From 2c769485e9ef48d6755d8f05bd6c05f00bf95d57 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 22 Aug 2020 10:21:16 -0400
Subject: firemon fix for xdg-bus-proxy

---
 src/firejail/dbus.c   | 2 +-
 src/firejail/main.c   | 1 +
 src/firemon/firemon.c | 7 ++++++-
 src/include/common.h  | 4 ++++
 4 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index 6609e48bd..36d110ac7 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -41,7 +41,7 @@
 #define DBUS_USER_PROXY_SOCKET_FORMAT DBUS_USER_DIR_FORMAT "/%d-user"
 #define DBUS_SYSTEM_PROXY_SOCKET_FORMAT DBUS_USER_DIR_FORMAT "/%d-system"
 #define DBUS_MAX_NAME_LENGTH 255
-#define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy"
+// moved to include/common.h - #define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy"
 
 static pid_t dbus_proxy_pid = 0;
 static int dbus_proxy_status_fd = -1;
diff --git a/src/firejail/main.c b/src/firejail/main.c
index df890ecea..96ba83cef 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -523,6 +523,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
 		if (checkcfg(CFG_SECCOMP)) {
 			// print seccomp filter for a sandbox specified by pid or by name
 			pid_t pid = require_pid(argv[i] + 17);
+printf("pid %d\n", pid);
 			protocol_print_filter(pid);
 		}
 		else
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 39c05d63e..952659e39 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -70,6 +70,11 @@ int find_child(int id) {
 	// find the first child
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 2 && pids[i].parent == id) {
+			// skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering)
+			char *cmdline = pid_proc_cmdline(i);
+			if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0)
+				continue;
+
 			first_child = i;
 			break;
 		}
@@ -78,7 +83,7 @@ int find_child(int id) {
 	if (first_child == -1)
 		return -1;
 
-	// find the second child
+	// find the second-level child
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 3 && pids[i].parent == first_child)
 			return i;
diff --git a/src/include/common.h b/src/include/common.h
index 025f3c247..68d60fef3 100644
--- a/src/include/common.h
+++ b/src/include/common.h
@@ -32,6 +32,10 @@
 #include <ctype.h>
 #include <assert.h>
 
+// dbus proxy path used by firejail and firemon
+#define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy"
+
+
 #define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
 
 // check if processes run with dumpable flag set
-- 
cgit v1.2.3-70-g09d2