diff options
author | startx2017 <vradu.startx@yandex.com> | 2020-09-30 09:01:36 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2020-09-30 09:01:36 -0400 |
commit | 2e914f0940a025d971c484a9158c1eaeca9c6015 (patch) | |
tree | 0355492989d2e868db6d56a7027b62520862827b | |
parent | manpages: configuration for dbus (diff) | |
download | firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.tar.gz firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.tar.zst firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.zip |
manpages: network configuration
-rw-r--r-- | src/firemon/firemon.c | 5 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 6 | ||||
-rw-r--r-- | src/man/firejail.txt | 55 | ||||
-rw-r--r-- | src/man/firemon.txt | 6 |
4 files changed, 46 insertions, 26 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 7468e3240..238fbcdfe 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -159,6 +159,7 @@ int main(int argc, char **argv) { | |||
159 | arg_list = 1; | 159 | arg_list = 1; |
160 | else if (strcmp(argv[i], "--tree") == 0) | 160 | else if (strcmp(argv[i], "--tree") == 0) |
161 | arg_tree = 1; | 161 | arg_tree = 1; |
162 | #ifdef HAVE_NETWORK | ||
162 | else if (strcmp(argv[i], "--netstats") == 0) { | 163 | else if (strcmp(argv[i], "--netstats") == 0) { |
163 | struct stat s; | 164 | struct stat s; |
164 | if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { | 165 | if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { |
@@ -167,7 +168,7 @@ int main(int argc, char **argv) { | |||
167 | } | 168 | } |
168 | arg_netstats = 1; | 169 | arg_netstats = 1; |
169 | } | 170 | } |
170 | 171 | #endif | |
171 | 172 | ||
172 | // cumulative options with or without a pid argument | 173 | // cumulative options with or without a pid argument |
173 | else if (strcmp(argv[i], "--x11") == 0) | 174 | else if (strcmp(argv[i], "--x11") == 0) |
@@ -187,10 +188,12 @@ int main(int argc, char **argv) { | |||
187 | } | 188 | } |
188 | arg_interface = 1; | 189 | arg_interface = 1; |
189 | } | 190 | } |
191 | #ifdef HAVE_NETWORK | ||
190 | else if (strcmp(argv[i], "--route") == 0) | 192 | else if (strcmp(argv[i], "--route") == 0) |
191 | arg_route = 1; | 193 | arg_route = 1; |
192 | else if (strcmp(argv[i], "--arp") == 0) | 194 | else if (strcmp(argv[i], "--arp") == 0) |
193 | arg_arp = 1; | 195 | arg_arp = 1; |
196 | #endif | ||
194 | else if (strcmp(argv[i], "--apparmor") == 0) | 197 | else if (strcmp(argv[i], "--apparmor") == 0) |
195 | arg_apparmor = 1; | 198 | arg_apparmor = 1; |
196 | 199 | ||
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index de34d5076..c0ced120e 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -150,9 +150,10 @@ Example: "nowhitelist ~/.config" | |||
150 | Ignore command. | 150 | Ignore command. |
151 | 151 | ||
152 | Example: "ignore seccomp" | 152 | Example: "ignore seccomp" |
153 | #ifdef HAVE_NETWORK | ||
153 | .br | 154 | .br |
154 | Example: "ignore net eth0" | 155 | Example: "ignore net eth0" |
155 | 156 | #endif | |
156 | .TP | 157 | .TP |
157 | \fBquiet | 158 | \fBquiet |
158 | Disable Firejail's output. This should be the first uncommented command in the profile file. | 159 | Disable Firejail's output. This should be the first uncommented command in the profile file. |
@@ -671,6 +672,7 @@ Disable video devices. | |||
671 | Run the program directly, without a shell. | 672 | Run the program directly, without a shell. |
672 | 673 | ||
673 | 674 | ||
675 | #ifdef HAVE_NETWORK | ||
674 | .SH Networking | 676 | .SH Networking |
675 | Networking features available in profile files. | 677 | Networking features available in profile files. |
676 | 678 | ||
@@ -863,7 +865,7 @@ a default gateway address also have to be added. | |||
863 | \fBveth-name name | 865 | \fBveth-name name |
