diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-22 11:09:50 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-22 11:09:50 -0400 |
commit | ba231088e6bd8e4c52e372f7a4d2928ee7bf223a (patch) | |
tree | 614f1fbcbdaa6ae5ac6a2148bd13cb6073b263e7 /src/man | |
parent | --build fixes (diff) | |
download | firejail-ba231088e6bd8e4c52e372f7a4d2928ee7bf223a.tar.gz firejail-ba231088e6bd8e4c52e372f7a4d2928ee7bf223a.tar.zst firejail-ba231088e6bd8e4c52e372f7a4d2928ee7bf223a.zip |
--build: save the resulting profile in a file
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00481d4d3..2303a8bbd 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -146,7 +146,7 @@ $ firejail "\-\-blacklist=/home/username/My Virtual Machines" | |||
146 | $ firejail \-\-blacklist=/home/username/My\\ Virtual\\ Machines | 146 | $ firejail \-\-blacklist=/home/username/My\\ Virtual\\ Machines |
147 | .TP | 147 | .TP |
148 | \fB\-\-build | 148 | \fB\-\-build |
149 | The command builds a whitelisted profile. If /usr/bin/strace is installed on the system, it also | 149 | The command builds a whitelisted profile. The profile is printed on the screen. If /usr/bin/strace is installed on the system, it also |
150 | builds a whitelisted seccomp profile. The program is run in a very relaxed sandbox, | 150 | builds a whitelisted seccomp profile. The program is run in a very relaxed sandbox, |
151 | with only --caps.drop=all and --nonewprivs. Programs that raise user privileges are not supported | 151 | with only --caps.drop=all and --nonewprivs. Programs that raise user privileges are not supported |
152 | in order to allow strace to run. Chromium and Chromium-based browsers will not work. | 152 | in order to allow strace to run. Chromium and Chromium-based browsers will not work. |
@@ -155,7 +155,19 @@ in order to allow strace to run. Chromium and Chromium-based browsers will not w | |||
155 | .br | 155 | .br |
156 | Example: | 156 | Example: |
157 | .br | 157 | .br |
158 | $ firejail --build vlc ~/Videos/test.mp4 | 158 | $ firejail --build=profile-file vlc ~/Videos/test.mp4 |
159 | .TP | ||
160 | \fB\-\-build=profile-file | ||
161 | The command builds a whitelisted profile, and saves it in profile-file. If /usr/bin/strace is installed on the system, it also | ||
162 | builds a whitelisted seccomp profile. The program is run in a very relaxed sandbox, | ||
163 | with only --caps.drop=all and --nonewprivs. Programs that raise user privileges are not supported | ||
164 | in order to allow strace to run. Chromium and Chromium-based browsers will not work. | ||
165 | .br | ||
166 | |||
167 | .br | ||
168 | Example: | ||
169 | .br | ||
170 | $ firejail --build=vlc.profile vlc ~/Videos/test.mp4 | ||
159 | .TP | 171 | .TP |
160 | \fB\-c | 172 | \fB\-c |
161 | Execute command and exit. | 173 | Execute command and exit. |