manpages: network configuration

author: startx2017 <vradu.startx@yandex.com> 2020-09-30 09:01:36 -0400
committer: startx2017 <vradu.startx@yandex.com> 2020-09-30 09:01:36 -0400
commit: 2e914f0940a025d971c484a9158c1eaeca9c6015 (patch)
tree: 0355492989d2e868db6d56a7027b62520862827b /src/man
parent: manpages: configuration for dbus (diff)
download: firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.tar.gz
firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.tar.zst
firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.zip
3 files changed, 42 insertions, 25 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index de34d5076..c0ced120e 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -150,9 +150,10 @@ Example: "nowhitelist ~/.config"
 Ignore command.
 Example: "ignore seccomp"
+#ifdef HAVE_NETWORK
 .br
 Example: "ignore net eth0"
+#endif
 .TP
 \fBquiet
 Disable Firejail's output. This should be the first uncommented command in the profile file.
@@ -671,6 +672,7 @@ Disable video devices.
 Run the program directly, without a shell.
+#ifdef HAVE_NETWORK
 .SH Networking
 Networking features available in profile files.
@@ -863,7 +865,7 @@ a default gateway address also have to be added.
 \fBveth-name name
 Use this name for the interface connected to the bridge for --net=bridge_interface commands,
 instead of the default one.
+#endif
 .SH Other
 .TP
 \fBdeterministic-exit-code
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index e1d55258c..1e355de8a 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -20,12 +20,14 @@ File transfer from an existing sandbox
 firejail {\-\-ls | \-\-get | \-\-put} dir_or_filename
 .RE
 .PP
+#ifdef HAVE_NETWORK
 Network traffic shaping for an existing sandbox:
 .PP
 .RS
 firejail \-\-bandwidth={name|pid} bandwidth-command
 .RE
 .PP
+#endif
 Monitoring:
 .PP
 .RS
@@ -647,7 +649,7 @@ Debug whitelisting.
 Example:
 .br
 $ firejail \-\-debug-whitelists firefox
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-defaultgw=address
 Use this address as default gateway in the new network namespace.
@@ -657,7 +659,7 @@ Use this address as default gateway in the new network namespace.
 Example:
 .br
 $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox
+#endif
 .TP
 \fB\-\-disable-mnt
 Blacklist /mnt, /media, /run/mount and /run/media access.
@@ -778,8 +780,12 @@ Ignore command in profile file.
 Example:
 .br
 $ firejail \-\-ignore=shell --ignore=seccomp firefox
+#ifdef HAVE_NETWORK
 .br
 $ firejail \-\-ignore="net eth0" firefox
+#endif
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-interface=interface
 Move interface in a new network namespace. Up to four --interface options can be specified.
@@ -901,6 +907,7 @@ for sandboxes started as root.
 Example:
 .br
 $ firejail \-\-ipc-namespace firefox
+#endif
 .TP
 \fB\-\-join=name|pid
 Join the sandbox identified by name or by PID. By default a /bin/bash shell is started after joining the sandbox.
@@ -932,7 +939,7 @@ $ firejail \-\-join=3272
 Join the mount namespace of the sandbox identified by name or PID. By default a /bin/bash shell is started after joining the sandbox.
 If a program is specified, the program is run in the sandbox. This command is available only to root user.
 Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox.
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-join-network=name|pid
 Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox.
@@ -988,7 +995,7 @@ Switching to pid 1932, the first child process inside the sandbox
    inet6 fe80::7458:14ff:fe42:78e4/64 scope link
 .br
       valid_lft forever preferred_lft forever
+#endif
 .TP
 \fB\-\-join-or-start=name
 Join the sandbox identified by name or start a new one.
@@ -1027,17 +1034,19 @@ Example:
 $ firejail \-\-list
 .br
 7015:netblue:browser:firejail firefox
+#ifdef HAVE_NETWORK
 .br
 7056:netblue:torrent:firejail \-\-net=eth0 transmission-gtk
-.br
+#endif
 #ifdef HAVE_USERNS
+.br
 7064:netblue::firejail \-\-noroot xterm
 .br
 #endif
 .TP
 \fB\-\-ls=name|pid dir_or_filename
 List files in sandbox container, see \fBFILE TRANSFER\fR section for more details.
