diff options
author | Jeff Squyres <jsquyres@cisco.com> | 2021-04-15 11:25:08 -0700 |
---|---|---|
committer | Jeff Squyres <jsquyres@cisco.com> | 2021-04-20 09:41:26 -0700 |
commit | 9e95a38fe1e96a5d4b9f2e79e65a689655f255b9 (patch) | |
tree | af0785bdec7c40dcd15edd7eeb70a00e38cc97ed | |
parent | profile fixes (diff) | |
download | firejail-9e95a38fe1e96a5d4b9f2e79e65a689655f255b9.tar.gz firejail-9e95a38fe1e96a5d4b9f2e79e65a689655f255b9.tar.zst firejail-9e95a38fe1e96a5d4b9f2e79e65a689655f255b9.zip |
man: corrections regarding --private-FOO options
Commit 0.9.60-1070-g40d3604f updated the man pages with respect to
--private-opt, --private-etc, and --private-srv. It was made after
testing firejail 0.9.52 (from Ubuntu 18.04). However, it
unfortunately did not accurately reflect the the behavior of the
current HEAD at the time, because commit 0.9.56-rc1-14-ga9242301 had
previously slightly changed the behavior of these three options (after
0.9.52), and was released in 0.9.56. The man pages changes made in
commit 40d3604f were therefore not entirely correct.
This commit updates the man pages to describe the behavior as
implemented in a9242301 (and is still the behavior as of the current
HEAD: 0.9.64-737-g937815ba).
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
-rw-r--r-- | src/man/firejail-profile.txt | 12 | ||||
-rw-r--r-- | src/man/firejail.txt | 14 |
2 files changed, 19 insertions, 7 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index ee685da73..2bb57cee2 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -295,7 +295,9 @@ Use the options no3d, nodvd, nosound, notv, nou2f and novideo for additional res | |||
295 | Build a new /etc in a temporary | 295 | Build a new /etc in a temporary |
296 | filesystem, and copy the files and directories in the list. | 296 | filesystem, and copy the files and directories in the list. |
297 | The files and directories in the list must be expressed as relative to | 297 | The files and directories in the list must be expressed as relative to |
298 | the /etc directory. | 298 | the /etc directory, and must not contain the / character |
299 | (e.g., /etc/foo must be expressed as foo, but /etc/foo/bar -- | ||
300 | expressed as foo/bar -- is disallowed). | ||
299 | All modifications are discarded when the sandbox is closed. | 301 | All modifications are discarded when the sandbox is closed. |
300 | #ifdef HAVE_PRIVATE_HOME | 302 | #ifdef HAVE_PRIVATE_HOME |
301 | .TP | 303 | .TP |
@@ -319,14 +321,18 @@ This feature is still under development, see \fBman 1 firejail\fR for some examp | |||
319 | Build a new /opt in a temporary | 321 | Build a new /opt in a temporary |
320 | filesystem, and copy the files and directories in the list. | 322 | filesystem, and copy the files and directories in the list. |
321 | The files and directories in the list must be expressed as relative to | 323 | The files and directories in the list must be expressed as relative to |
322 | the /opt directory. | 324 | the /opt directory, and must not contain the / character |
325 | (e.g., /opt/foo must be expressed as foo, but /opt/foo/bar -- | ||
326 | expressed as foo/bar -- is disallowed). | ||
323 | All modifications are discarded when the sandbox is closed. | 327 | All modifications are discarded when the sandbox is closed. |
324 | .TP | 328 | .TP |
325 | \fBprivate-srv file,directory | 329 | \fBprivate-srv file,directory |
326 | Build a new /srv in a temporary | 330 | Build a new /srv in a temporary |
327 | filesystem, and copy the files and directories in the list. | 331 | filesystem, and copy the files and directories in the list. |
328 | The files and directories in the list must be expressed as relative to | 332 | The files and directories in the list must be expressed as relative to |
329 | the /srv directory. | 333 | the /srv directory, and must not contain the / character |
334 | (e.g., /srv/foo must be expressed as foo, but /srv/foo/bar -- | ||
335 | expressed as foo/bar -- is disallowed). | ||
330 | All modifications are discarded when the sandbox is closed. | 336 | All modifications are discarded when the sandbox is closed. |
331 | .TP | 337 | .TP |
332 | \fBprivate-tmp | 338 | \fBprivate-tmp |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f27379a2d..1ee7ab1f1 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1883,7 +1883,9 @@ $ | |||
1883 | Build a new /etc in a temporary | 1883 | Build a new /etc in a temporary |
1884 | filesystem, and copy the files and directories in the list. | 1884 | filesystem, and copy the files and directories in the list. |
1885 | The files and directories in the list must be expressed as relative to | 1885 | The files and directories in the list must be expressed as relative to |
1886 | the /etc directory. | 1886 | the /etc directory, and must not contain the / character |
1887 | (e.g., /etc/foo must be expressed as foo, but /etc/foo/bar -- | ||
1888 | expressed as foo/bar -- is disallowed). | ||
1887 | If no listed file is found, /etc directory will be empty. | 1889 | If no listed file is found, /etc directory will be empty. |
1888 | All modifications are discarded when the sandbox is closed. | 1890 | All modifications are discarded when the sandbox is closed. |
1889 | .br | 1891 | .br |
@@ -1893,7 +1895,7 @@ Example: | |||
1893 | .br | 1895 | .br |
1894 | $ firejail --private-etc=group,hostname,localtime, \\ | 1896 | $ firejail --private-etc=group,hostname,localtime, \\ |
1895 | .br | 1897 | .br |
1896 | nsswitch.conf,passwd,resolv.conf,default/motd-news | 1898 | nsswitch.conf,passwd,resolv.conf |
1897 | #ifdef HAVE_PRIVATE_HOME | 1899 | #ifdef HAVE_PRIVATE_HOME |
1898 | .TP | 1900 | .TP |
1899 | \fB\-\-private-home=file,directory | 1901 | \fB\-\-private-home=file,directory |
@@ -1968,7 +1970,9 @@ $ | |||
1968 | Build a new /opt in a temporary | 1970 | Build a new /opt in a temporary |
1969 | filesystem, and copy the files and directories in the list. | 1971 | filesystem, and copy the files and directories in the list. |
1970 | The files and directories in the list must be expressed as relative to | 1972 | The files and directories in the list must be expressed as relative to |
1971 | the /opt directory. | 1973 | the /opt directory, and must not contain the / character |
1974 | (e.g., /opt/foo must be expressed as foo, but /opt/foo/bar -- | ||
1975 | expressed as foo/bar -- is disallowed). | ||
1972 | If no listed file is found, /opt directory will be empty. | 1976 | If no listed file is found, /opt directory will be empty. |
1973 | All modifications are discarded when the sandbox is closed. | 1977 | All modifications are discarded when the sandbox is closed. |
1974 | .br | 1978 | .br |
@@ -1983,7 +1987,9 @@ $ firejail --private-opt=firefox /opt/firefox/firefox | |||
1983 | Build a new /srv in a temporary | 1987 | Build a new /srv in a temporary |
1984 | filesystem, and copy the files and directories in the list. | 1988 | filesystem, and copy the files and directories in the list. |
1985 | The files and directories in the list must be expressed as relative to | 1989 | The files and directories in the list must be expressed as relative to |
1986 | the /srv directory. | 1990 | the /srv directory, and must not contain the / character |
1991 | (e.g., /opt/srv must be expressed as foo, but /srv/foo/bar -- | ||
1992 | expressed as srv/bar -- is disallowed). | ||
1987 | If no listed file is found, /srv directory will be empty. | 1993 | If no listed file is found, /srv directory will be empty. |
1988 | All modifications are discarded when the sandbox is closed. | 1994 | All modifications are discarded when the sandbox is closed. |
1989 | .br | 1995 | .br |