diff options
author | Jeff Squyres <jsquyres@users.noreply.github.com> | 2020-06-04 13:41:32 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-04 17:41:32 +0000 |
commit | 40d3604f703ea07e3bb5feace23975fa766f5080 (patch) | |
tree | d323a2bcadf6c589ebac2eb23e62e054eacd7146 /src | |
parent | firecfg: Only use fix_desktop_files automatically when run through sudo (#3382) (diff) | |
download | firejail-40d3604f.tar.gz firejail-40d3604f.tar.zst firejail-40d3604f.zip |
man: minor clarifications to man pages (#3445)
Add verbiage to the man pages clarifying that the files/directories in
the lists given to options such as --private-bin must be relative to
the directory that is being limited (e.g., --private-opt requires a
list of files/directories that are relative to /opt).
Signed-off-by: Jeff Squyres <jeff@squyres.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/man/firejail-profile.txt | 15 | ||||
-rw-r--r-- | src/man/firejail.txt | 19 |
2 files changed, 30 insertions, 4 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 198f33c00..daae85cfd 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -268,6 +268,8 @@ Use directory as user home. | |||
268 | .TP | 268 | .TP |
269 | \fBprivate-bin file,file | 269 | \fBprivate-bin file,file |
270 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | 270 | Build a new /bin in a temporary filesystem, and copy the programs in the list. |
271 | The files in the list must be expressed as relative to the /bin, | ||
272 | /sbin, /usr/bin, /usr/sbin, or /usr/local/bin directories. | ||
271 | The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin. | 273 | The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin. |
272 | .TP | 274 | .TP |
273 | \fBprivate-cache | 275 | \fBprivate-cache |
@@ -289,26 +291,37 @@ Use the options no3d, nodvd, nosound, notv, nou2f and novideo for additional res | |||
289 | \fBprivate-etc file,directory | 291 | \fBprivate-etc file,directory |
290 | Build a new /etc in a temporary | 292 | Build a new /etc in a temporary |
291 | filesystem, and copy the files and directories in the list. | 293 | filesystem, and copy the files and directories in the list. |
294 | The files and directories in the list must be expressed as relative to | ||
295 | the /etc directory. | ||
292 | All modifications are discarded when the sandbox is closed. | 296 | All modifications are discarded when the sandbox is closed. |
293 | .TP | 297 | .TP |
294 | \fBprivate-home file,directory | 298 | \fBprivate-home file,directory |
295 | Build a new user home in a temporary | 299 | Build a new user home in a temporary |
296 | filesystem, and copy the files and directories in the list in the | 300 | filesystem, and copy the files and directories in the list in the |
297 | new home. All modifications are discarded when the sandbox is | 301 | new home. |
302 | The files and directories in the list must be expressed as relative to | ||
303 | the current user's home directory. | ||
304 | All modifications are discarded when the sandbox is | ||
298 | closed. | 305 | closed. |
299 | .TP | 306 | .TP |
300 | \fBprivate-lib file,directory | 307 | \fBprivate-lib file,directory |
301 | Build a new /lib directory and bring in the libraries required by the application to run. | 308 | Build a new /lib directory and bring in the libraries required by the application to run. |
309 | The files and directories in the list must be expressed as relative to | ||
310 | the /lib directory. | ||
302 | This feature is still under development, see \fBman 1 firejail\fR for some examples. | 311 | This feature is still under development, see \fBman 1 firejail\fR for some examples. |
303 | .TP | 312 | .TP |
304 | \fBprivate-opt file,directory | 313 | \fBprivate-opt file,directory |
305 | Build a new /opt in a temporary | 314 | Build a new /opt in a temporary |
306 | filesystem, and copy the files and directories in the list. | 315 | filesystem, and copy the files and directories in the list. |
316 | The files and directories in the list must be expressed as relative to | ||
317 | the /opt directory. | ||
307 | All modifications are discarded when the sandbox is closed. | 318 | All modifications are discarded when the sandbox is closed. |
308 | .TP | 319 | .TP |
309 | \fBprivate-srv file,directory | 320 | \fBprivate-srv file,directory |
310 | Build a new /srv in a temporary | 321 | Build a new /srv in a temporary |
311 | filesystem, and copy the files and directories in the list. | 322 | filesystem, and copy the files and directories in the list. |
323 | The files and directories in the list must be expressed as relative to | ||
324 | the /srv directory. | ||
312 | All modifications are discarded when the sandbox is closed. | 325 | All modifications are discarded when the sandbox is closed. |
313 | .TP | 326 | .TP |
314 | \fBprivate-tmp | 327 | \fBprivate-tmp |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 982b40d89..647569354 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1696,7 +1696,9 @@ $ firejail \-\-private=/home/netblue/firefox-home firefox | |||
1696 | .TP | 1696 | .TP |
1697 | \fB\-\-private-bin=file,file | 1697 | \fB\-\-private-bin=file,file |