864 | Use this name for the interface connected to the bridge for --net=bridge_interface commands, | 866 | Use this name for the interface connected to the bridge for --net=bridge_interface commands, |
865 | instead of the default one. | 867 | instead of the default one. |
866 | 868 | #endif | |
867 | .SH Other | 869 | .SH Other |
868 | .TP | 870 | .TP |
869 | \fBdeterministic-exit-code | 871 | \fBdeterministic-exit-code |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e1d55258c..1e355de8a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -20,12 +20,14 @@ File transfer from an existing sandbox | |||
20 | firejail {\-\-ls | \-\-get | \-\-put} dir_or_filename | 20 | firejail {\-\-ls | \-\-get | \-\-put} dir_or_filename |
21 | .RE | 21 | .RE |
22 | .PP | 22 | .PP |
23 | #ifdef HAVE_NETWORK | ||
23 | Network traffic shaping for an existing sandbox: | 24 | Network traffic shaping for an existing sandbox: |
24 | .PP | 25 | .PP |
25 | .RS | 26 | .RS |
26 | firejail \-\-bandwidth={name|pid} bandwidth-command | 27 | firejail \-\-bandwidth={name|pid} bandwidth-command |
27 | .RE | 28 | .RE |
28 | .PP | 29 | .PP |
30 | #endif | ||
29 | Monitoring: | 31 | Monitoring: |
30 | .PP | 32 | .PP |
31 | .RS | 33 | .RS |
@@ -647,7 +649,7 @@ Debug whitelisting. | |||
647 | Example: | 649 | Example: |
648 | .br | 650 | .br |
649 | $ firejail \-\-debug-whitelists firefox | 651 | $ firejail \-\-debug-whitelists firefox |
650 | 652 | #ifdef HAVE_NETWORK | |
651 | .TP | 653 | .TP |
652 | \fB\-\-defaultgw=address | 654 | \fB\-\-defaultgw=address |
653 | Use this address as default gateway in the new network namespace. | 655 | Use this address as default gateway in the new network namespace. |
@@ -657,7 +659,7 @@ Use this address as default gateway in the new network namespace. | |||
657 | Example: | 659 | Example: |
658 | .br | 660 | .br |
659 | $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox | 661 | $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox |
660 | 662 | #endif | |
661 | .TP | 663 | .TP |
662 | \fB\-\-disable-mnt | 664 | \fB\-\-disable-mnt |
663 | Blacklist /mnt, /media, /run/mount and /run/media access. | 665 | Blacklist /mnt, /media, /run/mount and /run/media access. |
@@ -778,8 +780,12 @@ Ignore command in profile file. | |||
778 | Example: | 780 | Example: |
779 | .br | 781 | .br |
780 | $ firejail \-\-ignore=shell --ignore=seccomp firefox | 782 | $ firejail \-\-ignore=shell --ignore=seccomp firefox |
783 | #ifdef HAVE_NETWORK | ||
781 | .br | 784 | .br |
782 | $ firejail \-\-ignore="net eth0" firefox | 785 | $ firejail \-\-ignore="net eth0" firefox |
786 | #endif | ||
787 | |||
788 | #ifdef HAVE_NETWORK | ||
783 | .TP | 789 | .TP |
784 | \fB\-\-interface=interface | 790 | \fB\-\-interface=interface |
785 | Move interface in a new network namespace. Up to four --interface options can be specified. | 791 | Move interface in a new network namespace. Up to four --interface options can be specified. |
@@ -901,6 +907,7 @@ for sandboxes started as root. | |||
901 | Example: | 907 | Example: |
902 | .br | 908 | .br |
903 | $ firejail \-\-ipc-namespace firefox | 909 | $ firejail \-\-ipc-namespace firefox |
910 | #endif | ||
904 | .TP | 911 | .TP |
905 | \fB\-\-join=name|pid | 912 | \fB\-\-join=name|pid |
906 | Join the sandbox identified by name or by PID. By default a /bin/bash shell is started after joining the sandbox. | 913 | Join the sandbox identified by name or by PID. By default a /bin/bash shell is started after joining the sandbox. |
@@ -932,7 +939,7 @@ $ firejail \-\-join=3272 | |||
932 | Join the mount namespace of the sandbox identified by name or PID. By default a /bin/bash shell is started after joining the sandbox. | 939 | Join the mount namespace of the sandbox identified by name or PID. By default a /bin/bash shell is started after joining the sandbox. |
