diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-25 12:04:59 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-25 12:04:59 -0400 |
commit | c10766c01947793679462beb998ccde6e37107b7 (patch) | |
tree | bddbfdd9bcfbe7ad4254c699d09dc16d7e1d5f6c | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-c10766c01947793679462beb998ccde6e37107b7.tar.gz firejail-c10766c01947793679462beb998ccde6e37107b7.tar.zst firejail-c10766c01947793679462beb998ccde6e37107b7.zip |
allusers support in profile files
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 18 | ||||
-rw-r--r-- | RELNOTES | 5 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 4 |
5 files changed, 30 insertions, 2 deletions
@@ -44,6 +44,7 @@ Aleksey Manevich (https://github.com/manevich) | |||
44 | - read_pid fix | 44 | - read_pid fix |
45 | - added --x11=block options | 45 | - added --x11=block options |
46 | - x11 xpra, xphyr, block profile commands | 46 | - x11 xpra, xphyr, block profile commands |
47 | - added --join-or-start command | ||
47 | Fred-Barclay (https://github.com/Fred-Barclay) | 48 | Fred-Barclay (https://github.com/Fred-Barclay) |
48 | - added Vivaldi, Atril profiles | 49 | - added Vivaldi, Atril profiles |
49 | - added PaleMoon profile | 50 | - added PaleMoon profile |
@@ -43,8 +43,24 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ | |||
43 | specified in ${XAUTHORITY} enviroment variable. Remove DISPLAY and | 43 | specified in ${XAUTHORITY} enviroment variable. Remove DISPLAY and |
44 | XAUTHORITY enviroment variables. Stop with error message if X11 | 44 | XAUTHORITY enviroment variables. Stop with error message if X11 |
45 | abstract socket will be accessible in jail. | 45 | abstract socket will be accessible in jail. |
46 | |||
47 | --put=name|pid src-filename dest-filename | ||
48 | Put src-filename in sandbox container. The container is specified by name or PID. | ||
49 | |||
50 | --allusers | ||
51 | All user home directories are visible inside the sandbox. By default, only current user home | ||
52 | directory is visible. | ||
53 | |||
54 | Example: | ||
55 | $ firejail --allusers | ||
56 | |||
57 | --join-or-start=name | ||
58 | Join the sandbox identified by name or start a new one. Same as "firejail --join=name" if | ||
59 | sandbox with specified name exists, otherwise same as "firejail --name=name ..." | ||
60 | Note that in contrary to other join options there is respective profile option. | ||
61 | |||
46 | ````` | 62 | ````` |
47 | 63 | ||
48 | ## New profile commands | 64 | ## New profile commands |
49 | 65 | ||
50 | x11 xpra, x11 xephyr, x11 block \ No newline at end of file | 66 | x11 xpra, x11 xephyr, x11 block, allusers, join-or-start |
@@ -3,9 +3,12 @@ firejail (0.9.43) baseline; urgency=low | |||
3 | * modifs: removed man firejail-config | 3 | * modifs: removed man firejail-config |
4 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory | 4 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory |
5 | * modifs: Nvidia drivers added to --privte-dev | 5 | * modifs: Nvidia drivers added to --privte-dev |
6 | * feature: support starting/joining sandbox is a single command | ||
7 | (--join-or-start) | ||
8 | * feature: all user home directories are visible (--allusers) | ||
6 | * feature: add files to sandbox container (--put) | 9 | * feature: add files to sandbox container (--put) |
7 | * feature: blocking x11 (--x11=block) | 10 | * feature: blocking x11 (--x11=block) |
8 | * feature: x11 xpra, x11 xephyr, x11 block profile commands | 11 | * feature: x11 xpra, x11 xephyr, x11 block, allusers profile commands |
9 | * bugfixes | 12 | * bugfixes |
10 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 | 13 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 |
11 | 14 | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 73b655379..33029a86b 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -181,6 +181,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
181 | #endif | 181 | #endif |
182 | return 0; | 182 | return 0; |
183 | } | 183 | } |
184 | else if (strcmp(ptr, "allusers") == 0) { | ||
185 | arg_allusers = 1; | ||
186 | return 0; | ||
187 | } | ||
184 | else if (strcmp(ptr, "private-dev") == 0) { | 188 | else if (strcmp(ptr, "private-dev") == 0) { |
185 | arg_private_dev = 1; | 189 | arg_private_dev = 1; |
186 | return 0; | 190 | return 0; |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 68420ae9d..3e415c2cc 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -322,6 +322,10 @@ The sandbox is placed in g1 control group. | |||
322 | 322 | ||
323 | .SH User Environment | 323 | .SH User Environment |
324 | .TP | 324 | .TP |
325 | \fBallusers | ||
326 | All user home directories are visible inside the sandbox. By default, only current user home directory is visible. | ||
327 | |||
328 | .TP | ||
325 | \fBname sandboxname | 329 | \fBname sandboxname |
326 | Set sandbox name. Example: | 330 | Set sandbox name. Example: |
327 | .br | 331 | .br |