diff options
| author |  netblue30 <netblue30@protonmail.com> | 2023-01-30 08:14:13 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2023-01-30 08:14:13 -0500 |
| commit | 5d5f554ab133bb56d22a58000d58e5a957ee37c5 (patch) | |
| tree | 0d7d01952cfae83af9d5ff6e99198c18a953e87a /README.md | |
| parent | Merge pull request #5626 from kmk3/mutt-reduce-mkdir (diff) | |
| download | firejail-5d5f554ab133bb56d22a58000d58e5a957ee37c5.tar.gz firejail-5d5f554ab133bb56d22a58000d58e5a957ee37c5.tar.zst firejail-5d5f554ab133bb56d22a58000d58e5a957ee37c5.zip | |
private-etc: moved group names to @group syntax; GUI group renamed as @x11 group; added nvidia and X11 directories to @x11 group.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 25 |
1 files changed, 12 insertions, 13 deletions
| @@ -184,7 +184,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
| 184 | 184 | ||
| 185 | ### private-etc rework | 185 | ### private-etc rework |
| 186 | ````` | 186 | ````` |
| 187 | --private-etc, --private-etc=file,directory | 187 | --private-etc, --private-etc=file,directory,@group |
| 188 | The files installed by --private-etc are copies of the original | 188 | The files installed by --private-etc are copies of the original |
| 189 | system files from /etc directory. By default, the command | 189 | system files from /etc directory. By default, the command |
| 190 | brings in a skeleton of files and directories used by most con‐ | 190 | brings in a skeleton of files and directories used by most con‐ |
| @@ -192,24 +192,23 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
| 192 | 192 | ||
| 193 | $ firejail --private-etc dig debian.org | 193 | $ firejail --private-etc dig debian.org |
| 194 | 194 | ||
| 195 | For X11/GTK/QT/Gnome/KDE programs add GUI group as a parameter. | 195 | For X11/GTK/QT/Gnome/KDE programs add @x11 group as a parame‐ |
| 196 | Example: | 196 | ter. Example: |
| 197 | 197 | ||
| 198 | $ firejail --private-etc=GUI,python* gimp | 198 | $ firejail --private-etc=@x11,gcrypt,python* gimp |
| 199 | 199 | ||
| 200 | /etc/python* directories are not part of the generic GUI group. | 200 | gcrypt and /etc/python* directories are not part of the generic |
| 201 | These directories are reuqired by Gimp plugin system. File glob‐ | 201 | @x11 group. File globbing is supported. |
| 202 | bing is supported. | ||
| 203 | 202 | ||
| 204 | For games, add GAMES group: | 203 | For games, add @games group: |
| 205 | 204 | ||
| 206 | $ firejail --private-etc=GUI,GAMES warzone2100 | 205 | $ firejail --private-etc=@games,@x11 warzone2100 |
| 207 | 206 | ||
| 208 | Sound and networking files are included automatically, unless | 207 | Sound and networking files are included automatically, unless |
| 209 | --nosound or --net=none are specified. Files for encrypted | 208 | --nosound or --net=none are specified. Files for encrypted |
| 210 | TLS/SSL protocol are in TLS-CA group. | 209 | TLS/SSL protocol are in @tls-ca group. |
| 211 | 210 | ||
| 212 | $ firejail --private-etc=TLS-CA,wgetrc wget https://debian.org | 211 | $ firejail --private-etc=@tls-ca,wgetrc wget https://debian.org |
| 213 | 212 | ||
| 214 | Note: The easiest way to extract the list of /etc files accessed | 213 | Note: The easiest way to extract the list of /etc files accessed |
| 215 | by your program is using strace utility: | 214 | by your program is using strace utility: |