From c95c03e2fe90893c7d6d3f02499f46960e2ebcff Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 5 Apr 2016 18:35:24 -0400
Subject: grsecurity: --seccomp.print

---
 src/firejail/seccomp.c |  5 +++--
 test/seccomp-print.exp | 33 +++++++++++++++++++++++++++++++++
 test/test.sh           |  3 +++
 3 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100755 test/seccomp-print.exp

diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 43b849ecf..7108b5a05 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -816,9 +816,11 @@ void seccomp_print_filter_name(const char *name) {
 
 void seccomp_print_filter(pid_t pid) {
 	EUID_ASSERT();
-	
+
 	// if the pid is that of a firejail  process, use the pid of the first child process
+	EUID_ROOT();
 	char *comm = pid_proc_comm(pid);
+	EUID_USER();
 	if (comm) {
 		if (strcmp(comm, "firejail") == 0) {
 			pid_t child;
@@ -839,7 +841,6 @@ void seccomp_print_filter(pid_t pid) {
 		}
 	}
 
-
 	// find the seccomp filter
 	EUID_ROOT();
 	char *fname;
diff --git a/test/seccomp-print.exp b/test/seccomp-print.exp
new file mode 100755
index 000000000..b4e6ed35e
--- /dev/null
+++ b/test/seccomp-print.exp
@@ -0,0 +1,33 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --name=test\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firejail --seccomp.print=test\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"EXAMINE_SYSCAL"
+}
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"init_module"
+}
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"delete_module"
+}
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"RETURN_ALLOW"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/test.sh b/test/test.sh
index 99ca4287d..34a079d07 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -9,6 +9,9 @@
 echo "TESTING: caps.print (caps-print.exp)
 ./caps-print.exp
 
+echo "TESTING: seccomp.print (seccomp-print.exp)
+./seccomp-print.exp
+
 echo "TESTING: sound (sound.exp)"
 ./sound.exp
 
-- 
cgit v1.2.3-54-g00ecf