diff options
author | Glenn Washburn <development@efficientek.com> | 2018-10-10 01:08:43 -0500 |
---|---|---|
committer | Glenn Washburn <development@efficientek.com> | 2018-10-15 23:47:44 -0500 |
commit | eb42779f95a51aa00ffef62510a00dc5e7716b0d (patch) | |
tree | a8366360b4205b04a917ce3e4542496a6d734c90 /src | |
parent | Allow specifying a profile "name" with the profile option (eg. --profile=fire... (diff) | |
download | firejail-eb42779f95a51aa00ffef62510a00dc5e7716b0d.tar.gz firejail-eb42779f95a51aa00ffef62510a00dc5e7716b0d.tar.zst firejail-eb42779f95a51aa00ffef62510a00dc5e7716b0d.zip |
Update man pages and usage to reflect --profile enhancement.
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/usage.c | 2 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 13 | ||||
-rw-r--r-- | src/man/firejail.txt | 13 |
3 files changed, 24 insertions, 4 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index f54e6f744..b8f8b4f2f 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -164,7 +164,7 @@ static char *usage_str = | |||
164 | " --private-tmp - mount a tmpfs on top of /tmp directory.\n" | 164 | " --private-tmp - mount a tmpfs on top of /tmp directory.\n" |
165 | " --private-opt=file,directory - build a new /opt in a temporary filesystem.\n" | 165 | " --private-opt=file,directory - build a new /opt in a temporary filesystem.\n" |
166 | " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" | 166 | " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" |
167 | " --profile=filename - use a custom profile.\n" | 167 | " --profile=filename|profile_name - use a custom profile.\n" |
168 | " --profile.print=name|pid - print the name of profile file.\n" | 168 | " --profile.print=name|pid - print the name of profile file.\n" |
169 | " --profile-path=directory - use this directory to look for profile files.\n" | 169 | " --profile-path=directory - use this directory to look for profile files.\n" |
170 | " --protocol=protocol,protocol,protocol - enable protocol filter.\n" | 170 | " --protocol=protocol,protocol,protocol - enable protocol filter.\n" |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 17562c503..5daca8abd 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -5,12 +5,14 @@ profile \- Security profile file syntax for Firejail | |||
5 | .SH USAGE | 5 | .SH USAGE |
6 | .TP | 6 | .TP |
7 | firejail \-\-profile=filename.profile | 7 | firejail \-\-profile=filename.profile |
8 | .RE | ||
9 | firejail \-\-profile=profile_name | ||
8 | 10 | ||
9 | .SH DESCRIPTION | 11 | .SH DESCRIPTION |
10 | Several command line options can be passed to the program using | 12 | Several command line options can be passed to the program using |
11 | profile files. Firejail chooses the profile file as follows: | 13 | profile files. Firejail chooses the profile file as follows: |
12 | 14 | ||
13 | \fB1.\fR If a profile file is provided by the user with \-\-profile option, the profile file is loaded. | 15 | \fB1.\fR If a profile file is provided by the user with \-\-profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. |
14 | Example: | 16 | Example: |
15 | .PP | 17 | .PP |
16 | .RS | 18 | .RS |
@@ -21,6 +23,15 @@ Reading profile /home/netblue/icecat.profile | |||
21 | [...] | 23 | [...] |
22 | .RE | 24 | .RE |
23 | 25 | ||
26 | .PP | ||
27 | .RS | ||
28 | $ firejail --profile=icecat icecat-wrapper.sh | ||
29 | .br | ||
30 | Reading profile /home/netblue/icecat.profile | ||
31 | .br | ||
32 | [...] | ||
33 | .RE | ||
34 | |||
24 | \fB2.\fR If a profile file with the same name as the application is present in ~/.config/firejail directory or | 35 | \fB2.\fR If a profile file with the same name as the application is present in ~/.config/firejail directory or |
25 | in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: | 36 | in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: |
26 | .PP | 37 | .PP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7427b1009..5a374ac55 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1531,7 +1531,7 @@ drwxrwxrwt 2 nobody nogroup 4096 Apr 30 10:52 .X11-unix | |||
1531 | 1531 | ||
1532 | 1532 | ||
1533 | .TP | 1533 | .TP |
1534 | \fB\-\-profile=filename | 1534 | \fB\-\-profile=filename_or_profilename |
1535 | Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path. | 1535 | Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path. |
1536 | For more information, see \fBSECURITY PROFILES\fR section below. | 1536 | For more information, see \fBSECURITY PROFILES\fR section below. |
1537 | .br | 1537 | .br |
@@ -2701,7 +2701,7 @@ The owner of the sandbox. | |||
2701 | Several command line options can be passed to the program using | 2701 | Several command line options can be passed to the program using |
2702 | profile files. Firejail chooses the profile file as follows: | 2702 | profile files. Firejail chooses the profile file as follows: |
2703 | 2703 | ||
2704 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. | 2704 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. |
2705 | Example: | 2705 | Example: |
2706 | .PP | 2706 | .PP |
2707 | .RS | 2707 | .RS |
@@ -2712,6 +2712,15 @@ Reading profile /home/netblue/icecat.profile | |||
2712 | [...] | 2712 | [...] |
2713 | .RE | 2713 | .RE |
2714 | 2714 | ||
2715 | .PP | ||
2716 | .RS | ||
2717 | $ firejail --profile=icecat icecat-wrapper.sh | ||
2718 | .br | ||
2719 | Reading profile /home/netblue/icecat.profile | ||
2720 | .br | ||
2721 | [...] | ||
2722 | .RE | ||
2723 | |||
2715 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or | 2724 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or |
2716 | in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: | 2725 | in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: |
2717 | .PP | 2726 | .PP |