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-mac=address
 Assign MAC addresses to the last network interface defined by a \-\-net option. This option
@@ -1048,7 +1057,7 @@ is not supported for wireless interfaces.
 Example:
 .br
 $ firejail \-\-net=eth0 \-\-mac=00:11:22:33:44:55 firefox
+#endif
 .TP
 \fB\-\-machine-id
 Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox.
@@ -1074,7 +1083,7 @@ kills it or log the attempt, see \-\-seccomp-error-action below) if necessary.
 Note: shmat is not implemented
 as a system call on some platforms including i386, and it cannot be
 handled by seccomp-bpf.
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-mtu=number
 Assign a MTU value to the last network interface defined by a \-\-net option.
@@ -1084,7 +1093,7 @@ Assign a MTU value to the last network interface defined by a \-\-net option.
 Example:
 .br
 $ firejail \-\-net=eth0 \-\-mtu=1492
+#endif
 .TP
 \fB\-\-name=name
 Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use
@@ -1109,7 +1118,7 @@ $ firejail --list
 .br
 1312:netblue:browser-1312:firejail --name=browser --private firefox --no-remote
 .br
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-net=bridge_interface
 Enable a new network namespace and connect it to this bridge interface.
@@ -1150,7 +1159,7 @@ Example:
 $ firejail \-\-net=eth0 \-\-ip=192.168.1.80 \-\-dns=8.8.8.8 firefox
 .br
 $ firejail \-\-net=wlan0 firefox
+#endif
 .TP
 \fB\-\-net=none
 Enable a new, unconnected network namespace. The only interface
@@ -1168,7 +1177,7 @@ $ firejail \-\-net=none vlc
 .br
 Note: \-\-net=none can crash the application on some platforms.
 In these cases, it can be replaced with \-\-protocol=unix.
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-net=tap_interface
 Enable a new network namespace and connect it
@@ -1282,9 +1291,6 @@ $ firejail --netfilter=/etc/firejail/nolocal.net \\
 .br
 --net=eth0 firefox
 .TP
 \fB\-\-netfilter=filename,arg1,arg2,arg3 ...
 This is the template version of the previous command. $ARG1, $ARG2, $ARG3 ... in the firewall script
@@ -1298,8 +1304,6 @@ $ firejail --net=eth0 --ip=192.168.1.105 \\
 --netfilter=/etc/firejail/tcpserver.net,5001 server-program
 .br
 .TP
 \fB\-\-netfilter.print=name|pid
 Print the firewall installed in the sandbox specified by name or PID. Example:
@@ -1363,7 +1367,7 @@ PID  User    RX(KB/s) TX(KB/s) Command
 1294 netblue 53.355   1.473    firejail \-\-net=eth0 firefox
 .br
 7383 netblue 9.045    0.112    firejail \-\-net=eth0 transmission
+#endif
 .TP
 \fB\-\-nice=value
 Set nice value for all processes running inside the sandbox.
@@ -2066,7 +2070,7 @@ Remove environment variable in the new sandbox.
 Example:
 .br
 $ firejail \-\-rmenv=DBUS_SESSION_BUS_ADDRESS
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-scan
 ARP-scan all the networks from inside a network namespace.
@@ -2077,6 +2081,7 @@ This makes it possible to detect macvlan kernel device drivers running on the cu
 Example:
 .br
 $ firejail \-\-net=eth0 \-\-scan
+#endif
 .TP
 \fB\-\-seccomp
 Enable seccomp filter and blacklist the syscalls in the default list,
@@ -2556,8 +2561,10 @@ $ firejail \-\-tree
  11904:netblue:iceweasel
 .br
    11957:netblue:/usr/lib/iceweasel/plugin-container
+#ifdef HAVE_NETWORK
 .br
 11969:netblue:firejail \-\-net=eth0 transmission-gtk
+#endif
 .br
  11970:netblue:transmission-gtk
@@ -2609,6 +2616,7 @@ Compile time support:
    - user namespace support is enabled
    - X11 sandboxing support is enabled
 .br
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-veth-name=name
 Use this name for the interface connected to the bridge for --net=bridge_interface commands,
@@ -2619,7 +2627,7 @@ instead of the default one.
