From 9ac3c3fa923d1a4a7fc5db6efc70215f3ee42a04 Mon Sep 17 00:00:00 2001 From: dma Date: Wed, 13 Sep 2017 18:37:39 +0000 Subject: [PATCH] Temporary workaround to drop connections from the sandbox manager that we can't further identify. --- sgfw/socks_server_chain.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sgfw/socks_server_chain.go b/sgfw/socks_server_chain.go index 11b166f..82efd71 100644 --- a/sgfw/socks_server_chain.go +++ b/sgfw/socks_server_chain.go @@ -281,6 +281,12 @@ func (c *socksChainSession) filterConnect() (bool, bool) { if pinfo == nil { pinfo = procsnitch.FindProcessForConnection(c.clientConn, c.procInfo) + // FIXME: TEMPORARY HACK + if pinfo.ExePath == "/usr/sbin/oz-daemon" { + log.Warningf("Rejecting unknown connection from /usr/bin/oz-daemon: %v", ) + return false, false + } + } if pinfo == nil {