diff options
author | netblue30 <netblue30@yahoo.com> | 2015-12-04 12:36:44 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-12-04 12:36:44 -0500 |
commit | 129af459ad895b329afb62f3fe9cbcbd6a578072 (patch) | |
tree | b5ac2a42b2b6ca9c2ecb503c0fe4411f37fe5382 /src/man/firejail.txt | |
parent | --tracelog work (diff) | |
download | firejail-129af459ad895b329afb62f3fe9cbcbd6a578072.tar.gz firejail-129af459ad895b329afb62f3fe9cbcbd6a578072.tar.zst firejail-129af459ad895b329afb62f3fe9cbcbd6a578072.zip |
--profile-path option
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 62225c407..e2382eb9f 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -52,7 +52,7 @@ Only /home and /tmp are writable. | |||
52 | As it starts up, Firejail tries to find a security profile based on the name of the application. | 52 | As it starts up, Firejail tries to find a security profile based on the name of the application. |
53 | If an appropriate profile is not found, Firejail will use a default profile. | 53 | If an appropriate profile is not found, Firejail will use a default profile. |
54 | The default profile is quite restrictive. In case the application doesn't work, use --noprofile option | 54 | The default profile is quite restrictive. In case the application doesn't work, use --noprofile option |
55 | to disable it. For more information, please see SECURITY PROFILES section. | 55 | to disable it. For more information, please see \fBSECURITY PROFILES\fR section. |
56 | .PP | 56 | .PP |
57 | If a program argument is not specified, Firejail starts /bin/bash shell. | 57 | If a program argument is not specified, Firejail starts /bin/bash shell. |
58 | Examples: | 58 | Examples: |
@@ -69,10 +69,10 @@ $ firejail [OPTIONS] firefox # starting Mozilla Firefox | |||
69 | Signal the end of options and disables further option processing. | 69 | Signal the end of options and disables further option processing. |
70 | .TP | 70 | .TP |
71 | \fB\-\-bandwidth=name | 71 | \fB\-\-bandwidth=name |
72 | Set bandwidth limits for the sandbox identified by name, see TRAFFIC SHAPING section for more details. | 72 | Set bandwidth limits for the sandbox identified by name, see \fBTRAFFIC SHAPING\fR section for more details. |
73 | .TP | 73 | .TP |
74 | \fB\-\-bandwidth=pid | 74 | \fB\-\-bandwidth=pid |
75 | Set bandwidth limits for the sandbox identified by PID, see TRAFFIC SHAPING section for more details. | 75 | Set bandwidth limits for the sandbox identified by PID, see \fBTRAFFIC SHAPING\fR section for more details. |
76 | .TP | 76 | .TP |
77 | \fB\-\-bind=dirname1,dirname2 | 77 | \fB\-\-bind=dirname1,dirname2 |
78 | Mount-bind dirname1 on top of dirname2. This option is only available when running the sandbox as root. | 78 | Mount-bind dirname1 on top of dirname2. This option is only available when running the sandbox as root. |
@@ -478,7 +478,7 @@ $ firejail \-\-join=3272 | |||
478 | 478 | ||
479 | .TP | 479 | .TP |
480 | \fB\-\-list | 480 | \fB\-\-list |
481 | List all sandboxes, see MONITORING section for more details. | 481 | List all sandboxes, see \fBMONITORING\fR section for more details. |
482 | .br | 482 | .br |
483 | 483 | ||
484 | .br | 484 | .br |
@@ -645,7 +645,7 @@ $ firejail --netfilter=/etc/firejail/nolocal.net \\ | |||
645 | --net=eth0 firefox | 645 | --net=eth0 firefox |
646 | .TP | 646 | .TP |
647 | \fB\-\-netstats | 647 | \fB\-\-netstats |
648 | Monitor network namespace statistics, see MONITORING section for more details. | 648 | Monitor network namespace statistics, see \fBMONITORING\fR section for more details. |
649 | .br | 649 | .br |
650 | 650 | ||
651 | .br | 651 | .br |
@@ -919,7 +919,7 @@ nsswitch.conf,passwd,resolv.conf | |||
919 | .TP | 919 | .TP |
920 | \fB\-\-profile=filename | 920 | \fB\-\-profile=filename |
921 | Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path. | 921 | Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path. |
922 | For more information, see SECURITY PROFILES section below. | 922 | For more information, see \fBSECURITY PROFILES\fR section below. |
923 | .br | 923 | .br |
924 | 924 | ||
925 | .br | 925 | .br |
@@ -928,6 +928,20 @@ Example: | |||
928 | $ firejail \-\-profile=myprofile | 928 | $ firejail \-\-profile=myprofile |
929 | 929 | ||
930 | .TP | 930 | .TP |
931 | \fB\-\-profile-path=directory | ||
932 | Use this directory to look for profile files. Use an absolute path or a path in the home directory starting with ~/. | ||
933 | For more information, see \fBSECURITY PROFILES\fR section below and \fBRELOCATING PROFILE FILES\fR in | ||
934 | \fBman 5 firejail-profile\fR. | ||
935 | .br | ||
936 | |||
937 | .br | ||
938 | Example: | ||
939 | .br | ||
940 | $ firejail \-\-profile-path=~/myprofiles | ||
941 | .br | ||
942 | $ firejail \-\-profile-path=/home/netblue/myprofiles | ||
943 | |||
944 | .TP | ||
931 | \fB\-\-protocol=protocol,protocol,protocol | 945 | \fB\-\-protocol=protocol,protocol,protocol |
932 | Enable protocol filter. The filter is based on seccomp and the first argument to socket system call. | 946 | Enable protocol filter. The filter is based on seccomp and the first argument to socket system call. |
933 | Recognized values: unix, inet, inet6, netlink and packet. | 947 | Recognized values: unix, inet, inet6, netlink and packet. |
@@ -1255,7 +1269,7 @@ Example: | |||
1255 | $ firejail \-\-tmpfs=/var | 1269 | $ firejail \-\-tmpfs=/var |
1256 | .TP | 1270 | .TP |
1257 | \fB\-\-top | 1271 | \fB\-\-top |
1258 | Monitor the most CPU-intensive sandboxes, see MONITORING section for more details. | 1272 | Monitor the most CPU-intensive sandboxes, see \fBMONITORING\fR section for more details. |
1259 | .br | 1273 | .br |
1260 | 1274 | ||
1261 | .br | 1275 | .br |
@@ -1321,7 +1335,7 @@ Dec 3 11:46:17 debian firejail[70]: blacklist violation - sandbox 26370, exe fi | |||
1321 | [...] | 1335 | [...] |
1322 | .TP | 1336 | .TP |
1323 | \fB\-\-tree | 1337 | \fB\-\-tree |
1324 | Print a tree of all sandboxed processes, see MONITORING section for more details. | 1338 | Print a tree of all sandboxed processes, see \fBMONITORING\fR section for more details. |
1325 | .br | 1339 | .br |
1326 | 1340 | ||
1327 | .br | 1341 | .br |