 Example:
 .br
 $ firejail \-\-net=br0 --veth-name=if0
+#endif
 .TP
 \fB\-\-whitelist=dirname_or_filename
 Whitelist directory or file. A temporary file system is mounted on the top directory, and the
@@ -2987,6 +2995,7 @@ Start Firefox with a new, empty home directory.
 .TP
 \f\firejail --net=none vlc
 Start VLC in an unconnected network namespace.
+#ifdef HAVE_NETWORK
 .TP
 \f\firejail \-\-net=eth0 firefox
 Start Firefox in a new network namespace. An IP address is
@@ -2996,6 +3005,7 @@ assigned automatically.
 Start a /bin/bash session in a new network namespace and connect it
 to br0, br1, and br2 host bridge devices. IP addresses are assigned
 automatically for the interfaces connected to br1 and b2
+#endif
 .TP
 \f\firejail \-\-list
 List all sandboxed processes.
@@ -3115,7 +3125,6 @@ sandboxes.
 Option \-\-netstats prints network statistics for active sandboxes installing new network namespaces.
 Listed below are the available fields (columns) in alphabetical
 order for \-\-top and \-\-netstats options:
@@ -3233,7 +3242,7 @@ Child process initialized
 .RE
 See \fBman 5 firejail-profile\fR for profile file syntax information.
+#ifdef HAVE_NETWORK
 .SH TRAFFIC SHAPING
 Network bandwidth is an expensive resource shared among all sandboxes running on a system.
 Traffic shaping allows the user to increase network performance by controlling
@@ -3275,7 +3284,7 @@ Example:
        $ firejail \-\-bandwidth=mybrowser status
 .br
        $ firejail \-\-bandwidth=mybrowser clear eth0
+#endif
 .SH LICENSE
 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 .PP
diff --git a/src/man/firemon.txt b/src/man/firemon.txt
index 40a00ec3f..f74e56ef9 100644
--- a/src/man/firemon.txt
+++ b/src/man/firemon.txt
@@ -12,9 +12,11 @@ can run this program.
 .TP
 \fB\-\-apparmor
 Print AppArmor confinement status for each sandbox.
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-arp
 Print ARP table for each sandbox.
+#endif
 .TP
 \fB\-\-caps
 Print capabilities configuration for each sandbox.
@@ -39,15 +41,19 @@ List all sandboxes.
 .TP
 \fB\-\-name=name
 Print information only about named sandbox.
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-netstats
 Monitor network statistics for sandboxes creating a new network namespace.
+#endif
 .TP
 \fB\-\-nowrap
 Enable line wrapping in terminals. By default the lines are trimmed.
+#ifdef HAVE_NETWORK
 .TP
 \fB\-\-route
 Print route table for each sandbox.
+#endif
 .TP
 \fB\-\-seccomp
 Print seccomp configuration for each sandbox.
author	startx2017 <vradu.startx@yandex.com>	2020-09-30 09:01:36 -0400
committer	startx2017 <vradu.startx@yandex.com>	2020-09-30 09:01:36 -0400
commit	2e914f0940a025d971c484a9158c1eaeca9c6015 (patch)
tree	0355492989d2e868db6d56a7027b62520862827b /src/man
parent	manpages: configuration for dbus (diff)
download	firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.tar.gz firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.tar.zst firejail-2e914f0940a025d971c484a9158c1eaeca9c6015.zip

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index de34d5076..c0ced120e 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -150,9 +150,10 @@ Example: "nowhitelist ~/.config"
150	Ignore command.	150	Ignore command.
151		151
152	Example: "ignore seccomp"	152	Example: "ignore seccomp"
		153	#ifdef HAVE_NETWORK
153	.br	154	.br
154	Example: "ignore net eth0"	155	Example: "ignore net eth0"
155		156	#endif
156	.TP	157	.TP
157	\fBquiet	158	\fBquiet
158	Disable Firejail's output. This should be the first uncommented command in the profile file.	159	Disable Firejail's output. This should be the first uncommented command in the profile file.
