man: minor clarifications to man pages (#3445)

Add verbiage to the man pages clarifying that the files/directories in the lists given to options such as --private-bin must be relative to the directory that is being limited (e.g., --private-opt requires a list of files/directories that are relative to /opt). Signed-off-by: Jeff Squyres <jeff@squyres.com>
author: Jeff Squyres <jsquyres@users.noreply.github.com> 2020-06-04 13:41:32 -0400
committer: GitHub <noreply@github.com> 2020-06-04 17:41:32 +0000
commit: 40d3604f703ea07e3bb5feace23975fa766f5080 (patch)
tree: d323a2bcadf6c589ebac2eb23e62e054eacd7146 /src/man/firejail.txt
parent: firecfg: Only use fix_desktop_files automatically when run through sudo (#3382) (diff)
download: firejail-40d3604f703ea07e3bb5feace23975fa766f5080.tar.gz
firejail-40d3604f703ea07e3bb5feace23975fa766f5080.tar.zst
firejail-40d3604f703ea07e3bb5feace23975fa766f5080.zip
1 files changed, 16 insertions, 3 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 982b40d89..647569354 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1696,7 +1696,9 @@ $ firejail \-\-private=/home/netblue/firefox-home firefox
 .TP
 \fB\-\-private-bin=file,file
 Build a new /bin in a temporary filesystem, and copy the programs in the list.
-If no listed file is found, /bin directory will be empty.
+The files in the list must be expressed as relative to the /bin,
+/sbin, /usr/bin, /usr/sbin, or /usr/local/bin directories.
+If no listed files are found, /bin directory will be empty.
 The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin.
 All modifications are discarded when the sandbox is closed. File globbing is supported,
 see \fBFILE GLOBBING\fR section for more details.
@@ -1792,6 +1794,8 @@ $
 \fB\-\-private-etc=file,directory
 Build a new /etc in a temporary
 filesystem, and copy the files and directories in the list.
+The files and directories in the list must be expressed as relative to
+the /etc directory.
 If no listed file is found, /etc directory will be empty.
 All modifications are discarded when the sandbox is closed.
 .br
@@ -1801,13 +1805,16 @@ Example:
 .br
 $ firejail --private-etc=group,hostname,localtime, \\
 .br
-nsswitch.conf,passwd,resolv.conf
+nsswitch.conf,passwd,resolv.conf,default/motd-news
 .TP
 \fB\-\-private-home=file,directory
 Build a new user home in a temporary
 filesystem, and copy the files and directories in the list in the
-new home. All modifications are discarded when the sandbox is
+new home.
+The files and directories in the list must be expressed as relative to
+the current user's home directory.
+All modifications are discarded when the sandbox is
 closed.
 .br
@@ -1819,6 +1826,8 @@ $ firejail \-\-private-home=.mozilla firefox
 .TP
 \fB\-\-private-lib=file,directory
 This feature is currently under heavy development. Only amd64 platforms are supported at this moment.
+The files and directories in the list must be expressed as relative to
+the /lib directory.
 The idea is to build a new /lib in a temporary filesystem,
 with only the library files necessary to run the application.
 It could be as simple as:
@@ -1870,6 +1879,8 @@ $
 \fB\-\-private-opt=file,directory
 Build a new /opt in a temporary
 filesystem, and copy the files and directories in the list.
+The files and directories in the list must be expressed as relative to
+the /opt directory.
 If no listed file is found, /opt directory will be empty.
 All modifications are discarded when the sandbox is closed.
 .br
@@ -1883,6 +1894,8 @@ $ firejail --private-opt=firefox /opt/firefox/firefox
 \fB\-\-private-srv=file,directory
 Build a new /srv in a temporary
 filesystem, and copy the files and directories in the list.
+The files and directories in the list must be expressed as relative to
+the /srv directory.
 If no listed file is found, /srv directory will be empty.
 All modifications are discarded when the sandbox is closed.
 .br
author	Jeff Squyres <jsquyres@users.noreply.github.com>	2020-06-04 13:41:32 -0400
committer	GitHub <noreply@github.com>	2020-06-04 17:41:32 +0000
commit	40d3604f703ea07e3bb5feace23975fa766f5080 (patch)
tree	d323a2bcadf6c589ebac2eb23e62e054eacd7146 /src/man/firejail.txt
parent	firecfg: Only use fix_desktop_files automatically when run through sudo (#3382) (diff)
download	firejail-40d3604f703ea07e3bb5feace23975fa766f5080.tar.gz firejail-40d3604f703ea07e3bb5feace23975fa766f5080.tar.zst firejail-40d3604f703ea07e3bb5feace23975fa766f5080.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 982b40d89..647569354 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1696,7 +1696,9 @@ $ firejail \-\-private=/home/netblue/firefox-home firefox
1696	.TP	1696	.TP
1697	\fB\-\-private-bin=file,file	1697	\fB\-\-private-bin=file,file
1698	Build a new /bin in a temporary filesystem, and copy the programs in the list.	1698	Build a new /bin in a temporary filesystem, and copy the programs in the list.
