Add support for custom AppArmor profiles (--apparmor=)

author: Азалия Смарагдова <charming.flurry@yandex.ru> 2022-07-25 17:16:53 +0500
committer: Азалия Смарагдова <charming.flurry@yandex.ru> 2022-08-05 11:47:24 +0500
commit: 7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6 (patch)
tree: 9bcc55b6dc49357f1b7330174be4524efbb1b45c /src/man
parent: RELNOTES: add build and ci items (diff)
download: firejail-7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6.tar.gz
firejail-7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6.tar.zst
firejail-7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6.zip
2 files changed, 12 insertions, 2 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index be1f55f0f..0b0c64ec6 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -478,7 +478,11 @@ Allow tools such as strace and gdb inside the sandbox by whitelisting system cal
 #ifdef HAVE_APPARMOR
 .TP
 \fBapparmor
-Enable AppArmor confinement.
+Enable AppArmor confinement with the "firejail-default" AppArmor profile.
+.TP
+\fBapparmor profile_name
+Enable AppArmor confinement with a custom AppArmor profile.
+Note that the profile in question must already be loaded into the kernel.
 #endif
 .TP
 \fBcaps
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 087d1c85a..b783795f2 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -122,7 +122,13 @@ $ firejail --allusers
 #ifdef HAVE_APPARMOR
 .TP
 \fB\-\-apparmor
-Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below.
+Enable AppArmor confinement with the "firejail-default" AppArmor profile.
+For more information, please see \fBAPPARMOR\fR section below.
+.TP
+\fB\-\-apparmor=profile_name
+Enable AppArmor confinement with a custom AppArmor profile.
+Note that profile in question must already be loaded into the kernel.
+For more information, please see \fBAPPARMOR\fR section below.
 .TP
 \fB\-\-apparmor.print=name|pid
 Print the AppArmor confinement status for the sandbox identified by name or by PID.
author	Азалия Смарагдова <charming.flurry@yandex.ru>	2022-07-25 17:16:53 +0500
committer	Азалия Смарагдова <charming.flurry@yandex.ru>	2022-08-05 11:47:24 +0500
commit	7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6 (patch)
tree	9bcc55b6dc49357f1b7330174be4524efbb1b45c /src/man
parent	RELNOTES: add build and ci items (diff)
download	firejail-7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6.tar.gz firejail-7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6.tar.zst firejail-7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6.zip

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index be1f55f0f..0b0c64ec6 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -478,7 +478,11 @@ Allow tools such as strace and gdb inside the sandbox by whitelisting system cal
478	#ifdef HAVE_APPARMOR	478	#ifdef HAVE_APPARMOR
479	.TP	479	.TP
480	\fBapparmor	480	\fBapparmor
481	Enable AppArmor confinement.	481	Enable AppArmor confinement with the "firejail-default" AppArmor profile.
		482	.TP
		483	\fBapparmor profile_name
		484	Enable AppArmor confinement with a custom AppArmor profile.
		485	Note that the profile in question must already be loaded into the kernel.
482	#endif	486	#endif
483	.TP	487	.TP
484	\fBcaps	488	\fBcaps


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 087d1c85a..b783795f2 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -122,7 +122,13 @@ $ firejail --allusers
122	#ifdef HAVE_APPARMOR	122	#ifdef HAVE_APPARMOR
123	.TP	123	.TP
124	\fB\-\-apparmor	124	\fB\-\-apparmor
125	Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below.	125	Enable AppArmor confinement with the "firejail-default" AppArmor profile.
		126	For more information, please see \fBAPPARMOR\fR section below.
		127	.TP
		128	\fB\-\-apparmor=profile_name
		129	Enable AppArmor confinement with a custom AppArmor profile.
		130	Note that profile in question must already be loaded into the kernel.
		131	For more information, please see \fBAPPARMOR\fR section below.
126	.TP	132	.TP
127	\fB\-\-apparmor.print=name\|pid	133	\fB\-\-apparmor.print=name\|pid
128	Print the AppArmor confinement status for the sandbox identified by name or by PID.	134	Print the AppArmor confinement status for the sandbox identified by name or by PID.