@@ -671,6 +672,7 @@ Disable video devices.
671	Run the program directly, without a shell.	672	Run the program directly, without a shell.
672		673
673		674
		675	#ifdef HAVE_NETWORK
674	.SH Networking	676	.SH Networking
675	Networking features available in profile files.	677	Networking features available in profile files.
676		678
@@ -863,7 +865,7 @@ a default gateway address also have to be added.
863	\fBveth-name name	865	\fBveth-name name
864	Use this name for the interface connected to the bridge for --net=bridge_interface commands,	866	Use this name for the interface connected to the bridge for --net=bridge_interface commands,
865	instead of the default one.	867	instead of the default one.
866		868	#endif
867	.SH Other	869	.SH Other
868	.TP	870	.TP
869	\fBdeterministic-exit-code	871	\fBdeterministic-exit-code


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e1d55258c..1e355de8a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -20,12 +20,14 @@ File transfer from an existing sandbox
20	firejail {\-\-ls \| \-\-get \| \-\-put} dir_or_filename	20	firejail {\-\-ls \| \-\-get \| \-\-put} dir_or_filename
21	.RE	21	.RE
22	.PP	22	.PP
		23	#ifdef HAVE_NETWORK
23	Network traffic shaping for an existing sandbox:	24	Network traffic shaping for an existing sandbox:
24	.PP	25	.PP
25	.RS	26	.RS
26	firejail \-\-bandwidth={name\|pid} bandwidth-command	27	firejail \-\-bandwidth={name\|pid} bandwidth-command
27	.RE	28	.RE
28	.PP	29	.PP
		30	#endif
29	Monitoring:	31	Monitoring:
30	.PP	32	.PP
31	.RS	33	.RS
@@ -647,7 +649,7 @@ Debug whitelisting.
647	Example:	649	Example:
648	.br	650	.br
649	$ firejail \-\-debug-whitelists firefox	651	$ firejail \-\-debug-whitelists firefox
650		652	#ifdef HAVE_NETWORK
651	.TP	653	.TP
652	\fB\-\-defaultgw=address	654	\fB\-\-defaultgw=address
653	Use this address as default gateway in the new network namespace.	655	Use this address as default gateway in the new network namespace.
@@ -657,7 +659,7 @@ Use this address as default gateway in the new network namespace.
657	Example:	659	Example:
658	.br	660	.br
659	$ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox	661	$ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox
660		662	#endif
661	.TP	663	.TP
662	\fB\-\-disable-mnt	664	\fB\-\-disable-mnt
663	Blacklist /mnt, /media, /run/mount and /run/media access.	665	Blacklist /mnt, /media, /run/mount and /run/media access.
@@ -778,8 +780,12 @@ Ignore command in profile file.
778	Example:	780	Example:
779	.br	781	.br
780	$ firejail \-\-ignore=shell --ignore=seccomp firefox	782	$ firejail \-\-ignore=shell --ignore=seccomp firefox
		783	#ifdef HAVE_NETWORK
781	.br	784	.br
782	$ firejail \-\-ignore="net eth0" firefox	785	$ firejail \-\-ignore="net eth0" firefox
		786	#endif
		787
		788	#ifdef HAVE_NETWORK
783	.TP	789	.TP
784	\fB\-\-interface=interface	790	\fB\-\-interface=interface
785	Move interface in a new network namespace. Up to four --interface options can be specified.	791	Move interface in a new network namespace. Up to four --interface options can be specified.
@@ -901,6 +907,7 @@ for sandboxes started as root.
901	Example:	907	Example:
902	.br	908	.br
903	$ firejail \-\-ipc-namespace firefox	909	$ firejail \-\-ipc-namespace firefox
		910	#endif
904	.TP	911	.TP
905	\fB\-\-join=name\|pid	912	\fB\-\-join=name\|pid
906	Join the sandbox identified by name or by PID. By default a /bin/bash shell is started after joining the sandbox.	913	Join the sandbox identified by name or by PID. By default a /bin/bash shell is started after joining the sandbox.
