From ef4f58a67904cb9c28a1195e9184fa292c3a055a Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 1 Sep 2020 11:55:20 +0200
Subject: shell none: avoid syscalls after seccomp_install_filters

fixes e.g. --shell=none --seccomp.drop=write --seccomp-error-action=kill
---
 src/firejail/sandbox.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index ef09a790c..5a4741a56 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -528,7 +528,10 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
 		if (!arg_command && !arg_quiet)
 			print_time();
 
-		int rv = ok_to_run(cfg.original_argv[cfg.original_program_index]);
+		if (ok_to_run(cfg.original_argv[cfg.original_program_index]) == 0) {
+			fprintf(stderr, "Error: no suitable %s executable found\n", cfg.original_argv[cfg.original_program_index]);
+			exit(1);
+		}
 
 #ifdef HAVE_GCOV
 		__gcov_dump();
@@ -538,11 +541,7 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
 #endif
 		if (set_sandbox_status)
 			*set_sandbox_status = SANDBOX_DONE;
-		if (rv)
-			execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);
-		else
-			fprintf(stderr, "Error: no suitable %s executable found\n", cfg.original_argv[cfg.original_program_index]);
-		exit(1);
+		execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);
 	}
 	//****************************************
 	// start the program using a shell
-- 
cgit v1.2.3-54-g00ecf