diff options
author | netblue30 <netblue30@protonmail.com> | 2023-01-25 11:56:08 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-01-25 11:56:08 -0500 |
commit | 9774ab8a35f79be0b3bb1fd6313bac2bdbfaf6c0 (patch) | |
tree | d251ae0fbd740d17647459ecff9c2bdc1729e6ea /README.md | |
parent | private-etc rework: file groups moved to src/include/etc_groups.h, new groups... (diff) | |
download | firejail-9774ab8a35f79be0b3bb1fd6313bac2bdbfaf6c0.tar.gz firejail-9774ab8a35f79be0b3bb1fd6313bac2bdbfaf6c0.tar.zst firejail-9774ab8a35f79be0b3bb1fd6313bac2bdbfaf6c0.zip |
private-etc rework: new man page
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 38 |
1 files changed, 38 insertions, 0 deletions
@@ -182,6 +182,44 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
182 | 182 | ||
183 | ## Current development version: 0.9.73 | 183 | ## Current development version: 0.9.73 |
184 | 184 | ||
185 | ### private-etc rework | ||
186 | ````` | ||
187 | --private-etc | ||
188 | |||
189 | --private-etc=file,directory | ||
190 | The files installed by --private-etc are copies of the original | ||
191 | system files from /etc directory. By default, the command | ||
192 | brings in a skeleton of files and directories used by most con‐ | ||
193 | sole tools: | ||
194 | |||
195 | $ firejail --private-etc dig debian.org | ||
196 | |||
197 | For X11/GTK/QT/Gnome/KDE programs add GUI group as a parameter. | ||
198 | Example: | ||
199 | |||
200 | $ firejail --private-etc=GUI,python* gimp | ||
201 | |||
202 | /etc/python* directories are not part of the generic GUI group. | ||
203 | These directories are reuqired by Gimp plugin system. File glob‐ | ||
204 | bing is supported. | ||
205 | |||
206 | For games, add GAMES group: | ||
207 | |||
208 | $ firejail --private-etc=GUI,GAMES warzone2100 | ||
209 | |||
210 | Sound and networking files are included automatically, unless | ||
211 | --nosound or --net=none are specified. Files for encrypted | ||
212 | TLS/SSL protocol are in TLS-CA group. | ||
213 | |||
214 | $ firejail --private-etc=TLS-CA,wgetrc wget https://debian.org | ||
215 | |||
216 | Note: The easiest way to extract the list of /etc files accessed | ||
217 | by your program is using strace utility: | ||
218 | |||
219 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc | ||
220 | |||
221 | ````` | ||
222 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) | ||
185 | 223 | ||
186 | ### Profile Statistics | 224 | ### Profile Statistics |
187 | 225 | ||