diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-20 08:19:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-20 08:19:21 -0400 |
commit | 6b0cd0a8595eb6cb68b2f22f031037b26acd13bd (patch) | |
tree | 2996b934bba33a6477550804b362b0f3fe836cec /src/man | |
parent | run time configuration support (diff) | |
download | firejail-6b0cd0a8595eb6cb68b2f22f031037b26acd13bd.tar.gz firejail-6b0cd0a8595eb6cb68b2f22f031037b26acd13bd.tar.zst firejail-6b0cd0a8595eb6cb68b2f22f031037b26acd13bd.zip |
fixes
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-config.txt | 65 | ||||
-rw-r--r-- | src/man/firejail.txt | 53 |
2 files changed, 118 insertions, 0 deletions
diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt new file mode 100644 index 000000000..55c35181a --- /dev/null +++ b/src/man/firejail-config.txt | |||
@@ -0,0 +1,65 @@ | |||
1 | .TH FIREJAIL-CONFIG 5 "MONTH YEAR" "VERSION" "firejail.config man page" | ||
2 | .SH NAME | ||
3 | firejail.config \- Firejail run time configuration file | ||
4 | |||
5 | .SH DESCRIPTION | ||
6 | /etc/firejail/firejail.config is the system-wide configuration file for Firejail. | ||
7 | It allows the system administrator to enable or disable a number of | ||
8 | features and Linux kernel security technologies used by Firejail sandbox. | ||
9 | The file contains keyword-argument pairs, one per line. | ||
10 | Use 'yes' or 'no' as configuration values. | ||
11 | |||
12 | Note that some of these features can also be enabled or disabled at compile | ||
13 | time. Most features are enabled by default both at compile time and | ||
14 | at run time. | ||
15 | |||
16 | .TP | ||
17 | \fBsecomp | ||
18 | Enable or disable seccomp support, default enabled. | ||
19 | |||
20 | .TP | ||
21 | \fBchroot | ||
22 | Enable or disable chroot support, default enabled. | ||
23 | |||
24 | .TP | ||
25 | \fBbind | ||
26 | Enable or disable bind support, default enabled. | ||
27 | |||
28 | .TP | ||
29 | \fBnetwork | ||
30 | Enable or disable networking features, default enabled. | ||
31 | |||
32 | .TP | ||
33 | \fBrestricted-network | ||
34 | Enable or disable restricted network support, default disabled. If enabled, | ||
35 | networking features should also be enabled (network yes). | ||
36 | Restricted networking grants access to --interface and --net=ethXXX | ||
37 | only to root user. Regular users are only allowed --net=none. | ||
38 | |||
39 | .TP | ||
40 | \fBuserns | ||
41 | Enable or disable user namespace support, default enabled. | ||
42 | |||
43 | .TP | ||
44 | \fBx11 | ||
45 | Enable or disable X11 sandboxing support, default enabled. | ||
46 | |||
47 | .TP | ||
48 | \fBfile-transfer | ||
49 | Enable or disable file transfer support, default enabled. | ||
50 | |||
51 | .SH FILES | ||
52 | /etc/firejail/firejail.config | ||
53 | |||
54 | .SH LICENSE | ||
55 | Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. | ||
56 | .PP | ||
57 | Homepage: http://firejail.wordpress.com | ||
58 | .SH SEE ALSO | ||
59 | \&\flfirejail\fR\|(1), | ||
60 | \&\flfiremon\fR\|(1), | ||
61 | \&\flfirejail-profile\fR\|(5) | ||
62 | \&\flfirejail-login\fR\|(5) | ||
63 | |||
64 | |||
65 | |||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f3c023aba..99a9429c7 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1534,6 +1534,59 @@ Example: | |||
1534 | .br | 1534 | .br |
1535 | $ firejail \-\-zsh | 1535 | $ firejail \-\-zsh |
1536 | 1536 | ||
1537 | .SH DESKTOP INTEGRATION | ||
1538 | A symbolic link to /usr/bin/firejail under the name of a program, will start the program in Firejail sandbox. | ||
1539 | The symbolic link should be placed in the first $PATH position. On most systems, a good place | ||
1540 | is /usr/local/bin directory. Example: | ||
1541 | .PP | ||
1542 | .RS | ||
1543 | .br | ||
1544 | |||
1545 | .br | ||
1546 | Make a firefox symlink to /usr/bin/firejail: | ||
1547 | .br | ||
1548 | |||
1549 | .br | ||
1550 | $ ln -s /usr/bin/firejail /usr/local/bin/firefox | ||
1551 | .br | ||
1552 | |||
1553 | .br | ||
1554 | Verify $PATH | ||
1555 | .br | ||
1556 | |||
1557 | .br | ||
1558 | $ which -a firefox | ||
1559 | .br | ||
1560 | /usr/local/bin/firefox | ||
1561 | .br | ||
1562 | /usr/bin/firefox | ||
1563 | .br | ||
1564 | |||
1565 | .br | ||
1566 | Starting firefox in this moment, automatically invokes “firejail firefox”. | ||
1567 | .RE | ||
1568 | .br | ||
1569 | |||
1570 | .br | ||
1571 | This works for clicking on desktop environment icons, menus etc. Use "firejail --tree" | ||
1572 | to verify the program is sandboxed. | ||
1573 | .PP | ||
1574 | .RS | ||
1575 | .br | ||
1576 | |||
1577 | .br | ||
1578 | .br | ||
1579 | $ firejail --tree | ||
1580 | .br | ||
1581 | 1189:netblue:firejail firefox | ||
1582 | .br | ||
1583 | 1190:netblue:firejail firefox | ||
1584 | .br | ||
1585 | 1220:netblue:/bin/sh -c "/usr/lib/firefox/firefox" | ||
1586 | .br | ||
1587 | 1221:netblue:/usr/lib/firefox/firefox | ||
1588 | .RE | ||
1589 | |||
1537 | .SH FILE TRANSFER | 1590 | .SH FILE TRANSFER |
1538 | These features allow the user to inspect the filesystem container of an existing sandbox | 1591 | These features allow the user to inspect the filesystem container of an existing sandbox |
1539 | and transfer files from the container to the host filesystem. | 1592 | and transfer files from the container to the host filesystem. |