From d2cc6774b3316a2cebc3ab19e2eed756ea217e03 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 6 Apr 2016 19:47:39 -0400
Subject: ssh/scp/sftp fixes

---
 src/firejail/main.c             | 16 +++++++++++-----
 src/firejail/restricted_shell.c | 15 ++++++++++++++-
 src/firejail/sandbox.c          |  7 +++++++
 src/man/firejail-login.txt      |  2 +-
 4 files changed, 33 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 166ca1b89..9df4653cd 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -787,8 +787,10 @@ int main(int argc, char **argv) {
 		char *comm = pid_proc_comm(ppid);
 		EUID_USER();
 		if (comm) {
-			if (strcmp(comm, "sshd") == 0)
+			if (strcmp(comm, "sshd") == 0) {
+				arg_quiet = 1;
 				parent_sshd = 1;
+			}
 			free(comm);
 		}
 	}
@@ -817,9 +819,11 @@ int main(int argc, char **argv) {
 		run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized
 		
 		if (strcmp(argv[i], "--debug") == 0) {
-			arg_debug = 1;
-			if (option_force)
-				printf("Entering sandbox-in-sandbox mode\n");
+			if (!arg_quiet) {
+				arg_debug = 1;
+				if (option_force)
+					printf("Entering sandbox-in-sandbox mode\n");
+			}
 		}
 		else if (strcmp(argv[i], "--debug-check-filename") == 0)
 			arg_debug_check_filename = 1;
@@ -827,8 +831,10 @@ int main(int argc, char **argv) {
 			arg_debug_blacklists = 1;
 		else if (strcmp(argv[i], "--debug-whitelists") == 0)
 			arg_debug_whitelists = 1;
-		else if (strcmp(argv[i], "--quiet") == 0)
+		else if (strcmp(argv[i], "--quiet") == 0) {
 			arg_quiet = 1;
+			arg_debug = 0;
+		}
 		else if (strcmp(argv[i], "--force") == 0)
 			;
 
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
index da4e9d332..ee6e94957 100644
--- a/src/firejail/restricted_shell.c
+++ b/src/firejail/restricted_shell.c
@@ -61,7 +61,20 @@ int restricted_shell(const char *user) {
 		ptr = strchr(args, '\n');
 		if (ptr)
 			*ptr = '\0';
-			
+		
+		// if nothing follows, continue
+		char *ptr2 = args;
+		int found = 0;
+		while (*ptr2 != '\0') {
+			if (*ptr2 != ' ' && *ptr2 != '\t') {
+				found = 1;
+				break;
+			}
+		}
+		if (!found)
+			continue;
+		
+		// process user
 		if (strcmp(user, usr) == 0) {
 			restricted_user = strdup(user);
 		    	// extract program arguments
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index ccddeb888..d148c1f40 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -131,9 +131,16 @@ static void chk_chroot(void) {
 }
 
 static int monitor_application(pid_t app_pid) {
+
+
 	int status;
 	while (app_pid) {
 		usleep(20000);
+		char *msg;
+		if (asprintf(&msg, "monitoring pid %d\n", app_pid) == -1)
+			errExit("asprintf");
+		logmsg(msg);
+		free(msg);
 
 		pid_t rv;
 		do {
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt
index 2825ca4cf..6cd9ce3cb 100644
--- a/src/man/firejail-login.txt
+++ b/src/man/firejail-login.txt
@@ -11,7 +11,7 @@ a user name followed by the arguments passed to firejail. The format is as follo
 
 Example:
 
-	netblue:--debug --net=none
+	netblue:--net=none --protocol=unix
 
 .SH RESTRICTED SHELL
 To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in
-- 
cgit v1.2.3-54-g00ecf