diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-22 07:21:50 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-22 07:21:50 -0400 |
commit | 7f84ed7a38a5f83deaab94522978cbf5b5c89465 (patch) | |
tree | d17524b1492b7c15f566137336eddf691e6676b3 /src | |
parent | added --enable-fatal-warnings (diff) | |
download | firejail-7f84ed7a38a5f83deaab94522978cbf5b5c89465.tar.gz firejail-7f84ed7a38a5f83deaab94522978cbf5b5c89465.tar.zst firejail-7f84ed7a38a5f83deaab94522978cbf5b5c89465.zip |
support net none in profile files
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/profile.c | 8 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 7 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
3 files changed, 19 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index e9a2e55a3..86db82da0 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -128,6 +128,14 @@ int profile_check_line(char *ptr, int lineno) { | |||
128 | check_netfilter_file(arg_netfilter_file); | 128 | check_netfilter_file(arg_netfilter_file); |
129 | return 0; | 129 | return 0; |
130 | } | 130 | } |
131 | else if (strcmp(ptr, "net none") == 0) { | ||
132 | arg_nonetwork = 1; | ||
133 | cfg.bridge0.configured = 0; | ||
134 | cfg.bridge1.configured = 0; | ||
135 | cfg.bridge2.configured = 0; | ||
136 | cfg.bridge3.configured = 0; | ||
137 | return 0; | ||
138 | } | ||
131 | 139 | ||
132 | // seccomp drop list on top of default list | 140 | // seccomp drop list on top of default list |
133 | if (strncmp(ptr, "seccomp ", 8) == 0) { | 141 | if (strncmp(ptr, "seccomp ", 8) == 0) { |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 7be5304c1..58ba39b00 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -180,6 +180,13 @@ netfilter filename | |||
180 | If a new network namespace is created, enabled the network filter in filename. | 180 | If a new network namespace is created, enabled the network filter in filename. |
181 | 181 | ||
182 | .TP | 182 | .TP |
183 | net none | ||
184 | Enable a new, unconnected network namespace. The only interface | ||
185 | available in the new namespace is a new loopback interface (lo). | ||
186 | Use this option to deny network access to programs that don't | ||
187 | really need network access. | ||
188 | |||
189 | .TP | ||
183 | dns address | 190 | dns address |
184 | Set a DNS server for the sandbox. Up to three DNS servers can be defined. | 191 | Set a DNS server for the sandbox. Up to three DNS servers can be defined. |
185 | 192 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 0b7ed1434..ffc698edd 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -97,6 +97,10 @@ Blacklist directory or file. | |||
97 | Example: | 97 | Example: |
98 | .br | 98 | .br |
99 | $ firejail \-\-blacklist=/sbin \-\-blacklist=/usr/sbin | 99 | $ firejail \-\-blacklist=/sbin \-\-blacklist=/usr/sbin |
100 | .br | ||
101 | $ firejail \-\-blacklist=~/.mozilla | ||
102 | .br | ||
103 | $ firejail "\-\-blacklist=My Virtual Machines" | ||
100 | .TP | 104 | .TP |
101 | \fB\-c | 105 | \fB\-c |
102 | Execute command and exit. | 106 | Execute command and exit. |