docs: document NAME VALIDATION in firejail.txt

author: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-06-13 21:16:17 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-06-13 21:25:35 -0300
commit: 6489138a5685df83b7b8ce490b7fcc64cde3fb38 (patch)
tree: bad57033e0326fb0bdbc466bcda19912bfc12946
parent: Add missing name/hostname checks (diff)
download: firejail-6489138a5685df83b7b8ce490b7fcc64cde3fb38.tar.gz
firejail-6489138a5685df83b7b8ce490b7fcc64cde3fb38.tar.zst
firejail-6489138a5685df83b7b8ce490b7fcc64cde3fb38.zip
2 files changed, 24 insertions, 2 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 6c79c050e..555486916 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1476,6 +1476,8 @@ int ascii_isxdigit(unsigned char c) {
        return ret;
 }
+// Note: Keep this in sync with NAME VALIDATION in src/man/firejail.txt.
+//
 // Allow only ASCII letters, digits and a few special characters; names with
 // only numbers are rejected; spaces and control characters are rejected.
 int invalid_name(const char *name) {
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 586ef9852..19fc94ebd 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -876,6 +876,8 @@ Print options end exit.
 \fB\-\-hostname=name
 Set sandbox hostname.
 .br
+For valid names, see the \fBNAME VALIDATION\fR section.
+.br
 .br
 Example:
@@ -1180,7 +1182,9 @@ Switching to pid 1932, the first child process inside the sandbox
 .TP
 \fB\-\-join-or-start=name
 Join the sandbox identified by name or start a new one.
-Same as "firejail --join=name" if sandbox with specified name exists, otherwise same as "firejail --name=name ..."
+Same as "firejail --join=name" if sandbox with specified name exists, otherwise
+same as "firejail --name=name ...".
+See \fB\-\-name\fR for details.
 .br
 Note that in contrary to other join options there is respective profile option.
@@ -1340,8 +1344,13 @@ $ firejail \-\-net=eth0 \-\-mtu=1492
 \fB\-\-name=name
 Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use
 this name to identify a sandbox.
-The name cannot contain only digits, as that is treated as a PID in the other options, such as in \-\-join.
+The name cannot contain only digits, as that is treated as a PID in the other
+options, such as in \-\-join.
+.br
+For valid names, see the \fBNAME VALIDATION\fR section.
+.br
+.br
 In case the name supplied by the user is already in use by another sandbox, Firejail will assign a
 new name as "name-PID", where PID is the process ID of the sandbox. This functionality
 can be disabled at run time in /etc/firejail/firejail.config file, by setting "name-change" flag to "no".
@@ -3296,6 +3305,17 @@ Example:
 $ firejail --net=eth0 --x11=xephyr --xephyr-screen=640x480 firefox
 .br
 #endif
+.\" Note: Keep this in sync with invalid_name() in src/firejail/util.c.
+.SH NAME VALIDATION
+For simplicity, the same name validation is used for multiple options.
+Rules:
+.PP
+The name must be 1-253 characters long.
+The name can only contain ASCII letters, digits and the special characters
+"-._" (that is, the name cannot contain spaces or control characters).
+The name cannot contain only digits.
+The first and last characters must be an ASCII letter or digit and the name
+may contain special characters in the middle.
 #ifdef HAVE_APPARMOR
 .SH APPARMOR
 .TP
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-06-13 21:16:17 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-06-13 21:25:35 -0300
commit	6489138a5685df83b7b8ce490b7fcc64cde3fb38 (patch)
tree	bad57033e0326fb0bdbc466bcda19912bfc12946
parent	Add missing name/hostname checks (diff)
download	firejail-6489138a5685df83b7b8ce490b7fcc64cde3fb38.tar.gz firejail-6489138a5685df83b7b8ce490b7fcc64cde3fb38.tar.zst firejail-6489138a5685df83b7b8ce490b7fcc64cde3fb38.zip