feature: add notpm command & keep tpm devices in private-dev (#6390)

An ssh private key may be stored in a Trusted Platform Module (TPM) device and `private-dev` in ssh.profile currently breaks this use-case, as it does not keep tpm devices (see #6379). So add a new `notpm` command and keep tpm devices in /dev by default with `private-dev` unless `notpm` is used.
author: qdii <victor.lavaud@gmail.com> 2024-07-09 03:43:55 +0200
committer: GitHub <noreply@github.com> 2024-07-09 01:43:55 +0000
commit: 001320226ccb4f2ad913ee3af9932be807d80818 (patch)
tree: 1dd6db5a62c7f16a25e691c4910ff91e1747d6dc /src/man/firejail.1.in
parent: docs: man: format and sort some private- items (#6398) (diff)
download: firejail-001320226ccb4f2ad913ee3af9932be807d80818.tar.gz
firejail-001320226ccb4f2ad913ee3af9932be807d80818.tar.zst
firejail-001320226ccb4f2ad913ee3af9932be807d80818.zip
1 files changed, 14 insertions, 4 deletions
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in
index 76f0e29ab..f14eb6ec0 100644
--- a/src/man/firejail.1.in
+++ b/src/man/firejail.1.in
@@ -1919,6 +1919,16 @@ Example:
 $ firejail \-\-nosound firefox
 .TP
+\fB\-\-notpm
+Disable Trusted Platform Module (TPM) devices.
+.br
+.br
+Example:
+.br
+$ firejail \-\-notpm
+.TP
 \fB\-\-notv
 Disable DVB (Digital Video Broadcasting) TV devices.
 .br
@@ -2173,10 +2183,10 @@ $ pwd
 .TP
 \fB\-\-private-dev
 Create a new /dev directory.
-Only disc, dri, dvb, full, hidraw, log, null, ptmx, pts, random, shm, snd, tty,
+Only disc, dri, dvb, full, hidraw, log, null, ptmx, pts, random, shm, snd, tpm,
-urandom, usb, video and zero devices are available.
+tty, urandom, usb, video and zero devices are available.
-Use the options \-\-no3d, \-\-nodvd, \-\-nosound, \-\-notv, \-\-nou2f and
+Use the options \-\-no3d, \-\-nodvd, \-\-nosound, \-\-notpm, \-\-notv,
-\-\-novideo for additional restrictions.
+\-\-nou2f and \-\-novideo for additional restrictions.
 .br
 .br
author	qdii <victor.lavaud@gmail.com>	2024-07-09 03:43:55 +0200
committer	GitHub <noreply@github.com>	2024-07-09 01:43:55 +0000
commit	001320226ccb4f2ad913ee3af9932be807d80818 (patch)
tree	1dd6db5a62c7f16a25e691c4910ff91e1747d6dc /src/man/firejail.1.in
parent	docs: man: format and sort some private- items (#6398) (diff)
download	firejail-001320226ccb4f2ad913ee3af9932be807d80818.tar.gz firejail-001320226ccb4f2ad913ee3af9932be807d80818.tar.zst firejail-001320226ccb4f2ad913ee3af9932be807d80818.zip

diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 76f0e29ab..f14eb6ec0 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in
@@ -1919,6 +1919,16 @@ Example:
1919	$ firejail \-\-nosound firefox	1919	$ firejail \-\-nosound firefox
1920		1920
1921	.TP	1921	.TP
		1922	\fB\-\-notpm
		1923	Disable Trusted Platform Module (TPM) devices.
		1924	.br
		1925
		1926	.br
		1927	Example:
		1928	.br
		1929	$ firejail \-\-notpm
		1930
		1931	.TP
1922	\fB\-\-notv	1932	\fB\-\-notv
1923	Disable DVB (Digital Video Broadcasting) TV devices.	1933	Disable DVB (Digital Video Broadcasting) TV devices.
1924	.br	1934	.br
@@ -2173,10 +2183,10 @@ $ pwd
2173	.TP	2183	.TP
2174	\fB\-\-private-dev	2184	\fB\-\-private-dev
2175	Create a new /dev directory.	2185	Create a new /dev directory.
2176	Only disc, dri, dvb, full, hidraw, log, null, ptmx, pts, random, shm, snd, tty,	2186	Only disc, dri, dvb, full, hidraw, log, null, ptmx, pts, random, shm, snd, tpm,
2177	urandom, usb, video and zero devices are available.	2187	tty, urandom, usb, video and zero devices are available.
2178	Use the options \-\-no3d, \-\-nodvd, \-\-nosound, \-\-notv, \-\-nou2f and	2188	Use the options \-\-no3d, \-\-nodvd, \-\-nosound, \-\-notpm, \-\-notv,
2179	\-\-novideo for additional restrictions.	2189	\-\-nou2f and \-\-novideo for additional restrictions.
2180	.br	2190	.br
2181		2191
2182	.br	2192	.br