933 | If a program is specified, the program is run in the sandbox. This command is available only to root user. | 940 | If a program is specified, the program is run in the sandbox. This command is available only to root user. |
934 | Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. | 941 | Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. |
935 | 942 | #ifdef HAVE_NETWORK | |
936 | .TP | 943 | .TP |
937 | \fB\-\-join-network=name|pid | 944 | \fB\-\-join-network=name|pid |
938 | Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. | 945 | Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. |
@@ -988,7 +995,7 @@ Switching to pid 1932, the first child process inside the sandbox | |||
988 | inet6 fe80::7458:14ff:fe42:78e4/64 scope link | 995 | inet6 fe80::7458:14ff:fe42:78e4/64 scope link |
989 | .br | 996 | .br |
990 | valid_lft forever preferred_lft forever | 997 | valid_lft forever preferred_lft forever |
991 | 998 | #endif | |
992 | .TP | 999 | .TP |
993 | \fB\-\-join-or-start=name | 1000 | \fB\-\-join-or-start=name |
994 | Join the sandbox identified by name or start a new one. | 1001 | Join the sandbox identified by name or start a new one. |
@@ -1027,17 +1034,19 @@ Example: | |||
1027 | $ firejail \-\-list | 1034 | $ firejail \-\-list |
1028 | .br | 1035 | .br |
1029 | 7015:netblue:browser:firejail firefox | 1036 | 7015:netblue:browser:firejail firefox |
1037 | #ifdef HAVE_NETWORK | ||
1030 | .br | 1038 | .br |
1031 | 7056:netblue:torrent:firejail \-\-net=eth0 transmission-gtk | 1039 | 7056:netblue:torrent:firejail \-\-net=eth0 transmission-gtk |
1032 | .br | 1040 | #endif |
1033 | #ifdef HAVE_USERNS | 1041 | #ifdef HAVE_USERNS |
1042 | .br | ||
1034 | 7064:netblue::firejail \-\-noroot xterm | 1043 | 7064:netblue::firejail \-\-noroot xterm |
1035 | .br | 1044 | .br |
1036 | #endif | 1045 | #endif |
1037 | .TP | 1046 | .TP |
1038 | \fB\-\-ls=name|pid dir_or_filename | 1047 | \fB\-\-ls=name|pid dir_or_filename |
1039 | List files in sandbox container, see \fBFILE TRANSFER\fR section for more details. | 1048 | List files in sandbox container, see \fBFILE TRANSFER\fR section for more details. |
1040 | 1049 | #ifdef HAVE_NETWORK | |
1041 | .TP | 1050 | .TP |
1042 | \fB\-\-mac=address | 1051 | \fB\-\-mac=address |
1043 | Assign MAC addresses to the last network interface defined by a \-\-net option. This option | 1052 | Assign MAC addresses to the last network interface defined by a \-\-net option. This option |
@@ -1048,7 +1057,7 @@ is not supported for wireless interfaces. | |||
1048 | Example: | 1057 | Example: |
1049 | .br | 1058 | .br |
1050 | $ firejail \-\-net=eth0 \-\-mac=00:11:22:33:44:55 firefox | 1059 | $ firejail \-\-net=eth0 \-\-mac=00:11:22:33:44:55 firefox |
1051 | 1060 | #endif | |
1052 | .TP | 1061 | .TP |
1053 | \fB\-\-machine-id | 1062 | \fB\-\-machine-id |
1054 | Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox. | 1063 | Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox. |
@@ -1074,7 +1083,7 @@ kills it or log the attempt, see \-\-seccomp-error-action below) if necessary. | |||
1074 | Note: shmat is not implemented | 1083 | Note: shmat is not implemented |
1075 | as a system call on some platforms including i386, and it cannot be | 1084 | as a system call on some platforms including i386, and it cannot be |
1076 | handled by seccomp-bpf. | 1085 | handled by seccomp-bpf. |
1077 | 1086 | #ifdef HAVE_NETWORK | |
1078 | .TP | 1087 | .TP |
1079 | \fB\-\-mtu=number | 1088 | \fB\-\-mtu=number |
1080 | Assign a MTU value to the last network interface defined by a \-\-net option. | 1089 | Assign a MTU value to the last network interface defined by a \-\-net option. |
@@ -1084,7 +1093,7 @@ Assign a MTU value to the last network interface defined by a \-\-net option. | |||
