From c4e7912f8b9cb04c1690559f25d4b94e5ddab7a8 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 17 Jan 2022 18:03:38 +0100
Subject: following up 493a0ef306a8b610f3ed6a1b88a4dbea25e8498b

---
 src/firejail/sbox.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index d7147b8ea..a37943940 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -78,11 +78,6 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
 
 	umask(027);
 
-	// https://seclists.org/oss-sec/2021/q4/43
-	struct rlimit tozero = { .rlim_cur = 0, .rlim_max = 0 };
-	if (setrlimit(RLIMIT_CORE, &tozero))
-		errExit("setrlimit");
-
 	// apply filters
 	if (filtermask & SBOX_CAPS_NONE) {
 		caps_drop_all();
@@ -209,6 +204,11 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
 	if (filtermask & SBOX_USER)
 		drop_privs(1);
 	else if (filtermask & SBOX_ROOT) {
+		// https://seclists.org/oss-sec/2021/q4/43
+		struct rlimit tozero = { .rlim_cur = 0, .rlim_max = 0 };
+		if (setrlimit(RLIMIT_CORE, &tozero))
+			errExit("setrlimit");
+
 		// elevate privileges in order to get grsecurity working
 		if (setreuid(0, 0))
 			errExit("setreuid");
@@ -295,7 +295,8 @@ int sbox_run_v(unsigned filtermask, char * const arg[]) {
 	if (waitpid(child, &status, 0) == -1 ) {
 		errExit("waitpid");
 	}
-	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+	if (WIFSIGNALED(status) ||
+	   (WIFEXITED(status) && WEXITSTATUS(status) != 0)) {
 		fprintf(stderr, "Error: failed to run %s, exiting...\n", arg[0]);
 		exit(1);
 	}
-- 
cgit v1.2.3-70-g09d2