt, ...);
 void fmessage(char* fmt, ...);
 void drop_privs(int nogroups);
@@ -584,7 +583,7 @@ int seccomp_load(const char *fname);
 int seccomp_filter_drop(bool native);
 int seccomp_filter_keep(bool native);
 int seccomp_filter_mdwx(bool native);
-void seccomp_print_filter(pid_t pid);
+void seccomp_print_filter(pid_t pid) __attribute__((noreturn));
 // caps.c
 void seccomp_load_file_list(void);
@@ -595,7 +594,7 @@ void caps_set(uint64_t caps);
 void caps_check_list(const char *clist, void (*callback)(int));
 void caps_drop_list(const char *clist);
 void caps_keep_list(const char *clist);
-void caps_print_filter(pid_t pid);
+void caps_print_filter(pid_t pid) __attribute__((noreturn));
 void caps_drop_dac_override(void);
 // fs_trace.c
@@ -618,7 +617,7 @@ void read_cpu_list(const char *str);
 void set_cpu_affinity(void);
 void load_cpu(const char *fname);
 void save_cpu(void);
-void cpu_print_filter(pid_t pid);
+void cpu_print_filter(pid_t pid) __attribute__((noreturn));
 // cgroup.c
 void save_cgroup(void);
@@ -640,7 +639,7 @@ void netns(const char *nsname);
 void netns_mounts(const char *nsname);
 // bandwidth.c
-void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up);
+void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up) __attribute__((noreturn));
 void network_set_run_file(pid_t pid);
 // fs_etc.c
@@ -650,7 +649,7 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
 // no_sandbox.c
 int check_namespace_virt(void);
 int check_kernel_procs(void);
-void run_no_sandbox(int argc, char **argv);
+void run_no_sandbox(int argc, char **argv) __attribute__((noreturn));
 #define MAX_ENVS 256                    // some sane maximum number of environment variables
 #define MAX_ENV_LEN (PATH_MAX + 32)     // FOOBAR=SOME_PATH
@@ -681,7 +680,7 @@ void fs_private_lib(void);
 // protocol.c
 void protocol_filter_save(void);
 void protocol_filter_load(const char *fname);
-void protocol_print_filter(pid_t pid);
+void protocol_print_filter(pid_t pid) __attribute__((noreturn));
 // restrict_users.c
 void restrict_users(void);
@@ -693,7 +692,7 @@ void fs_logger2int(const char *msg1, int d);
 void fs_logger3(const char *msg1, const char *msg2, const char *msg3);
 void fs_logger_print(void);
 void fs_logger_change_owner(void);
-void fs_logger_print_log(pid_t pid);
+void fs_logger_print_log(pid_t pid) __attribute__((noreturn));
 // run_symlink.c
 void run_symlink(int argc, char **argv, int run_as_is);
@@ -719,11 +718,11 @@ void fs_mkfile(const char *name);
 void fs_x11(void);
 int x11_display(void);
-void x11_start(int argc, char **argv);
+void x11_start(int argc, char **argv) __attribute__((noreturn));
-void x11_start_xpra(int argc, char **argv);
+void x11_start_xpra(int argc, char **argv) __attribute__((noreturn));
-void x11_start_xephyr(int argc, char **argv);
+void x11_start_xephyr(int argc, char **argv) __attribute__((noreturn));
 void x11_block(void);
-void x11_start_xvfb(int argc, char **argv);
+void x11_start_xvfb(int argc, char **argv) __attribute__((noreturn));
 void x11_xorg(void);
 // ls.c
@@ -733,7 +732,7 @@ enum {
        SANDBOX_FS_PUT,
        SANDBOX_FS_MAX // this should always be the last entry
 };
-void sandboxfs(int op, pid_t pid, const char *path1, const char *path2);
+void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) __attribute__((noreturn));
 // checkcfg.c
 #define DEFAULT_ARP_PROBES 2
@@ -839,7 +838,7 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc,
 // run sbox
 int sbox_run(unsigned filter, int num, ...);
 int sbox_run_v(unsigned filter, char * const arg[]);
-void sbox_exec_v(unsigned filter, char * const arg[]);
+void sbox_exec_v(unsigned filter, char * const arg[]) __attribute__((noreturn));
 // run_files.c
 void delete_run_files(pid_t pid);
diff --git a/src/firejail/join.c b/src/firejail/join.c
index 4c8555f29..f202d1a9c 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -588,7 +588,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
                start_application(0, NULL);
-                // it will never get here!!!
