diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-05 09:51:18 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-05 09:51:18 -0400 |
commit | 86286babe204b6ac95a1cbc0af958e79d43655b5 (patch) | |
tree | 695fd0594a94c893e4c77492c460c3da3e1fec58 /src/man/firejail.txt | |
parent | gitignore (diff) | |
download | firejail-86286babe204b6ac95a1cbc0af958e79d43655b5.tar.gz firejail-86286babe204b6ac95a1cbc0af958e79d43655b5.tar.zst firejail-86286babe204b6ac95a1cbc0af958e79d43655b5.zip |
audit feature
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index bb8c64dc9..a523e51cb 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -88,6 +88,12 @@ $ firejail --appimage --private krita-3.0-x86_64.appimage | |||
88 | .br | 88 | .br |
89 | $ firejail --appimage --net=none --x11 krita-3.0-x86_64.appimage | 89 | $ firejail --appimage --net=none --x11 krita-3.0-x86_64.appimage |
90 | .TP | 90 | .TP |
91 | \fB\-\-audit | ||
92 | Audit the sandbox, see \fBAUDIT\fR section for more details. | ||
93 | .TP | ||
94 | \fB\-\-audit=test-program | ||
95 | Audit the sandbox, see \fBAUDIT\fR section for more details. | ||
96 | .TP | ||
91 | \fB\-\-bandwidth=name|pid | 97 | \fB\-\-bandwidth=name|pid |
92 | Set bandwidth limits for the sandbox identified by name or PID, see \fBTRAFFIC SHAPING\fR section for more details. | 98 | Set bandwidth limits for the sandbox identified by name or PID, see \fBTRAFFIC SHAPING\fR section for more details. |
93 | .TP | 99 | .TP |
@@ -1691,15 +1697,15 @@ The shaper works at sandbox level, and can be used only for sandboxes configured | |||
1691 | 1697 | ||
1692 | Set rate-limits: | 1698 | Set rate-limits: |
1693 | 1699 | ||
1694 | firejail --bandwidth=name|pid set network download upload | 1700 | $ firejail --bandwidth=name|pid set network download upload |
1695 | 1701 | ||
1696 | Clear rate-limits: | 1702 | Clear rate-limits: |
1697 | 1703 | ||
1698 | firejail --bandwidth=name|pid clear network | 1704 | $ firejail --bandwidth=name|pid clear network |
1699 | 1705 | ||
1700 | Status: | 1706 | Status: |
1701 | 1707 | ||
1702 | firejail --bandwidth=name|pid status | 1708 | $ firejail --bandwidth=name|pid status |
1703 | 1709 | ||
1704 | where: | 1710 | where: |
1705 | .br | 1711 | .br |
@@ -1723,6 +1729,25 @@ Example: | |||
1723 | .br | 1729 | .br |
1724 | $ firejail \-\-bandwidth=mybrowser clear eth0 | 1730 | $ firejail \-\-bandwidth=mybrowser clear eth0 |
1725 | 1731 | ||
1732 | .SH AUDIT | ||
1733 | Audit feature allows the user to point out gaps in security profiles. The | ||
1734 | implementation replaces the program to be sandboxed with a test program. By | ||
1735 | default, we use faudit program distributed with Firejail. A custom test program | ||
1736 | can also be supplied by the user. Examples: | ||
1737 | |||
1738 | Running the default audit program: | ||
1739 | .br | ||
1740 | $ firejail --audit transmission-gtk | ||
1741 | |||
1742 | Running a custom audit program: | ||
1743 | .br | ||
1744 | $ firejail --audit=~/sandbox-test transmission-gtk\n\n"); | ||
1745 | |||
1746 | In the examples above, the sandbox configures transmission-gtk profile and | ||
1747 | starts the test program. The real program, transmission-gtk, will not be | ||
1748 | started. | ||
1749 | |||
1750 | |||
1726 | .SH MONITORING | 1751 | .SH MONITORING |
1727 | Option \-\-list prints a list of all sandboxes. The format | 1752 | Option \-\-list prints a list of all sandboxes. The format |
1728 | for each process entry is as follows: | 1753 | for each process entry is as follows: |