From 497c39e89ace26b82c782b46e547afb051b771b4 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Tue, 17 Jan 2023 16:25:43 -0300
Subject: Stop forwarding own double-dash to the shell

Currently, if double-dash ("--") is passed to firejail, it is forwarded
to the user shell:

    $ firejail --debug --noprofile -- echo test 2>&1 |
      grep -e execvp -e test
    Building quoted command line: 'echo' 'test'
    Building quoted command line: 'echo' 'test'
    Running 'echo' 'test'  command through /bin/bash
    execvp argument 0: /bin/bash
    execvp argument 1: -c
    execvp argument 2: --
    execvp argument 3: 'echo' 'test'
    test

This causes issues when the user shell does not accept "--" / is not
POSIX-compatible:

    $ /bin/bash -c -- 'echo test'
    test
    $ /bin/fish -c -- 'echo test'
    fish: Unknown command: --
    fish:
    --
    ^

Fixes #5599.

Relates to #3434.

Reported-by: @iltep64
Reported-by: @ferreum
---
 src/firejail/sandbox.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 77fe73174..1afb3a293 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -580,8 +580,6 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
 			if (arg_debug)
 				printf("Running %s command through %s\n", cfg.command_line, cfg.usershell);
 			arg[index++] = "-c";
-			if (arg_doubledash)
-				arg[index++] = "--";
 			arg[index++] = cfg.command_line;
 		}
 		else if (login_shell) {
-- 
cgit v1.2.3-54-g00ecf