diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-04-02 10:02:55 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-04-02 10:02:55 -0400 |
| commit | d385ac9cbc829473ced46ae664cd579ba1b22e90 (patch) | |
| tree | 938d5b16e6aae88d060990bb7f8e96671327662a /src | |
| parent | fix dillo problem (diff) | |
| download | firejail-d385ac9cbc829473ced46ae664cd579ba1b22e90.tar.gz firejail-d385ac9cbc829473ced46ae664cd579ba1b22e90.tar.zst firejail-d385ac9cbc829473ced46ae664cd579ba1b22e90.zip | |
man page work
Diffstat (limited to 'src')
| -rw-r--r-- | src/man/firejail.txt | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index a3c39a82b..dee6476ba 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -548,7 +548,57 @@ Security filters, cgroups and cpus configurations are not applied to the process | |||
| 548 | \fB\-\-join-network=name | 548 | \fB\-\-join-network=name |
| 549 | Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. | 549 | Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. |
| 550 | If a program is specified, the program is run in the sandbox. This command is available only to root user. | 550 | If a program is specified, the program is run in the sandbox. This command is available only to root user. |
| 551 | Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. | 551 | Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. Example: |
| 552 | .br | ||
| 553 | |||
| 554 | .br | ||
| 555 | # start firefox | ||
| 556 | .br | ||
| 557 | $ firejail --net=eth0 --name=browser firefox & | ||
| 558 | .br | ||
| 559 | |||
| 560 | .br | ||
| 561 | # change netfilter configuration | ||
| 562 | .br | ||
| 563 | $ sudo firejail --join-network=browser "cat /etc/firejail/nolocal.net | /sbin/iptables-restore" | ||
| 564 | .br | ||
| 565 | |||
| 566 | .br | ||
| 567 | # verify netfilter configuration | ||
| 568 | .br | ||
| 569 | $ sudo firejail --join-network=browser "/sbin/iptables -vL" | ||
| 570 | .br | ||
| 571 | |||
| 572 | .br | ||
| 573 | # verify IP addresses | ||
| 574 | .br | ||
| 575 | $ sudo firejail --join-network=browser "ip addr" | ||
| 576 | .br | ||
| 577 | Switching to pid 1932, the first child process inside the sandbox | ||
| 578 | .br | ||
| 579 | 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default | ||
| 580 | .br | ||
| 581 | link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | ||
| 582 | .br | ||
| 583 | inet 127.0.0.1/8 scope host lo | ||
| 584 | .br | ||
| 585 | valid_lft forever preferred_lft forever | ||
| 586 | .br | ||
| 587 | inet6 ::1/128 scope host | ||
| 588 | .br | ||
| 589 | valid_lft forever preferred_lft forever | ||
| 590 | .br | ||
| 591 | 2: eth0-1931: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default | ||
| 592 | .br | ||
| 593 | link/ether 76:58:14:42:78:e4 brd ff:ff:ff:ff:ff:ff | ||
| 594 | .br | ||
| 595 | inet 192.168.1.158/24 brd 192.168.1.255 scope global eth0-1931 | ||
| 596 | .br | ||
| 597 | valid_lft forever preferred_lft forever | ||
| 598 | .br | ||
| 599 | inet6 fe80::7458:14ff:fe42:78e4/64 scope link | ||
| 600 | .br | ||
| 601 | valid_lft forever preferred_lft forever | ||
| 552 | 602 | ||
| 553 | .TP | 603 | .TP |
| 554 | \fB\-\-join-network=pid | 604 | \fB\-\-join-network=pid |