0.9.30-rc10.9.30-rc1

author: netblue30 <netblue30@yahoo.com> 2015-09-10 08:15:42 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-09-10 08:15:42 -0400
commit: 79db355e0ac8ef96ba499488a4beb9ad7ff9a67c (patch)
tree: c98205359224bb1a0b6f2723755ec906f210d15c /src
parent: implemented --whitelist option (diff)
download: firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.tar.gz
firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.tar.zst
firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.zip
2 files changed, 8 insertions, 2 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 116bd404a..aa8144a40 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -368,6 +368,7 @@ void env_store(const char *str);
 void env_apply(void);
 // fs_whitelist.c
+void fs_whitelist(void);
 #endif
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 1473c5889..470cade7e 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -10,7 +10,7 @@ firejail \-\-profile=filename.profile
 Several command line options can be passed to the program using
 profile files. Firejail chooses the profile file as follows:
-1. If a profile file is provided by the user with --profile option, the profile file is loaded.
+1. If a profile file is provided by the user with \-\-profile option, the profile file is loaded.
 Example:
 .PP
 .RS
@@ -120,7 +120,7 @@ Remove ifconfig command from the regular path directories.
 \f\blacklist ${HOME}/.ssh
 Remove .ssh directory from user home directory.
 .TP
-\f\ noblacklist ${HOME}/config/evince
+\f\noblacklist ${HOME}/config/evince
 Prevent any new blacklist commands from blacklisting
 config/evince in the user home directory. Useful for defining
 exceptions before including a large blacklist from a file. Note
@@ -149,6 +149,11 @@ Create a new /dev directory. Only null, full, zero, tty, pts, ptmx, random, uran
 Build a new /etc in a temporary
 filesystem, and copy the files and directories in the list.
 All modifications are discarded when the sandbox is closed.
+.TP
+\f\whitelist file_or_directory
+Build a new user home in a temporary filesystem, and mount-bind file_or_directory.
+The modifications to file_or_directory are persistent, everything else is discarded
+when the sandbox is closed.
 .SH Filters
 \fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples:
author	netblue30 <netblue30@yahoo.com>	2015-09-10 08:15:42 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-09-10 08:15:42 -0400
commit	79db355e0ac8ef96ba499488a4beb9ad7ff9a67c (patch)
tree	c98205359224bb1a0b6f2723755ec906f210d15c /src
parent	implemented --whitelist option (diff)
download	firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.tar.gz firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.tar.zst firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 116bd404a..aa8144a40 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -368,6 +368,7 @@ void env_store(const char *str);
368	void env_apply(void);	368	void env_apply(void);
369		369
370	// fs_whitelist.c	370	// fs_whitelist.c
		371	void fs_whitelist(void);
371		372
372	#endif	373	#endif
373		374


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 1473c5889..470cade7e 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -10,7 +10,7 @@ firejail \-\-profile=filename.profile
10	Several command line options can be passed to the program using	10	Several command line options can be passed to the program using
11	profile files. Firejail chooses the profile file as follows:	11	profile files. Firejail chooses the profile file as follows:
12		12
13	1. If a profile file is provided by the user with --profile option, the profile file is loaded.	13	1. If a profile file is provided by the user with \-\-profile option, the profile file is loaded.
14	Example:	14	Example:
15	.PP	15	.PP
16	.RS	16	.RS
@@ -120,7 +120,7 @@ Remove ifconfig command from the regular path directories.
120	\f\blacklist ${HOME}/.ssh	120	\f\blacklist ${HOME}/.ssh
121	Remove .ssh directory from user home directory.	121	Remove .ssh directory from user home directory.
122	.TP	122	.TP
123	\f\ noblacklist ${HOME}/config/evince	123	\f\noblacklist ${HOME}/config/evince
124	Prevent any new blacklist commands from blacklisting	124	Prevent any new blacklist commands from blacklisting
125	config/evince in the user home directory. Useful for defining	125	config/evince in the user home directory. Useful for defining
126	exceptions before including a large blacklist from a file. Note	126	exceptions before including a large blacklist from a file. Note
@@ -149,6 +149,11 @@ Create a new /dev directory. Only null, full, zero, tty, pts, ptmx, random, uran
149	Build a new /etc in a temporary	149	Build a new /etc in a temporary
150	filesystem, and copy the files and directories in the list.	150	filesystem, and copy the files and directories in the list.
151	All modifications are discarded when the sandbox is closed.	151	All modifications are discarded when the sandbox is closed.
		152	.TP
		153	\f\whitelist file_or_directory
		154	Build a new user home in a temporary filesystem, and mount-bind file_or_directory.
		155	The modifications to file_or_directory are persistent, everything else is discarded
		156	when the sandbox is closed.
152		157
153	.SH Filters	158	.SH Filters
154	\fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples:	159	\fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples: