diff options
author | netblue30 <netblue30@yahoo.com> | 2018-03-30 09:41:58 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-03-30 09:41:58 -0400 |
commit | 0e13afc1fa49cd32cea457cfbd06aadb8f524ec8 (patch) | |
tree | dd1e3825c28784c562908ca673425ae618f9d42e | |
parent | enable/disable dbus handling in /etc/firejail/firejail.config (diff) | |
download | firejail-0e13afc1fa49cd32cea457cfbd06aadb8f524ec8.tar.gz firejail-0e13afc1fa49cd32cea457cfbd06aadb8f524ec8.tar.zst firejail-0e13afc1fa49cd32cea457cfbd06aadb8f524ec8.zip |
nodbus man pages, etc.
-rw-r--r-- | README.md | 13 | ||||
-rw-r--r-- | RELNOTES | 6 | ||||
-rw-r--r-- | src/firejail/usage.c | 4 | ||||
-rw-r--r-- | src/man/firejail.txt | 11 |
4 files changed, 30 insertions, 4 deletions
@@ -143,6 +143,19 @@ Configuration options: | |||
143 | Gcov instrumentation: | 143 | Gcov instrumentation: |
144 | Install contrib scripts: yes | 144 | Install contrib scripts: yes |
145 | ````` | 145 | ````` |
146 | This feature is also supported for LLVM/clang compiler | ||
147 | |||
148 | ## New command line options | ||
149 | ````` | ||
150 | --nodbus | ||
151 | Disable D-Bus access. Only the regular UNIX socket is handled by | ||
152 | this command. To disable the abstract socket you would need to | ||
153 | request a new network namespace using --net command. Another | ||
154 | option is to remove unix from --protocol set. | ||
155 | |||
156 | Example: | ||
157 | $ firejail --nodbus --net=none | ||
158 | ````` | ||
146 | 159 | ||
147 | ## AppImage development | 160 | ## AppImage development |
148 | 161 | ||
@@ -9,11 +9,11 @@ firejail (0.9.53) baseline; urgency=low | |||
9 | All users of Firefox-based browsers who use addons and plugins | 9 | All users of Firefox-based browsers who use addons and plugins |
10 | that read/write from ${HOME} will need to uncomment the includes for | 10 | that read/write from ${HOME} will need to uncomment the includes for |
11 | firefox-common-addons.inc in firefox-common.profile. | 11 | firefox-common-addons.inc in firefox-common.profile. |
12 | * Spectre mitigation patch for gcc compiler | 12 | * Spectre mitigation patch for gcc and clang compiler |
13 | * D-Bus handling (--nodbus) | ||
13 | * AppArmor support for overlayfs and chroot sandboxes | 14 | * AppArmor support for overlayfs and chroot sandboxes |
14 | * AppArmor support for AppImages | 15 | * AppArmor support for AppImages |
15 | * Enable AppArmor by default for Firefox, Chromium, Transmission | 16 | * Enable AppArmor by default for a large number of programs |
16 | VLC and mpv | ||
17 | * firejail --apparmor.print option | 17 | * firejail --apparmor.print option |
18 | * firemon --apparmor option | 18 | * firemon --apparmor option |
19 | * apparmor yes/no flag in /etc/firejail/firejail.config | 19 | * apparmor yes/no flag in /etc/firejail/firejail.config |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 15b548d20..d0292f524 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -132,7 +132,9 @@ void usage(void) { | |||
132 | #endif | 132 | #endif |
133 | printf(" --nice=value - set nice value.\n"); | 133 | printf(" --nice=value - set nice value.\n"); |
134 | printf(" --no3d - disable 3D hardware acceleration.\n"); | 134 | printf(" --no3d - disable 3D hardware acceleration.\n"); |
135 | printf(" --noblacklist=filename - disable blacklist for file or directory .\n"); | 135 | printf(" --noblacklist=filename - disable blacklist for file or directory.\n"); |
136 | printf(" --nodbus - disable D-Bus access.\n"); | ||
137 | printf(" --nodvd - disable DVD and audio CD devices.\n"); | ||
136 | printf(" --noexec=filename - remount the file or directory noexec nosuid and nodev.\n"); | 138 | printf(" --noexec=filename - remount the file or directory noexec nosuid and nodev.\n"); |
137 | printf(" --nogroups - disable supplementary groups.\n"); | 139 | printf(" --nogroups - disable supplementary groups.\n"); |
138 | printf(" --nonewprivs - sets the NO_NEW_PRIVS prctl.\n"); | 140 | printf(" --nonewprivs - sets the NO_NEW_PRIVS prctl.\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 34e4102f6..f080c8c7b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1064,6 +1064,17 @@ $ nc dict.org 2628 | |||
1064 | 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64 | 1064 | 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64 |
1065 | .br | 1065 | .br |
1066 | .TP | 1066 | .TP |
1067 | \fB\-\-nodbus | ||
1068 | Disable D-Bus access. Only the regular UNIX socket is handled by this command. To | ||
1069 | disable the abstract socket you would need to request a new network namespace using | ||
1070 | \-\-net command. Another option is to remove unix from \-\-protocol set. | ||
1071 | .br | ||
1072 | |||
1073 | .br | ||
1074 | Example: | ||
1075 | .br | ||
1076 | $ firejail \-\-nodbus \-\-net=none | ||
1077 | .TP | ||
1067 | \fB\-\-nodvd | 1078 | \fB\-\-nodvd |
1068 | Disable DVD and audio CD devices. | 1079 | Disable DVD and audio CD devices. |
1069 | .br | 1080 | .br |