globbing - manpage

author: startx2017 <vradu.startx@yandex.com> 2017-10-15 08:44:34 -0400
committer: startx2017 <vradu.startx@yandex.com> 2017-10-15 08:44:34 -0400
commit: a780fd7eb021385eb404983b036d9190fd4c7e81 (patch)
tree: 9c9b18a6bf2b8e9ceafadbe2de6a9dda52547941
parent: Merge pull request #1604 from gosre/master (diff)
download: firejail-a780fd7eb021385eb404983b036d9190fd4c7e81.tar.gz
firejail-a780fd7eb021385eb404983b036d9190fd4c7e81.tar.zst
firejail-a780fd7eb021385eb404983b036d9190fd4c7e81.zip
1 files changed, 42 insertions, 5 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 20f2b7f8c..54a332e7f 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -140,7 +140,7 @@ Example:
 # firejail \-\-bind=/config/etc/passwd,/etc/passwd
 .TP
 \fB\-\-blacklist=dirname_or_filename
-Blacklist directory or file.
+Blacklist directory or file. File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
 .br
 .br
@@ -1009,7 +1009,7 @@ Example:
 $ firejail \-\-nodvd
 .TP
 \fB\-\-noexec=dirname_or_filename
-Remount directory or file noexec, nodev and nosuid.
+Remount directory or file noexec, nodev and nosuid. File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
 .br
 .br
@@ -1275,7 +1275,8 @@ $ firejail \-\-private-home=.mozilla firefox
 Build a new /bin in a temporary filesystem, and copy the programs in the list.
 If no listed file is found, /bin directory will be empty.
 The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin.
-All modifications are discarded when the sandbox is closed.
+All modifications are discarded when the sandbox is closed. File globbing is supported,
+see \fBFILE GLOBBING\fR section for more details.
 .br
 .br
@@ -1505,7 +1506,7 @@ Put a file in sandbox container, see \fBFILE TRANSFER\fR section for more detail
 Turn off Firejail's output.
 .TP
 \fB\-\-read-only=dirname_or_filename
-Set directory or file read-only.
+Set directory or file read-only. File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
 .br
 .br
@@ -1526,7 +1527,8 @@ $ firejail --whitelist=~/work --read-only=~ --read-only=~/work
 .TP
 \fB\-\-read-write=dirname_or_filename
 Set directory or file read-write. Only files or directories belonging to the current user are allowed for
-this operation. Example:
+this operation. File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
+Example:
 .br
 .br
@@ -1833,6 +1835,7 @@ $ firejail \-\-shutdown=3272
 .TP
 \fB\-\-tmpfs=dirname
 Mount a tmpfs filesystem on directory dirname. This option is available only when running the sandbox as root.
+File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
 .br
 .br
@@ -2234,6 +2237,40 @@ $ firejail --tree
 We provide a tool that automates all this integration, please see \fBman 1 firecfg\fR for more details.
+.SH FILE GLOBBING
+.TP
+Globbing is the operation that expands a wildcard pattern into the list of pathnames matching the pattern. Matching is defined by:
+.br
+.br
+- '?' matches any character
+.br
+- '*' matches any string
+.br
+- '[' denotes a range of characters
+.br
+.TP
+The gobing feature is implemented using glibc glob command. For more information on the wildcard syntax see man 7 glob.
+.br
+.br
+.TP
+The following command line options are supported: \-\-blacklist, \-\-private-bin, \-\-noexec, \-\-read-only, \-\-read-write, and \-\-tmpfs.
+.br
+.br
+.TP
+Examples:
+.br
+.br
+$ firejail --private-bin=sh,bash,python*
+.br
+$ firejail --blacklist=~/dir[1234]
+.br
+$ firejail --read-only=~/dir[1-4]
+.br
 .SH APPARMOR
 .TP
 AppArmor support is disabled by default at compile time. Use --enable-apparmor configuration option to enable it:
author	startx2017 <vradu.startx@yandex.com>	2017-10-15 08:44:34 -0400
committer	startx2017 <vradu.startx@yandex.com>	2017-10-15 08:44:34 -0400
commit	a780fd7eb021385eb404983b036d9190fd4c7e81 (patch)
tree	9c9b18a6bf2b8e9ceafadbe2de6a9dda52547941
parent	Merge pull request #1604 from gosre/master (diff)
download	firejail-a780fd7eb021385eb404983b036d9190fd4c7e81.tar.gz firejail-a780fd7eb021385eb404983b036d9190fd4c7e81.tar.zst firejail-a780fd7eb021385eb404983b036d9190fd4c7e81.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 20f2b7f8c..54a332e7f 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -140,7 +140,7 @@ Example:
140	# firejail \-\-bind=/config/etc/passwd,/etc/passwd	140	# firejail \-\-bind=/config/etc/passwd,/etc/passwd
141	.TP	141	.TP
142	\fB\-\-blacklist=dirname_or_filename	142	\fB\-\-blacklist=dirname_or_filename
143	Blacklist directory or file.	143	Blacklist directory or file. File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
144	.br	144	.br
145		145
146	.br	146	.br
@@ -1009,7 +1009,7 @@ Example:
1009	$ firejail \-\-nodvd	1009	$ firejail \-\-nodvd
1010	.TP	1010	.TP
1011	\fB\-\-noexec=dirname_or_filename	1011	\fB\-\-noexec=dirname_or_filename
1012	Remount directory or file noexec, nodev and nosuid.	1012	Remount directory or file noexec, nodev and nosuid. File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
1013	.br	1013	.br
1014		1014
1015	.br	1015	.br
@@ -1275,7 +1275,8 @@ $ firejail \-\-private-home=.mozilla firefox
1275	Build a new /bin in a temporary filesystem, and copy the programs in the list.	1275	Build a new /bin in a temporary filesystem, and copy the programs in the list.
