fix firejail-in-firejail again

src/firejail/bandwidth.c

@@ -125,10 +125,8 @@ void shm_create_firejail_dir(void) {
 	}
 	else { // check /dev/shm/firejail directory belongs to root end exit if doesn't!
 		if (s.st_uid != 0 || s.st_gid != 0) {
-			if (firejail_in_firejail == 0) {
-				fprintf(stderr, "Error: non-root %s directory, exiting...\n", "/dev/shm/firejail");
-				exit(1);
-			}
+			fprintf(stderr, "Error: non-root %s directory, exiting...\n", "/dev/shm/firejail");
+			exit(1);
 		}
 	}
 }

src/firejail/firejail.h

@@ -149,9 +149,6 @@ extern int arg_scan;		// arp-scan all interfaces
 extern int parent_to_child_fds[2];
 extern int child_to_parent_fds[2];
 extern pid_t sandbox_pid;
-extern int firejail_in_firejail;
-
-
 
 #define MAX_ARGS 128		// maximum number of command arguments (argc)
 extern char *fullargv[MAX_ARGS];

src/firejail/fs.c

@@ -44,10 +44,8 @@ void fs_build_firejail_dir(void) {
 	}
 	else { // check /tmp/firejail directory belongs to root end exit if doesn't!
 		if (s.st_uid != 0 || s.st_gid != 0) {
-			if (firejail_in_firejail == 0) {
-				fprintf(stderr, "Error: non-root %s directory, exiting...\n", FIREJAIL_DIR);
-				exit(1);
-			}
+			fprintf(stderr, "Error: non-root %s directory, exiting...\n", FIREJAIL_DIR);
+			exit(1);
 		}
 	}
 }

src/firejail/main.c

@@ -90,7 +90,6 @@ char *fullargv[MAX_ARGS];			// expanded argv for restricted shell
 int fullargc = 0;
 static pid_t child = 0;
 pid_t sandbox_pid;
-int firejail_in_firejail = 0;			// firejail started in a firejail sandbox
 
 static void myexit(int rv) {
 	logmsg("exiting...");
@@ -114,10 +113,8 @@ static void my_handler(int s){
 static void extract_user_data(void) {
 	// check suid
 	if (geteuid()) {
-		if (firejail_in_firejail == 0) {
-			fprintf(stderr, "Error: the sandbox is not setuid root\n");
-			exit(1);
-		}
+		fprintf(stderr, "Error: the sandbox is not setuid root\n");
+		exit(1);
 	}
 
 	struct passwd *pw = getpwuid(getuid());
@@ -392,12 +389,13 @@ int main(int argc, char **argv) {
 
 	// check if we already have a sandbox running
 	int rv = check_kernel_procs();
-	if (rv == 0)
-		firejail_in_firejail = 1;
+	if (rv == 0) {
+		// start the program directly without sandboxing
+		run_no_sandbox(argc, argv);
+		// it will never get here!
+		assert(0);
+	}
 
-
-
-	
 	// initialize globals
 	init_cfg();
 	cfg.original_argv = argv;
@@ -697,6 +695,7 @@ int main(int argc, char **argv) {
 			}
 			
 			// extract private home dirname
+printf("here %s:%d\n", __FILE__, __LINE__);			
 			cfg.home_private = argv[i] + 10;
 			fs_check_private_dir();
 			arg_private = 1;
@@ -974,13 +973,6 @@ int main(int argc, char **argv) {
 		}
 	}
 
-	// if a sandbox is already running, start the program directly without sandboxing
-	if (firejail_in_firejail) {
-		run_no_sandbox(argc, argv);
-		// it will never get here!
-		assert(0);
-	}
-
 	// check network configuration options - it will exit if anything went wrong
 	net_check_cfg();
 	

todo

@@ -27,4 +27,4 @@ Warning: failed to unmount /sys
 Child process initialized
 $
 
-3. default.profile createing problems for  --chroot, --private-home
+3. default.profile creating problems for  --chroot, --private-home