@@ -932,7 +939,7 @@ $ firejail \-\-join=3272
932	Join the mount namespace of the sandbox identified by name or PID. By default a /bin/bash shell is started after joining the sandbox.	939	Join the mount namespace of the sandbox identified by name or PID. By default a /bin/bash shell is started after joining the sandbox.
933	If a program is specified, the program is run in the sandbox. This command is available only to root user.	940	If a program is specified, the program is run in the sandbox. This command is available only to root user.
934	Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox.	941	Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox.
935		942	#ifdef HAVE_NETWORK
936	.TP	943	.TP
937	\fB\-\-join-network=name\|pid	944	\fB\-\-join-network=name\|pid
938	Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox.	945	Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox.
@@ -988,7 +995,7 @@ Switching to pid 1932, the first child process inside the sandbox
988	inet6 fe80::7458:14ff:fe42:78e4/64 scope link	995	inet6 fe80::7458:14ff:fe42:78e4/64 scope link
989	.br	996	.br
990	valid_lft forever preferred_lft forever	997	valid_lft forever preferred_lft forever
991		998	#endif
992	.TP	999	.TP
993	\fB\-\-join-or-start=name	1000	\fB\-\-join-or-start=name
994	Join the sandbox identified by name or start a new one.	1001	Join the sandbox identified by name or start a new one.
@@ -1027,17 +1034,19 @@ Example:
1027	$ firejail \-\-list	1034	$ firejail \-\-list
1028	.br	1035	.br
1029	7015:netblue:browser:firejail firefox	1036	7015:netblue:browser:firejail firefox
		1037	#ifdef HAVE_NETWORK
1030	.br	1038	.br
1031	7056:netblue:torrent:firejail \-\-net=eth0 transmission-gtk	1039	7056:netblue:torrent:firejail \-\-net=eth0 transmission-gtk
1032	.br	1040	#endif
1033	#ifdef HAVE_USERNS	1041	#ifdef HAVE_USERNS
		1042	.br
1034	7064:netblue::firejail \-\-noroot xterm	1043	7064:netblue::firejail \-\-noroot xterm
1035	.br	1044	.br
1036	#endif	1045	#endif
1037	.TP	1046	.TP
1038	\fB\-\-ls=name\|pid dir_or_filename	1047	\fB\-\-ls=name\|pid dir_or_filename
1039	List files in sandbox container, see \fBFILE TRANSFER\fR section for more details.	1048	List files in sandbox container, see \fBFILE TRANSFER\fR section for more details.
1040		1049	#ifdef HAVE_NETWORK
1041	.TP	1050	.TP
1042	\fB\-\-mac=address	1051	\fB\-\-mac=address
1043	Assign MAC addresses to the last network interface defined by a \-\-net option. This option	1052	Assign MAC addresses to the last network interface defined by a \-\-net option. This option
@@ -1048,7 +1057,7 @@ is not supported for wireless interfaces.
1048	Example:	1057	Example:
1049	.br	1058	.br
1050	$ firejail \-\-net=eth0 \-\-mac=00:11:22:33:44:55 firefox	1059	$ firejail \-\-net=eth0 \-\-mac=00:11:22:33:44:55 firefox
1051		1060	#endif
1052	.TP	1061	.TP
1053	\fB\-\-machine-id	1062	\fB\-\-machine-id
1054	Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox.	1063	Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox.
@@ -1074,7 +1083,7 @@ kills it or log the attempt, see \-\-seccomp-error-action below) if necessary.
1074	Note: shmat is not implemented	1083	Note: shmat is not implemented
1075	as a system call on some platforms including i386, and it cannot be	1084	as a system call on some platforms including i386, and it cannot be
1076	handled by seccomp-bpf.	1085	handled by seccomp-bpf.
1077		1086	#ifdef HAVE_NETWORK
1078	.TP	1087	.TP
1079	\fB\-\-mtu=number	1088	\fB\-\-mtu=number
1080	Assign a MTU value to the last network interface defined by a \-\-net option.	1089	Assign a MTU value to the last network interface defined by a \-\-net option.
