aboutsummaryrefslogtreecommitdiffstats
path: root/src/man/firejail-profile.txt
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2015-08-31 06:46:57 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2015-08-31 06:46:57 -0400
commitc400b75a70af36c6f81a77f4c0fbd5bcc33fcce0 (patch)
treeb222da7db5ccf3cec25f274dcad77b2c17f5ea4b /src/man/firejail-profile.txt
parentadmin work (diff)
downloadfirejail-c400b75a70af36c6f81a77f4c0fbd5bcc33fcce0.tar.gz
firejail-c400b75a70af36c6f81a77f4c0fbd5bcc33fcce0.tar.zst
firejail-c400b75a70af36c6f81a77f4c0fbd5bcc33fcce0.zip
using /etc/firejail/server.profile as default profile if the sandbox is started by root
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r--src/man/firejail-profile.txt32
1 files changed, 18 insertions, 14 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 246098bb7..5167a4c42 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -7,15 +7,18 @@ profile \- Security profile file syntax for Firejail
7firejail \-\-profile=filename.profile 7firejail \-\-profile=filename.profile
8 8
9.SH DESCRIPTION 9.SH DESCRIPTION
10Several Firejail command line configuration options can be passed to the program using 10Several command line options can be passed to the program using
11profile files. 11profile files. Firejail chooses the profile file as follows:
12Firejail chooses a security profile in the following order:
13 12
141. If a profile is provided by the user with --profile option, the profile is loaded. 131. If a profile file is provided by the user with --profile option, the profile file is loaded.
15Example: 14Example:
16.PP 15.PP
17.RS 16.RS
18$ firejail --profile=/home/netblue/icecat.profile icecat 17$ firejail --profile=/home/netblue/icecat.profile icecat
18.br
19Reading profile /home/netblue/icecat.profile
20.br
21[...]
19.RE 22.RE
20 23
212. If a profile file with the same name as the application is present in ~/.config/firejail directory or 242. If a profile file with the same name as the application is present in ~/.config/firejail directory or
@@ -26,7 +29,6 @@ $ firejail icecat
26.br 29.br
27Command name #icecat# 30Command name #icecat#
28.br 31.br
29.br
30Found icecat profile in /home/netblue/.config/firejail directory 32Found icecat profile in /home/netblue/.config/firejail directory
31.br 33.br
32Reading profile /home/netblue/.config/firejail/icecat.profile 34Reading profile /home/netblue/.config/firejail/icecat.profile
@@ -34,29 +36,31 @@ Reading profile /home/netblue/.config/firejail/icecat.profile
34[...] 36[...]
35.RE 37.RE
36 38
373. Use the default profile in /etc/firejail/generic.profile. This can be disabled with --noprofile. Example: 393. Use a default.profile file if the sandbox
40is started by a regular user, or a server.profile file if the sandbox
41is started by root. Firejail looks for these files in ~/.config/firejail directory, followed by /etc/firejail directory.
42To disable default profile loading, use --noroot command option. Example:
38.PP 43.PP
39.RS 44.RS
40$ firejail \-\-noprofile 45$ firejail
46.br
47Reading profile /etc/firejail/generic.profile
41.br 48.br
42Parent pid 8553, child pid 8554 49Parent pid 8553, child pid 8554
43.br 50.br
44Child process initialized 51Child process initialized
45.br 52.br
46$ exit 53[...]
47.br 54.br
55
48.br 56.br
49parent is shutting down, bye... 57$ firejail \-\-noprofile
50.br
51$ firejail
52.br
53Reading profile /etc/firejail/generic.profile
54.br 58.br
55Parent pid 8553, child pid 8554 59Parent pid 8553, child pid 8554
56.br 60.br
57Child process initialized 61Child process initialized
58.br 62.br
59$ 63[...]
60.RE 64.RE
61 65
62.SH Scripting 66.SH Scripting
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-08-01 09:36:36 +0000