1698 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | 1698 | Build a new /bin in a temporary filesystem, and copy the programs in the list. |
1699 | If no listed file is found, /bin directory will be empty. | 1699 | The files in the list must be expressed as relative to the /bin, |
1700 | /sbin, /usr/bin, /usr/sbin, or /usr/local/bin directories. | ||
1701 | If no listed files are found, /bin directory will be empty. | ||
1700 | The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin. | 1702 | The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin. |
1701 | All modifications are discarded when the sandbox is closed. File globbing is supported, | 1703 | All modifications are discarded when the sandbox is closed. File globbing is supported, |
1702 | see \fBFILE GLOBBING\fR section for more details. | 1704 | see \fBFILE GLOBBING\fR section for more details. |
@@ -1792,6 +1794,8 @@ $ | |||
1792 | \fB\-\-private-etc=file,directory | 1794 | \fB\-\-private-etc=file,directory |
1793 | Build a new /etc in a temporary | 1795 | Build a new /etc in a temporary |
1794 | filesystem, and copy the files and directories in the list. | 1796 | filesystem, and copy the files and directories in the list. |
1797 | The files and directories in the list must be expressed as relative to | ||
1798 | the /etc directory. | ||
1795 | If no listed file is found, /etc directory will be empty. | 1799 | If no listed file is found, /etc directory will be empty. |
1796 | All modifications are discarded when the sandbox is closed. | 1800 | All modifications are discarded when the sandbox is closed. |
1797 | .br | 1801 | .br |
@@ -1801,13 +1805,16 @@ Example: | |||
1801 | .br | 1805 | .br |
1802 | $ firejail --private-etc=group,hostname,localtime, \\ | 1806 | $ firejail --private-etc=group,hostname,localtime, \\ |
1803 | .br | 1807 | .br |
1804 | nsswitch.conf,passwd,resolv.conf | 1808 | nsswitch.conf,passwd,resolv.conf,default/motd-news |
1805 | 1809 | ||
1806 | .TP | 1810 | .TP |
1807 | \fB\-\-private-home=file,directory | 1811 | \fB\-\-private-home=file,directory |
1808 | Build a new user home in a temporary | 1812 | Build a new user home in a temporary |
1809 | filesystem, and copy the files and directories in the list in the | 1813 | filesystem, and copy the files and directories in the list in the |
1810 | new home. All modifications are discarded when the sandbox is | 1814 | new home. |
1815 | The files and directories in the list must be expressed as relative to | ||
1816 | the current user's home directory. | ||
1817 | All modifications are discarded when the sandbox is | ||
1811 | closed. | 1818 | closed. |
1812 | .br | 1819 | .br |
1813 | 1820 | ||
@@ -1819,6 +1826,8 @@ $ firejail \-\-private-home=.mozilla firefox | |||
1819 | .TP | 1826 | .TP |
1820 | \fB\-\-private-lib=file,directory | 1827 | \fB\-\-private-lib=file,directory |
1821 | This feature is currently under heavy development. Only amd64 platforms are supported at this moment. | 1828 | This feature is currently under heavy development. Only amd64 platforms are supported at this moment. |
1829 | The files and directories in the list must be expressed as relative to | ||
1830 | the /lib directory. | ||
1822 | The idea is to build a new /lib in a temporary filesystem, | 1831 | The idea is to build a new /lib in a temporary filesystem, |
1823 | with only the library files necessary to run the application. | 1832 | with only the library files necessary to run the application. |
1824 | It could be as simple as: | 1833 | It could be as simple as: |
@@ -1870,6 +1879,8 @@ $ | |||
1870 | \fB\-\-private-opt=file,directory | 1879 | \fB\-\-private-opt=file,directory |
1871 | Build a new /opt in a temporary | 1880 | Build a new /opt in a temporary |
1872 | filesystem, and copy the files and directories in the list. | 1881 | filesystem, and copy the files and directories in the list. |
1882 | The files and directories in the list must be expressed as relative to | ||
1883 | the /opt directory. | ||
1873 | If no listed file is found, /opt directory will be empty. | 1884 | If no listed file is found, /opt directory will be empty. |
1874 | All modifications are discarded when the sandbox is closed. | 1885 | All modifications are discarded when the sandbox is closed. |
1875 | .br | 1886 | .br |
@@ -1883,6 +1894,8 @@ $ firejail --private-opt=firefox /opt/firefox/firefox | |||
1883 | \fB\-\-private-srv=file,directory | 1894 | \fB\-\-private-srv=file,directory |
1884 | Build a new /srv in a temporary | 1895 | Build a new /srv in a temporary |
1885 | filesystem, and copy the files and directories in the list. | 1896 | filesystem, and copy the files and directories in the list. |
1897 | The files and directories in the list must be expressed as relative to | ||
1898 | the /srv directory. | ||
1886 | If no listed file is found, /srv directory will be empty. | 1899 | If no listed file is found, /srv directory will be empty. |
1887 | All modifications are discarded when the sandbox is closed. | 1900 | All modifications are discarded when the sandbox is closed. |
1888 | .br | 1901 | .br |