From 46a15d38d347fe012b25a913c381a128a392edb0 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 17 Aug 2016 10:27:58 -0400
Subject: firemon fixes for x11 sandboxes

---
 src/lib/pid.c | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

(limited to 'src/lib/pid.c')

diff --git a/src/lib/pid.c b/src/lib/pid.c
index d1ade389e..4540247a0 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -340,18 +340,14 @@ void pid_read(pid_t mon_pid) {
 					exit(1);
 				}
 
-				if (mon_pid == 0 && strncmp(ptr, "firejail", 8) == 0) {
-					pids[pid].level = 1;
+				if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 || mon_pid == pid)) {
+					if (pid_proc_cmdline_x11(pid)) {
+						printf("--x11 detected for pid %d\n", pid);
+						pids[pid].level = -1;
+					}
+					else
+						pids[pid].level = 1;
 				}
-				else if (mon_pid == pid && strncmp(ptr, "firejail", 8) == 0) {
-					pids[pid].level = 1;
-				}
-//				else if (mon_pid == 0 && strncmp(ptr, "lxc-execute", 11) == 0) {
-//					pids[pid].level = 1;
-//				}
-//				else if (mon_pid == pid && strncmp(ptr, "lxc-execute", 11) == 0) {
-//					pids[pid].level = 1;
-//				}
 				else
 					pids[pid].level = -1;
 			}
-- 
cgit v1.2.3-70-g09d2