@@ -1084,7 +1093,7 @@ Assign a MTU value to the last network interface defined by a \-\-net option.
1084	Example:	1093	Example:
1085	.br	1094	.br
1086	$ firejail \-\-net=eth0 \-\-mtu=1492	1095	$ firejail \-\-net=eth0 \-\-mtu=1492
1087		1096	#endif
1088	.TP	1097	.TP
1089	\fB\-\-name=name	1098	\fB\-\-name=name
1090	Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use	1099	Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use
@@ -1109,7 +1118,7 @@ $ firejail --list
1109	.br	1118	.br
1110	1312:netblue:browser-1312:firejail --name=browser --private firefox --no-remote	1119	1312:netblue:browser-1312:firejail --name=browser --private firefox --no-remote
1111	.br	1120	.br
1112		1121	#ifdef HAVE_NETWORK
1113	.TP	1122	.TP
1114	\fB\-\-net=bridge_interface	1123	\fB\-\-net=bridge_interface
1115	Enable a new network namespace and connect it to this bridge interface.	1124	Enable a new network namespace and connect it to this bridge interface.
@@ -1150,7 +1159,7 @@ Example:
1150	$ firejail \-\-net=eth0 \-\-ip=192.168.1.80 \-\-dns=8.8.8.8 firefox	1159	$ firejail \-\-net=eth0 \-\-ip=192.168.1.80 \-\-dns=8.8.8.8 firefox
1151	.br	1160	.br
1152	$ firejail \-\-net=wlan0 firefox	1161	$ firejail \-\-net=wlan0 firefox
1153		1162	#endif
1154	.TP	1163	.TP
1155	\fB\-\-net=none	1164	\fB\-\-net=none
1156	Enable a new, unconnected network namespace. The only interface	1165	Enable a new, unconnected network namespace. The only interface
@@ -1168,7 +1177,7 @@ $ firejail \-\-net=none vlc
1168	.br	1177	.br
1169	Note: \-\-net=none can crash the application on some platforms.	1178	Note: \-\-net=none can crash the application on some platforms.
1170	In these cases, it can be replaced with \-\-protocol=unix.	1179	In these cases, it can be replaced with \-\-protocol=unix.
1171		1180	#ifdef HAVE_NETWORK
1172	.TP	1181	.TP
1173	\fB\-\-net=tap_interface	1182	\fB\-\-net=tap_interface
1174	Enable a new network namespace and connect it	1183	Enable a new network namespace and connect it
@@ -1282,9 +1291,6 @@ $ firejail --netfilter=/etc/firejail/nolocal.net \\
1282	.br	1291	.br
1283	--net=eth0 firefox	1292	--net=eth0 firefox
1284		1293
1285
1286
1287
1288	.TP	1294	.TP
1289	\fB\-\-netfilter=filename,arg1,arg2,arg3 ...	1295	\fB\-\-netfilter=filename,arg1,arg2,arg3 ...
1290	This is the template version of the previous command. $ARG1, $ARG2, $ARG3 ... in the firewall script	1296	This is the template version of the previous command. $ARG1, $ARG2, $ARG3 ... in the firewall script
@@ -1298,8 +1304,6 @@ $ firejail --net=eth0 --ip=192.168.1.105 \\
1298	--netfilter=/etc/firejail/tcpserver.net,5001 server-program	1304	--netfilter=/etc/firejail/tcpserver.net,5001 server-program
1299	.br	1305	.br
1300		1306
1301
1302
1303	.TP	1307	.TP
1304	\fB\-\-netfilter.print=name\|pid	1308	\fB\-\-netfilter.print=name\|pid
1305	Print the firewall installed in the sandbox specified by name or PID. Example:	1309	Print the firewall installed in the sandbox specified by name or PID. Example:
@@ -1363,7 +1367,7 @@ PID User RX(KB/s) TX(KB/s) Command
1363	1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox	1367	1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox
1364	.br	1368	.br
1365	7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission	1369	7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission
1366		1370	#endif
1367	.TP	1371	.TP
1368	\fB\-\-nice=value	1372	\fB\-\-nice=value
1369	Set nice value for all processes running inside the sandbox.	1373	Set nice value for all processes running inside the sandbox.