1084 | Example: | 1093 | Example: |
1085 | .br | 1094 | .br |
1086 | $ firejail \-\-net=eth0 \-\-mtu=1492 | 1095 | $ firejail \-\-net=eth0 \-\-mtu=1492 |
1087 | 1096 | #endif | |
1088 | .TP | 1097 | .TP |
1089 | \fB\-\-name=name | 1098 | \fB\-\-name=name |
1090 | Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use | 1099 | Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use |
@@ -1109,7 +1118,7 @@ $ firejail --list | |||
1109 | .br | 1118 | .br |
1110 | 1312:netblue:browser-1312:firejail --name=browser --private firefox --no-remote | 1119 | 1312:netblue:browser-1312:firejail --name=browser --private firefox --no-remote |
1111 | .br | 1120 | .br |
1112 | 1121 | #ifdef HAVE_NETWORK | |
1113 | .TP | 1122 | .TP |
1114 | \fB\-\-net=bridge_interface | 1123 | \fB\-\-net=bridge_interface |
1115 | Enable a new network namespace and connect it to this bridge interface. | 1124 | Enable a new network namespace and connect it to this bridge interface. |
@@ -1150,7 +1159,7 @@ Example: | |||
1150 | $ firejail \-\-net=eth0 \-\-ip=192.168.1.80 \-\-dns=8.8.8.8 firefox | 1159 | $ firejail \-\-net=eth0 \-\-ip=192.168.1.80 \-\-dns=8.8.8.8 firefox |
1151 | .br | 1160 | .br |
1152 | $ firejail \-\-net=wlan0 firefox | 1161 | $ firejail \-\-net=wlan0 firefox |
1153 | 1162 | #endif | |
1154 | .TP | 1163 | .TP |
1155 | \fB\-\-net=none | 1164 | \fB\-\-net=none |
1156 | Enable a new, unconnected network namespace. The only interface | 1165 | Enable a new, unconnected network namespace. The only interface |
@@ -1168,7 +1177,7 @@ $ firejail \-\-net=none vlc | |||
1168 | .br | 1177 | .br |
1169 | Note: \-\-net=none can crash the application on some platforms. | 1178 | Note: \-\-net=none can crash the application on some platforms. |
1170 | In these cases, it can be replaced with \-\-protocol=unix. | 1179 | In these cases, it can be replaced with \-\-protocol=unix. |
1171 | 1180 | #ifdef HAVE_NETWORK | |
1172 | .TP | 1181 | .TP |
1173 | \fB\-\-net=tap_interface | 1182 | \fB\-\-net=tap_interface |
1174 | Enable a new network namespace and connect it | 1183 | Enable a new network namespace and connect it |
@@ -1282,9 +1291,6 @@ $ firejail --netfilter=/etc/firejail/nolocal.net \\ | |||
1282 | .br | 1291 | .br |
1283 | --net=eth0 firefox | 1292 | --net=eth0 firefox |
1284 | 1293 | ||
1285 | |||
1286 | |||
1287 | |||
1288 | .TP | 1294 | .TP |
1289 | \fB\-\-netfilter=filename,arg1,arg2,arg3 ... | 1295 | \fB\-\-netfilter=filename,arg1,arg2,arg3 ... |
1290 | This is the template version of the previous command. $ARG1, $ARG2, $ARG3 ... in the firewall script | 1296 | This is the template version of the previous command. $ARG1, $ARG2, $ARG3 ... in the firewall script |
@@ -1298,8 +1304,6 @@ $ firejail --net=eth0 --ip=192.168.1.105 \\ | |||
1298 | --netfilter=/etc/firejail/tcpserver.net,5001 server-program | 1304 | --netfilter=/etc/firejail/tcpserver.net,5001 server-program |
1299 | .br | 1305 | .br |
1300 | 1306 | ||
1301 | |||
1302 | |||
1303 | .TP | 1307 | .TP |
1304 | \fB\-\-netfilter.print=name|pid | 1308 | \fB\-\-netfilter.print=name|pid |
1305 | Print the firewall installed in the sandbox specified by name or PID. Example: | 1309 | Print the firewall installed in the sandbox specified by name or PID. Example: |
@@ -1363,7 +1367,7 @@ PID User RX(KB/s) TX(KB/s) Command | |||
1363 | 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox | 1367 | 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox |
1364 | .br | 1368 | .br |
1365 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission | 1369 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission |
1366 | 1370 | #endif | |
1367 | .TP | 1371 | .TP |
1368 | \fB\-\-nice=value | 1372 | \fB\-\-nice=value |
