allusers support in profile files

5 files changed, 30 insertions, 2 deletions

diff --git a/README b/README
index 9b981d805..0b2a27f02 100644
--- a/README
+++ b/README
@@ -44,6 +44,7 @@ Aleksey Manevich (https://github.com/manevich)
         - read_pid fix
         - added --x11=block options
         - x11 xpra, xphyr, block profile commands
+        - added --join-or-start command
 Fred-Barclay (https://github.com/Fred-Barclay)
         - added Vivaldi, Atril profiles
         - added PaleMoon profile
diff --git a/README.md b/README.md
index 944cd41ca..64a67bf63 100644
--- a/README.md
+++ b/README.md
@@ -43,8 +43,24 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/
               specified in ${XAUTHORITY} enviroment variable.  Remove  DISPLAY  and
               XAUTHORITY  enviroment  variables.   Stop  with  error message if X11
               abstract socket will be accessible in jail.
+
+      --put=name|pid src-filename dest-filename
+              Put src-filename in sandbox container.  The container is specified by name or PID.
+
+       --allusers
+              All user home directories are visible inside the sandbox. By default, only current user home
+              directory is visible.
+
+              Example:
+              $ firejail --allusers
+
+       --join-or-start=name
+              Join the sandbox identified by name or start a new one.  Same as "firejail  --join=name"  if
+              sandbox with specified name exists, otherwise same as "firejail --name=name ..."
+              Note that in contrary to other join options there is respective profile option.
+
 `````
 
 ## New profile commands
 
-x11 xpra, x11 xephyr, x11 block
\ No newline at end of file
+x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
diff --git a/RELNOTES b/RELNOTES
index b6ed4ead9..da882e461 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -3,9 +3,12 @@ firejail (0.9.43) baseline; urgency=low
   * modifs: removed man firejail-config
   * modifs: --private-tmp whitelists /tmp/.X11-unix directory
   * modifs: Nvidia drivers added to --privte-dev
+  * feature: support starting/joining sandbox is a single command
+    (--join-or-start)
+  * feature: all user home directories are visible (--allusers)
   * feature: add files to sandbox container (--put)
   * feature: blocking x11 (--x11=block)
-  * feature: x11 xpra, x11 xephyr, x11 block profile commands
+  * feature: x11 xpra, x11 xephyr, x11 block, allusers profile commands
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Fri, 9 Sept 2016 08:00:00 -0500
 
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 73b655379..33029a86b 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -181,6 +181,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 #endif
                 return 0;
         }
+        else if (strcmp(ptr, "allusers") == 0) {
+                arg_allusers = 1;
+                return 0;
+        }
         else if (strcmp(ptr, "private-dev") == 0) {
                 arg_private_dev = 1;
                 return 0;
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 68420ae9d..3e415c2cc 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -322,6 +322,10 @@ The sandbox is placed in g1 control group.
 
 .SH User Environment
 .TP
+\fBallusers
+All user home directories are visible inside the sandbox. By default, only current user home directory is visible.
+
+.TP
 \fBname sandboxname
 Set sandbox name. Example:
 .br