diff options
author | netblue30 <netblue30@yahoo.com> | 2018-04-08 14:29:55 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-04-08 14:29:55 -0400 |
commit | 75311732cc354f8c5aaf4468313822c104b50c9e (patch) | |
tree | e401dae3b3032ac5bd88c06122021801a5ea0a1a /README.md | |
parent | optimize seccomp.drop and seccomp= filters (diff) | |
download | firejail-75311732cc354f8c5aaf4468313822c104b50c9e.tar.gz firejail-75311732cc354f8c5aaf4468313822c104b50c9e.tar.zst firejail-75311732cc354f8c5aaf4468313822c104b50c9e.zip |
firejail user access database
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 59 |
1 files changed, 59 insertions, 0 deletions
@@ -98,6 +98,57 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir | |||
98 | ````` | 98 | ````` |
99 | # Current development version: 0.9.53 | 99 | # Current development version: 0.9.53 |
100 | 100 | ||
101 | ## Firejail user access database | ||
102 | ````` | ||
103 | $ man firejail-users | ||
104 | FIREJAIL-USERS(5) firejail.users man page FIREJAIL-USERS(5) | ||
105 | |||
106 | NAME | ||
107 | firejail.users - Firejail user access database | ||
108 | |||
109 | DESCRIPTION | ||
110 | /etc/firejail/firejail.users lists the users allowed to run firejail | ||
111 | SUID executable. If the file is not present in the system, all users | ||
112 | are allowed to use the sandbox. root user is allowed by default. | ||
113 | |||
114 | Example: | ||
115 | |||
116 | $ cat /etc/firejail/firejail.users | ||
117 | dustin | ||
118 | lucas | ||
119 | mike | ||
120 | eleven | ||
121 | |||
122 | Use a text editor to add or remove users from the list. You can also | ||
123 | use firecfg --add-users command. Example: | ||
124 | |||
125 | $ sudo firecfg --add-users dusting lucas mike eleven | ||
126 | |||
127 | By default, running firecfg creates the file and adds the current user | ||
128 | to the list. Example: | ||
129 | |||
130 | $ sudo firecfg | ||
131 | |||
132 | See man 1 firecfg for details. | ||
133 | |||
134 | FILES | ||
135 | /etc/firejail/firejail.users | ||
136 | |||
137 | LICENSE | ||
138 | Firejail is free software; you can redistribute it and/or modify it | ||
139 | under the terms of the GNU General Public License as published by the | ||
140 | Free Software Foundation; either version 2 of the License, or (at your | ||
141 | option) any later version. | ||
142 | |||
143 | Homepage: https://firejail.wordpress.com | ||
144 | |||
145 | SEE ALSO | ||
146 | firejail(1), firemon(1), firecfg(1), firejail-profile(5) firejail- | ||
147 | login(5) | ||
148 | |||
149 | 0.9.53 Apr 2018 FIREJAIL-USERS(5) | ||
150 | ````` | ||
151 | |||
101 | ## Spectre mitigation | 152 | ## Spectre mitigation |
102 | 153 | ||
103 | If your gcc compiler version supports it, -mindirect-branch=thunk is inserted into EXTRA_CFLAGS during software configuration. | 154 | If your gcc compiler version supports it, -mindirect-branch=thunk is inserted into EXTRA_CFLAGS during software configuration. |
@@ -155,6 +206,14 @@ This feature is also supported for LLVM/clang compiler | |||
155 | 206 | ||
156 | Example: | 207 | Example: |
157 | $ firejail --nodbus --net=none | 208 | $ firejail --nodbus --net=none |
209 | |||
210 | --noautopulse | ||
211 | Disable automatic ~/.config/pulse init, for complex setups such | ||
212 | as remote pulse servers or non-standard socket paths. | ||
213 | |||
214 | Example: | ||
215 | $ firejail --noautopulse firefox | ||
216 | |||
158 | ````` | 217 | ````` |
159 | 218 | ||
160 | ## AppImage development | 219 | ## AppImage development |