1276	If no listed file is found, /bin directory will be empty.	1276	If no listed file is found, /bin directory will be empty.
1277	The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin.	1277	The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin.
1278	All modifications are discarded when the sandbox is closed.	1278	All modifications are discarded when the sandbox is closed. File globbing is supported,
		1279	see \fBFILE GLOBBING\fR section for more details.
1279	.br	1280	.br
1280		1281
1281	.br	1282	.br
@@ -1505,7 +1506,7 @@ Put a file in sandbox container, see \fBFILE TRANSFER\fR section for more detail
1505	Turn off Firejail's output.	1506	Turn off Firejail's output.
1506	.TP	1507	.TP
1507	\fB\-\-read-only=dirname_or_filename	1508	\fB\-\-read-only=dirname_or_filename
1508	Set directory or file read-only.	1509	Set directory or file read-only. File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
1509	.br	1510	.br
1510		1511
1511	.br	1512	.br
@@ -1526,7 +1527,8 @@ $ firejail --whitelist=~/work --read-only=~ --read-only=~/work
1526	.TP	1527	.TP
1527	\fB\-\-read-write=dirname_or_filename	1528	\fB\-\-read-write=dirname_or_filename
1528	Set directory or file read-write. Only files or directories belonging to the current user are allowed for	1529	Set directory or file read-write. Only files or directories belonging to the current user are allowed for
1529	this operation. Example:	1530	this operation. File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
		1531	Example:
1530	.br	1532	.br
1531		1533
1532	.br	1534	.br
@@ -1833,6 +1835,7 @@ $ firejail \-\-shutdown=3272
1833	.TP	1835	.TP
1834	\fB\-\-tmpfs=dirname	1836	\fB\-\-tmpfs=dirname
1835	Mount a tmpfs filesystem on directory dirname. This option is available only when running the sandbox as root.	1837	Mount a tmpfs filesystem on directory dirname. This option is available only when running the sandbox as root.
		1838	File globbing is supported, see \fBFILE GLOBBING\fR section for more details.
1836	.br	1839	.br
1837		1840
1838	.br	1841	.br
@@ -2234,6 +2237,40 @@ $ firejail --tree
2234		2237
2235	We provide a tool that automates all this integration, please see \fBman 1 firecfg\fR for more details.	2238	We provide a tool that automates all this integration, please see \fBman 1 firecfg\fR for more details.
2236		2239
		2240	.SH FILE GLOBBING
		2241	.TP
		2242	Globbing is the operation that expands a wildcard pattern into the list of pathnames matching the pattern. Matching is defined by:
		2243	.br
		2244
		2245	.br
		2246	- '?' matches any character
		2247	.br
		2248	- '*' matches any string
		2249	.br
		2250	- '[' denotes a range of characters
		2251	.br
		2252	.TP
		2253	The gobing feature is implemented using glibc glob command. For more information on the wildcard syntax see man 7 glob.
		2254	.br
		2255
		2256	.br
		2257	.TP
		2258	The following command line options are supported: \-\-blacklist, \-\-private-bin, \-\-noexec, \-\-read-only, \-\-read-write, and \-\-tmpfs.
		2259	.br
		2260
		2261	.br
		2262	.TP
		2263	Examples:
		2264	.br
		2265
		2266	.br
		2267	$ firejail --private-bin=sh,bash,python*
		2268	.br
		2269	$ firejail --blacklist=~/dir[1234]
		2270	.br
		2271	$ firejail --read-only=~/dir[1-4]
		2272	.br
		2273
2237	.SH APPARMOR	2274	.SH APPARMOR
2238	.TP	2275	.TP
2239	AppArmor support is disabled by default at compile time. Use --enable-apparmor configuration option to enable it:	2276	AppArmor support is disabled by default at compile time. Use --enable-apparmor configuration option to enable it: