nodbus man pages, etc.

4 files changed, 30 insertions, 4 deletions

diff --git a/README.md b/README.md
index 7895bab4f..84e04f4c5 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,19 @@ Configuration options:
    Gcov instrumentation:
    Install contrib scripts: yes
 `````
+This feature is also supported for LLVM/clang compiler
+
+## New command line options
+`````
+       --nodbus
+              Disable D-Bus access. Only the regular UNIX socket is handled by
+              this command. To disable the abstract socket you would  need  to
+              request  a  new  network  namespace using --net command. Another
+              option is to remove unix from --protocol set.
+
+              Example:
+              $ firejail --nodbus --net=none
+`````
 
 ## AppImage development
 
diff --git a/RELNOTES b/RELNOTES
index ace9ec06e..91fb87b15 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -9,11 +9,11 @@ firejail (0.9.53) baseline; urgency=low
      All users of Firefox-based browsers who use addons and plugins
      that read/write from ${HOME} will need to uncomment the includes for
      firefox-common-addons.inc in firefox-common.profile.
-  * Spectre mitigation patch for gcc compiler
+  * Spectre mitigation patch for gcc and clang compiler
+  * D-Bus handling (--nodbus)
   * AppArmor support for overlayfs and chroot sandboxes
   * AppArmor support for AppImages
-  * Enable AppArmor by default for Firefox, Chromium, Transmission
-     VLC and mpv
+  * Enable AppArmor by default for a large number of programs
   * firejail --apparmor.print option
   * firemon --apparmor option
   * apparmor yes/no flag in /etc/firejail/firejail.config
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 15b548d20..d0292f524 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -132,7 +132,9 @@ void usage(void) {
 #endif
         printf("    --nice=value - set nice value.\n");
         printf("    --no3d - disable 3D hardware acceleration.\n");
-        printf("    --noblacklist=filename - disable blacklist for file or directory .\n");
+        printf("    --noblacklist=filename - disable blacklist for file or directory.\n");
+        printf("    --nodbus - disable D-Bus access.\n");
+        printf("    --nodvd - disable DVD and audio CD devices.\n");
         printf("    --noexec=filename - remount the file or directory noexec nosuid and nodev.\n");
         printf("    --nogroups - disable supplementary groups.\n");
         printf("    --nonewprivs - sets the NO_NEW_PRIVS prctl.\n");
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 34e4102f6..f080c8c7b 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1064,6 +1064,17 @@ $ nc dict.org 2628
 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64
 .br
 .TP
+\fB\-\-nodbus
+Disable D-Bus access. Only the regular UNIX socket is handled by this command. To
+disable the abstract socket you would need to request a new network namespace using
+\-\-net command. Another option is to remove unix from \-\-protocol set.
+.br
+
+.br
+Example:
+.br
+$ firejail \-\-nodbus \-\-net=none
+.TP
 \fB\-\-nodvd
 Disable DVD and audio CD devices.
 .br