+                __builtin_unreachable();
        }
        EUID_USER();
diff --git a/src/firejail/main.c b/src/firejail/main.c
index f57500650..b9cb43444 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1159,8 +1159,7 @@ int main(int argc, char **argv, char **envp) {
                        // start the program directly without sandboxing
                        run_no_sandbox(argc, argv);
-                        // it will never get here!
+                        __builtin_unreachable();
-                        assert(0);
                }
        }
        EUID_ASSERT();
diff --git a/src/firejail/output.c b/src/firejail/output.c
index d4a7f464a..36cb905cb 100644
--- a/src/firejail/output.c
+++ b/src/firejail/output.c
@@ -30,6 +30,12 @@ void check_output(int argc, char **argv) {
        int enable_stderr = 0;
        for (i = 1; i < argc; i++) {
+                if (strncmp(argv[i], "--", 2) != 0) {
+                        return;
+                }
+                if (strcmp(argv[i], "--") == 0) {
+                        return;
+                }
                if (strncmp(argv[i], "--output=", 9) == 0) {
                        outindex = i;
                        break;
@@ -71,38 +77,67 @@ void check_output(int argc, char **argv) {
                }
        }
-        // build the new command line
+        int pipefd[2];
-        int len = 0;
+        if (pipe(pipefd) == -1) {
-        for (i = 0; i < argc; i++) {
+                errExit("pipe");
-                len += strlen(argv[i]) + 1; // + ' '
        }
-        len += 100 + strlen(LIBDIR) + strlen(outfile); // tee command
-        char *cmd = malloc(len + 1); // + '\0'
+        pid_t pid = fork();
-        if (!cmd)
+        if (pid == -1) {
-                errExit("malloc");
+                errExit("fork");
+        } else if (pid == 0) {
+                /* child */
+                if (dup2(pipefd[0], STDIN_FILENO) == -1) {
+                        errExit("dup2");
+                }
+                close(pipefd[1]);
+                if (pipefd[0] != STDIN_FILENO) {
+                        close(pipefd[0]);
+                }
-        char *ptr = cmd;
+                char *args[3];
-        for (i = 0; i < argc; i++) {
+                args[0] = LIBDIR "/firejail/ftee";
-                if (strncmp(argv[i], "--output=", 9) == 0)
+                args[1] = outfile;
-                        continue;
+                args[2] = NULL;
-                if (strncmp(argv[i], "--output-stderr=", 16) == 0)
+                execv(args[0], args);
-                        continue;
+                perror("execvp");
-                ptr += sprintf(ptr, "%s ", argv[i]);
+                exit(1);
        }
-        if (enable_stderr)
+        /* parent */
-                sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile);
+        if (dup2(pipefd[1], STDOUT_FILENO) == -1) {
-        else
+                errExit("dup2");
-                sprintf(ptr, " | %s/firejail/ftee %s", LIBDIR, outfile);
+        }
+        if (enable_stderr && dup2(STDOUT_FILENO, STDERR_FILENO) == -1) {
+                errExit("dup2");
+        }
+        close(pipefd[0]);
+        if (pipefd[1] != STDOUT_FILENO) {
+                close(pipefd[1]);
+        }
-        // run command
+        char **args = calloc(argc + 1, sizeof(char *));
-        char *a[4];
+        if (!args) {
-        a[0] = "/bin/bash";
+                errExit("calloc");
-        a[1] = "-c";
+        }
-        a[2] = cmd;
+        bool found_separator = false;
-        a[3] = NULL;
+        /* copy argv into args, but drop --output(-stderr) arguments */
-        execvp(a[0], a);
+        int j;
+        for (i = 0, j = 0; i < argc; i++) {
+                if (!found_separator && i > 0) {
+                        if (strncmp(argv[i], "--output=", 9) == 0) {
+                                continue;
+                        }
+                        if (strncmp(argv[i], "--output-stderr=", 16) == 0) {
+                                continue;
+                        }
+                        if (strncmp(argv[i], "--", 2) != 0 || strcmp(argv[i], "--") == 0) {
+                                found_separator = true;
+                        }
+                }
+                args[j++] = argv[i];
+        }
+        execvp(args[0], args);
        perror("execvp");
        exit(1);
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index 6402afbc6..a1594d6b9 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -90,7 +90,7 @@ void protocol_print_filter(pid_t pid) {
        exit(0);
 #else
        fwarning("--protocol not supported on this platform\n");
-        return;
+        exit(1);
 #endif
 }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 2314d5744..e42d35be5 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -666,7 +666,8 @@ int sandbox(void* sandbox_arg) {
        // ... and mount a tmpfs on top of /run/firejail/mnt directory