1369 | Set nice value for all processes running inside the sandbox. | 1373 | Set nice value for all processes running inside the sandbox. |
@@ -2066,7 +2070,7 @@ Remove environment variable in the new sandbox. | |||
2066 | Example: | 2070 | Example: |
2067 | .br | 2071 | .br |
2068 | $ firejail \-\-rmenv=DBUS_SESSION_BUS_ADDRESS | 2072 | $ firejail \-\-rmenv=DBUS_SESSION_BUS_ADDRESS |
2069 | 2073 | #ifdef HAVE_NETWORK | |
2070 | .TP | 2074 | .TP |
2071 | \fB\-\-scan | 2075 | \fB\-\-scan |
2072 | ARP-scan all the networks from inside a network namespace. | 2076 | ARP-scan all the networks from inside a network namespace. |
@@ -2077,6 +2081,7 @@ This makes it possible to detect macvlan kernel device drivers running on the cu | |||
2077 | Example: | 2081 | Example: |
2078 | .br | 2082 | .br |
2079 | $ firejail \-\-net=eth0 \-\-scan | 2083 | $ firejail \-\-net=eth0 \-\-scan |
2084 | #endif | ||
2080 | .TP | 2085 | .TP |
2081 | \fB\-\-seccomp | 2086 | \fB\-\-seccomp |
2082 | Enable seccomp filter and blacklist the syscalls in the default list, | 2087 | Enable seccomp filter and blacklist the syscalls in the default list, |
@@ -2556,8 +2561,10 @@ $ firejail \-\-tree | |||
2556 | 11904:netblue:iceweasel | 2561 | 11904:netblue:iceweasel |
2557 | .br | 2562 | .br |
2558 | 11957:netblue:/usr/lib/iceweasel/plugin-container | 2563 | 11957:netblue:/usr/lib/iceweasel/plugin-container |
2564 | #ifdef HAVE_NETWORK | ||
2559 | .br | 2565 | .br |
2560 | 11969:netblue:firejail \-\-net=eth0 transmission-gtk | 2566 | 11969:netblue:firejail \-\-net=eth0 transmission-gtk |
2567 | #endif | ||
2561 | .br | 2568 | .br |
2562 | 11970:netblue:transmission-gtk | 2569 | 11970:netblue:transmission-gtk |
2563 | 2570 | ||
@@ -2609,6 +2616,7 @@ Compile time support: | |||
2609 | - user namespace support is enabled | 2616 | - user namespace support is enabled |
2610 | - X11 sandboxing support is enabled | 2617 | - X11 sandboxing support is enabled |
2611 | .br | 2618 | .br |
2619 | #ifdef HAVE_NETWORK | ||
2612 | .TP | 2620 | .TP |
2613 | \fB\-\-veth-name=name | 2621 | \fB\-\-veth-name=name |
2614 | Use this name for the interface connected to the bridge for --net=bridge_interface commands, | 2622 | Use this name for the interface connected to the bridge for --net=bridge_interface commands, |
@@ -2619,7 +2627,7 @@ instead of the default one. | |||
2619 | Example: | 2627 | Example: |
2620 | .br | 2628 | .br |
2621 | $ firejail \-\-net=br0 --veth-name=if0 | 2629 | $ firejail \-\-net=br0 --veth-name=if0 |
2622 | 2630 | #endif | |
2623 | .TP | 2631 | .TP |
2624 | \fB\-\-whitelist=dirname_or_filename | 2632 | \fB\-\-whitelist=dirname_or_filename |
2625 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the | 2633 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the |
@@ -2987,6 +2995,7 @@ Start Firefox with a new, empty home directory. | |||
2987 | .TP | 2995 | .TP |
2988 | \f\firejail --net=none vlc | 2996 | \f\firejail --net=none vlc |
2989 | Start VLC in an unconnected network namespace. | 2997 | Start VLC in an unconnected network namespace. |
2998 | #ifdef HAVE_NETWORK | ||
2990 | .TP | 2999 | .TP |
2991 | \f\firejail \-\-net=eth0 firefox | 3000 | \f\firejail \-\-net=eth0 firefox |
2992 | Start Firefox in a new network namespace. An IP address is | 3001 | Start Firefox in a new network namespace. An IP address is |
@@ -2996,6 +3005,7 @@ assigned automatically. | |||
2996 | Start a /bin/bash session in a new network namespace and connect it | 3005 | Start a /bin/bash session in a new network namespace and connect it |
2997 | to br0, br1, and br2 host bridge devices. IP addresses are assigned | 3006 | to br0, br1, and br2 host bridge devices. IP addresses are assigned |
2998 | automatically for the interfaces connected to br1 and b2 | 3007 | automatically for the interfaces connected to br1 and b2 |