@@ -2066,7 +2070,7 @@ Remove environment variable in the new sandbox.
2066	Example:	2070	Example:
2067	.br	2071	.br
2068	$ firejail \-\-rmenv=DBUS_SESSION_BUS_ADDRESS	2072	$ firejail \-\-rmenv=DBUS_SESSION_BUS_ADDRESS
2069		2073	#ifdef HAVE_NETWORK
2070	.TP	2074	.TP
2071	\fB\-\-scan	2075	\fB\-\-scan
2072	ARP-scan all the networks from inside a network namespace.	2076	ARP-scan all the networks from inside a network namespace.
@@ -2077,6 +2081,7 @@ This makes it possible to detect macvlan kernel device drivers running on the cu
2077	Example:	2081	Example:
2078	.br	2082	.br
2079	$ firejail \-\-net=eth0 \-\-scan	2083	$ firejail \-\-net=eth0 \-\-scan
		2084	#endif
2080	.TP	2085	.TP
2081	\fB\-\-seccomp	2086	\fB\-\-seccomp
2082	Enable seccomp filter and blacklist the syscalls in the default list,	2087	Enable seccomp filter and blacklist the syscalls in the default list,
@@ -2556,8 +2561,10 @@ $ firejail \-\-tree
2556	11904:netblue:iceweasel	2561	11904:netblue:iceweasel
2557	.br	2562	.br
2558	11957:netblue:/usr/lib/iceweasel/plugin-container	2563	11957:netblue:/usr/lib/iceweasel/plugin-container
		2564	#ifdef HAVE_NETWORK
2559	.br	2565	.br
2560	11969:netblue:firejail \-\-net=eth0 transmission-gtk	2566	11969:netblue:firejail \-\-net=eth0 transmission-gtk
		2567	#endif
2561	.br	2568	.br
2562	11970:netblue:transmission-gtk	2569	11970:netblue:transmission-gtk
2563		2570
@@ -2609,6 +2616,7 @@ Compile time support:
2609	- user namespace support is enabled	2616	- user namespace support is enabled
2610	- X11 sandboxing support is enabled	2617	- X11 sandboxing support is enabled
2611	.br	2618	.br
		2619	#ifdef HAVE_NETWORK
2612	.TP	2620	.TP
2613	\fB\-\-veth-name=name	2621	\fB\-\-veth-name=name
2614	Use this name for the interface connected to the bridge for --net=bridge_interface commands,	2622	Use this name for the interface connected to the bridge for --net=bridge_interface commands,
@@ -2619,7 +2627,7 @@ instead of the default one.
2619	Example:	2627	Example:
2620	.br	2628	.br
2621	$ firejail \-\-net=br0 --veth-name=if0	2629	$ firejail \-\-net=br0 --veth-name=if0
2622		2630	#endif
2623	.TP	2631	.TP
2624	\fB\-\-whitelist=dirname_or_filename	2632	\fB\-\-whitelist=dirname_or_filename
2625	Whitelist directory or file. A temporary file system is mounted on the top directory, and the	2633	Whitelist directory or file. A temporary file system is mounted on the top directory, and the
@@ -2987,6 +2995,7 @@ Start Firefox with a new, empty home directory.
2987	.TP	2995	.TP
2988	\f\firejail --net=none vlc	2996	\f\firejail --net=none vlc
2989	Start VLC in an unconnected network namespace.	2997	Start VLC in an unconnected network namespace.
		2998	#ifdef HAVE_NETWORK
2990	.TP	2999	.TP
2991	\f\firejail \-\-net=eth0 firefox	3000	\f\firejail \-\-net=eth0 firefox
2992	Start Firefox in a new network namespace. An IP address is	3001	Start Firefox in a new network namespace. An IP address is
@@ -2996,6 +3005,7 @@ assigned automatically.