        preproc_mount_mnt_dir();
        // bind-mount firejail binaries and helper programs
-        if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0)
+        if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, NULL, MS_BIND, NULL) < 0 ||
+            mount(NULL, RUN_FIREJAIL_LIB_DIR, NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REMOUNT, NULL) < 0)
                errExit("mounting " RUN_FIREJAIL_LIB_DIR);
        //****************************
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index 99f11a246..57c21ce78 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -31,7 +31,7 @@
 #define O_PATH 010000000
 #endif
-static int sbox_do_exec_v(unsigned filtermask, char * const arg[]) {
+static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char * const arg[]) {
        // build a new, clean environment
        int env_index = 0;
        char *new_environment[256] = { NULL };
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 98ac184d9..ba54ca376 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -682,7 +682,7 @@ static char * get_title_arg_str() {
 }
-void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) {
+static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, int display, char *display_str) {
        EUID_ASSERT();
        int i;
        struct stat s;
@@ -921,7 +921,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) {
 }
-void x11_start_xpra_new(int argc, char **argv, char *display_str) {
+static void __attribute__((noreturn)) x11_start_xpra_new(int argc, char **argv, char *display_str) {
        EUID_ASSERT();
        int i;
        pid_t server = 0;
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index 7a55a64fb..3fba486eb 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -46,13 +46,13 @@ void firemon_sleep(int st);
 // procevent.c
-void procevent(pid_t pid);
+void procevent(pid_t pid) __attribute__((noreturn));
 // usage.c
 void usage(void);
 // top.c
-void top(void);
+void top(void) __attribute__((noreturn));
 // list.c
 void list(void);
@@ -82,7 +82,7 @@ void cgroup(pid_t pid, int print_procs);
 void tree(pid_t pid);
 // netstats.c
-void netstats(void);
+void netstats(void) __attribute__((noreturn));
 // x11.c
 void x11(pid_t pid, int print_procs);
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index 7dd08444e..45964d3a2 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -220,7 +220,7 @@ errexit:
 }
-static int procevent_monitor(const int sock, pid_t mypid) {
+static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t mypid) {
        ssize_t len;
        struct nlmsghdr *nlmsghdr;
@@ -246,8 +246,7 @@ static int procevent_monitor(const int sock, pid_t mypid) {
                int rv = select(max, &readfds, NULL, NULL, &tv);
                if (rv == -1) {
-                        fprintf(stderr, "recv: %s\n", strerror(errno));
+                        errExit("recv");
-                        return -1;
                }
                // timeout
@@ -259,7 +258,7 @@ static int procevent_monitor(const int sock, pid_t mypid) {
                if ((len = recv(sock, buf, sizeof(buf), 0)) == 0)
-                        return 0;
+                        exit(0);
                if (len == -1) {
                        if (errno == EINTR)
                                continue;
@@ -271,7 +270,7 @@ static int procevent_monitor(const int sock, pid_t mypid) {
                        }
                        else {
                                fprintf(stderr,"Error: rx socket recv call, errno %d, %s\n", errno, strerror(errno));
-                                return -1;
+                                exit(1);
                        }
                }
@@ -497,7 +496,7 @@ static int procevent_monitor(const int sock, pid_t mypid) {
                                exit(0);
                }
        }
-        return 0;
+        __builtin_unreachable();
 }
 void procevent(pid_t pid) {
@@ -515,6 +514,4 @@ void procevent(pid_t pid) {
        }
        procevent_monitor(sock, pid); // it will never return from here
-        assert(0);
-        close(sock); // quiet static analyzers
 }
diff --git a/src/include/syscall.h b/src/include/syscall.h
index 89b54170e..489da0600 100644
--- a/src/include/syscall.h
+++ b/src/include/syscall.h
@@ -32,7 +32,7 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b
 // errno.c
 void errno_print(void);
 int errno_find_name(const char *name);
-char *errno_find_nr(int nr);
+const char *errno_find_nr(int nr);
 // syscall.c
 void syscall_print(void);
diff --git a/src/lib/errno.c b/src/lib/errno.c
index d38c197ad..881c3b27e 100644
--- a/src/lib/errno.c
+++ b/src/lib/errno.c
@@ -183,7 +183,7 @@ int errno_find_name(const char *name) {
        return -1;
 }
-char *errno_find_nr(int nr) {
+const char *errno_find_nr(int nr) {
        int i;
        int elems = sizeof(errnolist) / sizeof(errnolist[0]);
        for (i = 0; i < elems; i++) {