From 9ac3c3fa923d1a4a7fc5db6efc70215f3ee42a04 Mon Sep 17 00:00:00 2001
From: dma <dma@subgraph.com>
Date: Wed, 13 Sep 2017 18:37:39 +0000
Subject: [PATCH] Temporary workaround to drop connections from the sandbox
 manager that we can't further identify.

---
 sgfw/socks_server_chain.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sgfw/socks_server_chain.go b/sgfw/socks_server_chain.go
index 11b166f..82efd71 100644
--- a/sgfw/socks_server_chain.go
+++ b/sgfw/socks_server_chain.go
@@ -281,6 +281,12 @@ func (c *socksChainSession) filterConnect() (bool, bool) {
 
 	if pinfo == nil {
 		pinfo = procsnitch.FindProcessForConnection(c.clientConn, c.procInfo)
+		// FIXME: TEMPORARY HACK
+		if pinfo.ExePath == "/usr/sbin/oz-daemon" {
+			log.Warningf("Rejecting unknown connection from /usr/bin/oz-daemon: %v", )	
+			return false, false
+		}
+
 	}
 
 	if pinfo == nil {