3008 | #endif | ||
2999 | .TP | 3009 | .TP |
3000 | \f\firejail \-\-list | 3010 | \f\firejail \-\-list |
3001 | List all sandboxed processes. | 3011 | List all sandboxed processes. |
@@ -3115,7 +3125,6 @@ sandboxes. | |||
3115 | 3125 | ||
3116 | Option \-\-netstats prints network statistics for active sandboxes installing new network namespaces. | 3126 | Option \-\-netstats prints network statistics for active sandboxes installing new network namespaces. |
3117 | 3127 | ||
3118 | |||
3119 | Listed below are the available fields (columns) in alphabetical | 3128 | Listed below are the available fields (columns) in alphabetical |
3120 | order for \-\-top and \-\-netstats options: | 3129 | order for \-\-top and \-\-netstats options: |
3121 | 3130 | ||
@@ -3233,7 +3242,7 @@ Child process initialized | |||
3233 | .RE | 3242 | .RE |
3234 | 3243 | ||
3235 | See \fBman 5 firejail-profile\fR for profile file syntax information. | 3244 | See \fBman 5 firejail-profile\fR for profile file syntax information. |
3236 | 3245 | #ifdef HAVE_NETWORK | |
3237 | .SH TRAFFIC SHAPING | 3246 | .SH TRAFFIC SHAPING |
3238 | Network bandwidth is an expensive resource shared among all sandboxes running on a system. | 3247 | Network bandwidth is an expensive resource shared among all sandboxes running on a system. |
3239 | Traffic shaping allows the user to increase network performance by controlling | 3248 | Traffic shaping allows the user to increase network performance by controlling |
@@ -3275,7 +3284,7 @@ Example: | |||
3275 | $ firejail \-\-bandwidth=mybrowser status | 3284 | $ firejail \-\-bandwidth=mybrowser status |
3276 | .br | 3285 | .br |
3277 | $ firejail \-\-bandwidth=mybrowser clear eth0 | 3286 | $ firejail \-\-bandwidth=mybrowser clear eth0 |
3278 | 3287 | #endif | |
3279 | .SH LICENSE | 3288 | .SH LICENSE |
3280 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. | 3289 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
3281 | .PP | 3290 | .PP |
diff --git a/src/man/firemon.txt b/src/man/firemon.txt index 40a00ec3f..f74e56ef9 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt | |||
@@ -12,9 +12,11 @@ can run this program. | |||
12 | .TP | 12 | .TP |
13 | \fB\-\-apparmor | 13 | \fB\-\-apparmor |
14 | Print AppArmor confinement status for each sandbox. | 14 | Print AppArmor confinement status for each sandbox. |
15 | #ifdef HAVE_NETWORK | ||
15 | .TP | 16 | .TP |
16 | \fB\-\-arp | 17 | \fB\-\-arp |
17 | Print ARP table for each sandbox. | 18 | Print ARP table for each sandbox. |
19 | #endif | ||
18 | .TP | 20 | .TP |
19 | \fB\-\-caps | 21 | \fB\-\-caps |
20 | Print capabilities configuration for each sandbox. | 22 | Print capabilities configuration for each sandbox. |
@@ -39,15 +41,19 @@ List all sandboxes. | |||
39 | .TP | 41 | .TP |
40 | \fB\-\-name=name | 42 | \fB\-\-name=name |
41 | Print information only about named sandbox. | 43 | Print information only about named sandbox. |
44 | #ifdef HAVE_NETWORK | ||
42 | .TP | 45 | .TP |
43 | \fB\-\-netstats | 46 | \fB\-\-netstats |
44 | Monitor network statistics for sandboxes creating a new network namespace. | 47 | Monitor network statistics for sandboxes creating a new network namespace. |
48 | #endif | ||
45 | .TP | 49 | .TP |
46 | \fB\-\-nowrap | 50 | \fB\-\-nowrap |
47 | Enable line wrapping in terminals. By default the lines are trimmed. | 51 | Enable line wrapping in terminals. By default the lines are trimmed. |
52 | #ifdef HAVE_NETWORK | ||
48 | .TP | 53 | .TP |
49 | \fB\-\-route | 54 | \fB\-\-route |
50 | Print route table for each sandbox. | 55 | Print route table for each sandbox. |
56 | #endif | ||
51 | .TP | 57 | .TP |
52 | \fB\-\-seccomp | 58 | \fB\-\-seccomp |
53 | Print seccomp configuration for each sandbox. | 59 | Print seccomp configuration for each sandbox. |