1699	If no listed file is found, /bin directory will be empty.	1699	The files in the list must be expressed as relative to the /bin,
		1700	/sbin, /usr/bin, /usr/sbin, or /usr/local/bin directories.
		1701	If no listed files are found, /bin directory will be empty.
1700	The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin.	1702	The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin.
1701	All modifications are discarded when the sandbox is closed. File globbing is supported,	1703	All modifications are discarded when the sandbox is closed. File globbing is supported,
1702	see \fBFILE GLOBBING\fR section for more details.	1704	see \fBFILE GLOBBING\fR section for more details.
@@ -1792,6 +1794,8 @@ $
1792	\fB\-\-private-etc=file,directory	1794	\fB\-\-private-etc=file,directory
1793	Build a new /etc in a temporary	1795	Build a new /etc in a temporary
1794	filesystem, and copy the files and directories in the list.	1796	filesystem, and copy the files and directories in the list.
		1797	The files and directories in the list must be expressed as relative to
		1798	the /etc directory.
1795	If no listed file is found, /etc directory will be empty.	1799	If no listed file is found, /etc directory will be empty.
1796	All modifications are discarded when the sandbox is closed.	1800	All modifications are discarded when the sandbox is closed.
1797	.br	1801	.br
@@ -1801,13 +1805,16 @@ Example:
1801	.br	1805	.br
1802	$ firejail --private-etc=group,hostname,localtime, \\	1806	$ firejail --private-etc=group,hostname,localtime, \\
1803	.br	1807	.br
1804	nsswitch.conf,passwd,resolv.conf	1808	nsswitch.conf,passwd,resolv.conf,default/motd-news
1805		1809
1806	.TP	1810	.TP
1807	\fB\-\-private-home=file,directory	1811	\fB\-\-private-home=file,directory
1808	Build a new user home in a temporary	1812	Build a new user home in a temporary
1809	filesystem, and copy the files and directories in the list in the	1813	filesystem, and copy the files and directories in the list in the
1810	new home. All modifications are discarded when the sandbox is	1814	new home.
		1815	The files and directories in the list must be expressed as relative to
		1816	the current user's home directory.
		1817	All modifications are discarded when the sandbox is
1811	closed.	1818	closed.
1812	.br	1819	.br
1813		1820
@@ -1819,6 +1826,8 @@ $ firejail \-\-private-home=.mozilla firefox
1819	.TP	1826	.TP
1820	\fB\-\-private-lib=file,directory	1827	\fB\-\-private-lib=file,directory
1821	This feature is currently under heavy development. Only amd64 platforms are supported at this moment.	1828	This feature is currently under heavy development. Only amd64 platforms are supported at this moment.
		1829	The files and directories in the list must be expressed as relative to
		1830	the /lib directory.
1822	The idea is to build a new /lib in a temporary filesystem,	1831	The idea is to build a new /lib in a temporary filesystem,
1823	with only the library files necessary to run the application.	1832	with only the library files necessary to run the application.
1824	It could be as simple as:	1833	It could be as simple as:
@@ -1870,6 +1879,8 @@ $
1870	\fB\-\-private-opt=file,directory	1879	\fB\-\-private-opt=file,directory
1871	Build a new /opt in a temporary	1880	Build a new /opt in a temporary
1872	filesystem, and copy the files and directories in the list.	1881	filesystem, and copy the files and directories in the list.
		1882	The files and directories in the list must be expressed as relative to
		1883	the /opt directory.
1873	If no listed file is found, /opt directory will be empty.	1884	If no listed file is found, /opt directory will be empty.
1874	All modifications are discarded when the sandbox is closed.	1885	All modifications are discarded when the sandbox is closed.
1875	.br	1886	.br
@@ -1883,6 +1894,8 @@ $ firejail --private-opt=firefox /opt/firefox/firefox
1883	\fB\-\-private-srv=file,directory	1894	\fB\-\-private-srv=file,directory
1884	Build a new /srv in a temporary	1895	Build a new /srv in a temporary
1885	filesystem, and copy the files and directories in the list.	1896	filesystem, and copy the files and directories in the list.
		1897	The files and directories in the list must be expressed as relative to
		1898	the /srv directory.
1886	If no listed file is found, /srv directory will be empty.	1899	If no listed file is found, /srv directory will be empty.
1887	All modifications are discarded when the sandbox is closed.	1900	All modifications are discarded when the sandbox is closed.
1888	.br	1901	.br