docs: note that blacklist/whitelist follow symlinks

Make it more explicit that they do and add an example for each command. Relates to #5338.
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2022-08-28 19:07:03 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2022-08-28 21:14:23 -0300
commit: c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2 (patch)
tree: 3082b641171ae855a19da9fc2771e96a9764dc40 /src
parent: docs: clarify symlink handling description in --whitelist (diff)
download: firejail-c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2.tar.gz
firejail-c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2.tar.zst
firejail-c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2.zip
1 files changed, 13 insertions, 2 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 00393c434..1dd5508b3 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -191,6 +191,13 @@ Blacklist directory or file. File globbing is supported, see \fBFILE GLOBBING\fR
 .br
 .br
+Symbolic link handling: Blacklisting a path that is a symbolic link will also
+blacklist the path that it points to.
+For example, if ~/foo is blacklisted and it points to /foo, then /foo will also
+be blacklisted.
+.br
+.br
 Example:
 .br
 $ firejail \-\-blacklist=/sbin \-\-blacklist=/usr/sbin
@@ -2922,8 +2929,12 @@ all directories in /usr.
 .br
 .br
-Symbolic link handling: With the exception of the user home directory, both the
+Symbolic link handling: Whitelisting a path that is a symbolic link will also
-link and the real file should be in the same top directory.
+whitelist the path that it points to.
+For example, if ~/foo is whitelisted and it points to ~/bar, then ~/bar will
+also be whitelisted.
+Restrictions: With the exception of the user home directory, both the link and
+the real file should be in the same top directory.
 For symbolic links in the user home directory, both the link and the real file
 should be owned by the user.
 .br
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2022-08-28 19:07:03 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2022-08-28 21:14:23 -0300
commit	c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2 (patch)
tree	3082b641171ae855a19da9fc2771e96a9764dc40 /src
parent	docs: clarify symlink handling description in --whitelist (diff)
download	firejail-c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2.tar.gz firejail-c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2.tar.zst firejail-c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00393c434..1dd5508b3 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -191,6 +191,13 @@ Blacklist directory or file. File globbing is supported, see \fBFILE GLOBBING\fR
191	.br	191	.br
192		192
193	.br	193	.br
		194	Symbolic link handling: Blacklisting a path that is a symbolic link will also
		195	blacklist the path that it points to.
		196	For example, if ~/foo is blacklisted and it points to /foo, then /foo will also
		197	be blacklisted.
		198	.br
		199
		200	.br
194	Example:	201	Example:
195	.br	202	.br
196	$ firejail \-\-blacklist=/sbin \-\-blacklist=/usr/sbin	203	$ firejail \-\-blacklist=/sbin \-\-blacklist=/usr/sbin
@@ -2922,8 +2929,12 @@ all directories in /usr.
2922	.br	2929	.br
2923		2930
2924	.br	2931	.br
2925	Symbolic link handling: With the exception of the user home directory, both the	2932	Symbolic link handling: Whitelisting a path that is a symbolic link will also
2926	link and the real file should be in the same top directory.	2933	whitelist the path that it points to.
		2934	For example, if ~/foo is whitelisted and it points to ~/bar, then ~/bar will
		2935	also be whitelisted.
		2936	Restrictions: With the exception of the user home directory, both the link and
		2937	the real file should be in the same top directory.
2927	For symbolic links in the user home directory, both the link and the real file	2938	For symbolic links in the user home directory, both the link and the real file
2928	should be owned by the user.	2939	should be owned by the user.
2929	.br	2940	.br