diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-02 10:02:55 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-02 10:02:55 -0400 |
commit | d385ac9cbc829473ced46ae664cd579ba1b22e90 (patch) | |
tree | 938d5b16e6aae88d060990bb7f8e96671327662a /src/man | |
parent | fix dillo problem (diff) | |
download | firejail-d385ac9cbc829473ced46ae664cd579ba1b22e90.tar.gz firejail-d385ac9cbc829473ced46ae664cd579ba1b22e90.tar.zst firejail-d385ac9cbc829473ced46ae664cd579ba1b22e90.zip |
man page work
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index a3c39a82b..dee6476ba 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -548,7 +548,57 @@ Security filters, cgroups and cpus configurations are not applied to the process | |||
548 | \fB\-\-join-network=name | 548 | \fB\-\-join-network=name |
549 | Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. | 549 | Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. |
550 | If a program is specified, the program is run in the sandbox. This command is available only to root user. | 550 | If a program is specified, the program is run in the sandbox. This command is available only to root user. |
551 | Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. | 551 | Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. Example: |
552 | .br | ||
553 | |||
554 | .br | ||
555 | # start firefox | ||
556 | .br | ||
557 | $ firejail --net=eth0 --name=browser firefox & | ||
558 | .br | ||
559 | |||
560 | .br | ||
561 | # change netfilter configuration | ||
562 | .br | ||
563 | $ sudo firejail --join-network=browser "cat /etc/firejail/nolocal.net | /sbin/iptables-restore" | ||
564 | .br | ||
565 | |||
566 | .br | ||
567 | # verify netfilter configuration | ||
568 | .br | ||
569 | $ sudo firejail --join-network=browser "/sbin/iptables -vL" | ||
570 | .br | ||
571 | |||
572 | .br | ||
573 | # verify IP addresses | ||
574 | .br | ||
575 | $ sudo firejail --join-network=browser "ip addr" | ||
576 | .br | ||
577 | Switching to pid 1932, the first child process inside the sandbox | ||
578 | .br | ||
579 | 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default | ||
580 | .br | ||
581 | link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | ||
582 | .br | ||
583 | inet 127.0.0.1/8 scope host lo | ||
584 | .br | ||
585 | valid_lft forever preferred_lft forever | ||
586 | .br | ||
587 | inet6 ::1/128 scope host | ||
588 | .br | ||
589 | valid_lft forever preferred_lft forever | ||
590 | .br | ||
591 | 2: eth0-1931: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default | ||
592 | .br | ||
593 | link/ether 76:58:14:42:78:e4 brd ff:ff:ff:ff:ff:ff | ||
594 | .br | ||
595 | inet 192.168.1.158/24 brd 192.168.1.255 scope global eth0-1931 | ||
596 | .br | ||
597 | valid_lft forever preferred_lft forever | ||
598 | .br | ||
599 | inet6 fe80::7458:14ff:fe42:78e4/64 scope link | ||
600 | .br | ||
601 | valid_lft forever preferred_lft forever | ||
552 | 602 | ||
553 | .TP | 603 | .TP |
554 | \fB\-\-join-network=pid | 604 | \fB\-\-join-network=pid |