2996	Start a /bin/bash session in a new network namespace and connect it	3005	Start a /bin/bash session in a new network namespace and connect it
2997	to br0, br1, and br2 host bridge devices. IP addresses are assigned	3006	to br0, br1, and br2 host bridge devices. IP addresses are assigned
2998	automatically for the interfaces connected to br1 and b2	3007	automatically for the interfaces connected to br1 and b2
		3008	#endif
2999	.TP	3009	.TP
3000	\f\firejail \-\-list	3010	\f\firejail \-\-list
3001	List all sandboxed processes.	3011	List all sandboxed processes.
@@ -3115,7 +3125,6 @@ sandboxes.
3115		3125
3116	Option \-\-netstats prints network statistics for active sandboxes installing new network namespaces.	3126	Option \-\-netstats prints network statistics for active sandboxes installing new network namespaces.
3117		3127
3118
3119	Listed below are the available fields (columns) in alphabetical	3128	Listed below are the available fields (columns) in alphabetical
3120	order for \-\-top and \-\-netstats options:	3129	order for \-\-top and \-\-netstats options:
3121		3130
@@ -3233,7 +3242,7 @@ Child process initialized
3233	.RE	3242	.RE
3234		3243
3235	See \fBman 5 firejail-profile\fR for profile file syntax information.	3244	See \fBman 5 firejail-profile\fR for profile file syntax information.
3236		3245	#ifdef HAVE_NETWORK
3237	.SH TRAFFIC SHAPING	3246	.SH TRAFFIC SHAPING
3238	Network bandwidth is an expensive resource shared among all sandboxes running on a system.	3247	Network bandwidth is an expensive resource shared among all sandboxes running on a system.
3239	Traffic shaping allows the user to increase network performance by controlling	3248	Traffic shaping allows the user to increase network performance by controlling
@@ -3275,7 +3284,7 @@ Example:
3275	$ firejail \-\-bandwidth=mybrowser status	3284	$ firejail \-\-bandwidth=mybrowser status
3276	.br	3285	.br
3277	$ firejail \-\-bandwidth=mybrowser clear eth0	3286	$ firejail \-\-bandwidth=mybrowser clear eth0
3278		3287	#endif
3279	.SH LICENSE	3288	.SH LICENSE
3280	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.	3289	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
3281	.PP	3290	.PP


diff --git a/src/man/firemon.txt b/src/man/firemon.txt index 40a00ec3f..f74e56ef9 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt
@@ -12,9 +12,11 @@ can run this program.
12	.TP	12	.TP
13	\fB\-\-apparmor	13	\fB\-\-apparmor
14	Print AppArmor confinement status for each sandbox.	14	Print AppArmor confinement status for each sandbox.
		15	#ifdef HAVE_NETWORK
15	.TP	16	.TP
16	\fB\-\-arp	17	\fB\-\-arp
17	Print ARP table for each sandbox.	18	Print ARP table for each sandbox.
		19	#endif
18	.TP	20	.TP
19	\fB\-\-caps	21	\fB\-\-caps
20	Print capabilities configuration for each sandbox.	22	Print capabilities configuration for each sandbox.
@@ -39,15 +41,19 @@ List all sandboxes.
39	.TP	41	.TP
40	\fB\-\-name=name	42	\fB\-\-name=name
41	Print information only about named sandbox.	43	Print information only about named sandbox.
		44	#ifdef HAVE_NETWORK
42	.TP	45	.TP
43	\fB\-\-netstats	46	\fB\-\-netstats
44	Monitor network statistics for sandboxes creating a new network namespace.	47	Monitor network statistics for sandboxes creating a new network namespace.
		48	#endif
45	.TP	49	.TP
46	\fB\-\-nowrap	50	\fB\-\-nowrap
47	Enable line wrapping in terminals. By default the lines are trimmed.	51	Enable line wrapping in terminals. By default the lines are trimmed.
		52	#ifdef HAVE_NETWORK
48	.TP	53	.TP
49	\fB\-\-route	54	\fB\-\-route
50	Print route table for each sandbox.	55	Print route table for each sandbox.
		56	#endif
51	.TP	57	.TP
52	\fB\-\-seccomp	58	\fB\-\-seccomp
53	Print seccomp configuration for each sandbox.	59	Print seccomp configuration for each sandbox.