diff options
author | Shahriar Heidrich <smheidrich@weltenfunktion.de> | 2024-06-10 08:06:15 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-10 06:06:15 +0000 |
commit | 630972d473bc9ce6dce86fe054d9ff5e71093190 (patch) | |
tree | d3bb12246accbf3e304640f3b0bb71501758b749 /src/man | |
parent | profiles: blacklist i3 IPC socket & dir except for i3 itself (#6361) (diff) | |
download | firejail-630972d473bc9ce6dce86fe054d9ff5e71093190.tar.gz firejail-630972d473bc9ce6dce86fe054d9ff5e71093190.tar.zst firejail-630972d473bc9ce6dce86fe054d9ff5e71093190.zip |
docs: add precedence info to manpage & fix noblacklist example (#6359)
Fixes #6358.
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.1.in | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 87bd6fcc2..fa2329d67 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in | |||
@@ -95,7 +95,12 @@ $ firejail [OPTIONS] # starting the program specified in $SHELL, | |||
95 | $ firejail [OPTIONS] firefox # starting Mozilla Firefox | 95 | $ firejail [OPTIONS] firefox # starting Mozilla Firefox |
96 | .PP | 96 | .PP |
97 | # sudo firejail [OPTIONS] /etc/init.d/nginx start | 97 | # sudo firejail [OPTIONS] /etc/init.d/nginx start |
98 | 98 | .PP | |
99 | When an option is specified multiple times (whether in a profile, on the | ||
100 | command line, or both) or conflicts with a related option, the | ||
101 | precedence/behavior is option-specific and usually documented in the | ||
102 | \fBOPTIONS\fR section below. Note that an option specified in a profile can | ||
103 | generally be disabled on the command line using \fB--ignore\fR. | ||
99 | .SH OPTIONS | 104 | .SH OPTIONS |
100 | .TP | 105 | .TP |
101 | \fB\-\- | 106 | \fB\-\- |
@@ -1729,6 +1734,16 @@ See --keep-config-pulse. | |||
1729 | Disable blacklist for this directory or file. | 1734 | Disable blacklist for this directory or file. |
1730 | .br | 1735 | .br |
1731 | 1736 | ||
1737 | Note that blacklist entries containing ${PATH} can not currently be partially | ||
1738 | disabled for individual expanded paths. Only the whole unexpanded path | ||
1739 | including ${PATH} can be disabled, which then applies to all expansions. | ||
1740 | This limitation does not apply to expansions of other variables or wildcards. | ||
1741 | For details, see | ||
1742 | .UR https://github.com/netblue30/firejail/issues/6360 | ||
1743 | #6360 | ||
1744 | .UE | ||
1745 | .br | ||
1746 | |||
1732 | .br | 1747 | .br |
1733 | Example: | 1748 | Example: |
1734 | .br | 1749 | .br |
@@ -1744,6 +1759,14 @@ $ exit | |||
1744 | .br | 1759 | .br |
1745 | $ firejail --noblacklist=/bin/nc | 1760 | $ firejail --noblacklist=/bin/nc |
1746 | .br | 1761 | .br |
1762 | bash: /bin/nc: Permission denied | ||
1763 | .br | ||
1764 | $ exit | ||
1765 | .br | ||
1766 | |||
1767 | .br | ||
1768 | $ firejail --noblacklist='${PATH}/nc' | ||
1769 | .br | ||
1747 | $ nc dict.org 2628 | 1770 | $ nc dict.org 2628 |
1748 | .br | 1771 | .br |
1749 | 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64 | 1772 | 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64 |