firejail user access database

author: netblue30 <netblue30@yahoo.com> 2018-04-08 14:29:55 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-04-08 14:29:55 -0400
commit: 75311732cc354f8c5aaf4468313822c104b50c9e (patch)
tree: e401dae3b3032ac5bd88c06122021801a5ea0a1a /src
parent: optimize seccomp.drop and seccomp= filters (diff)
download: firejail-75311732cc354f8c5aaf4468313822c104b50c9e.tar.gz
firejail-75311732cc354f8c5aaf4468313822c104b50c9e.tar.zst
firejail-75311732cc354f8c5aaf4468313822c104b50c9e.zip
7 files changed, 76 insertions, 4 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index a54607aec..b79053d3e 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -30,7 +30,7 @@ static char *usage_str =
        "The symbolic links are placed in /usr/local/bin. For more information, see\n"
        "DESKTOP INTEGRATION section in man 1 firejail.\n\n"
        "Usage: firecfg [OPTIONS]\n\n"
-        "   --add-users user [user] - add the users to Firejail access database\n"
+        "   --add-users user [user] - add the users to Firejail user access database.\n\n"
        "   --clean - remove all firejail symbolic links.\n\n"
        "   --debug - print debug messages.\n\n"
        "   --fix - fix .desktop files.\n\n"
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt
index e7a7ef6d9..fc0bbcee4 100644
--- a/src/man/firecfg.txt
+++ b/src/man/firecfg.txt
@@ -30,9 +30,31 @@ installing new programs. If the program is supported by Firejail, the symbolic l
 will be created. For a full list of programs supported by default run "cat /usr/lib/firejail/firecfg.config".
 For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR.
+.SH DEFAULT ACTIONS
+The following actions are implemented by default by running sudo firecfg:
+.RS
+- set or update the symbolic links for desktop integration;
+.br
+.br
+- add the current user to Firejail user access database (firecfg --add-users);
+.br
+.br
+-fix desktop files in $HOME/.local/share/applications/ (firecfg --fix).
+.RE
 .SH OPTIONS
 .TP
+\fB\-\-add-users user [user]
+Add the list of users to Firejail user access databaseRemove all firejail symbolic links.
+Example:
+.br
+$ sudo firecfg --add-users dustin lucas mike eleven
+.TP
 \fB\-\-clean
 Remove all firejail symbolic links.
@@ -102,3 +124,4 @@ Homepage: https://firejail.wordpress.com
 \&\flfiremon\fR\|(1),
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt
index 29030ba45..c2fa63dc4 100644
--- a/src/man/firejail-login.txt
+++ b/src/man/firejail-login.txt
@@ -1,4 +1,4 @@
-.TH FIREJAIL-LOGIN 5 "MONTH YEAR" "VERSION" "firejail login.users man page"
+.TH FIREJAIL-LOGIN 5 "MONTH YEAR" "VERSION" "login.users man page"
 .SH NAME
 login.users \- Login file syntax for Firejail
@@ -38,3 +38,4 @@ Homepage: https://firejail.wordpress.com
 \&\flfiremon\fR\|(1),
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5)
+\&\flfirejail-users\fR\|(5)
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 4b6e9766f..b529f63e3 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -232,7 +232,7 @@ All modifications are discarded when the sandbox is closed.
 .TP
 \fBprivate-lib file,directory
 Build a new /lib directory and bring in the libraries required by the application to run.
-This feature is still under development, see man 1 firejail for some examples.
+This feature is still under development, see \fBman 1 firejail\fR for some examples.
 .TP
 \fBprivate-opt file,directory
 Build a new /optin a temporary
@@ -610,3 +610,4 @@ Homepage: https://firejail.wordpress.com
 \&\flfiremon\fR\|(1),
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
diff --git a/src/man/firejail-users.txt b/src/man/firejail-users.txt
new file mode 100644
index 000000000..ac9c1f621
--- /dev/null
+++ b/src/man/firejail-users.txt
@@ -0,0 +1,45 @@
+.TH FIREJAIL-USERS 5 "MONTH YEAR" "VERSION" "firejail.users man page"
+.SH NAME
+firejail.users \- Firejail user access database
+.SH DESCRIPTION
+/etc/firejail/firejail.users lists the users allowed to run firejail SUID executable.
+If the file is not present in the system, all users are allowed to use the sandbox.
+root user is allowed by default.
+Example:
+        $ cat /etc/firejail/firejail.users
+.br
+        dustin
+.br
+        lucas
+.br
+        mike
+.br
+        eleven
+Use a text editor to add or remove users from the list. You can also use firecfg \-\-add-users
+command. Example:
+        $ sudo firecfg --add-users dusting lucas mike eleven
+By default, running firecfg creates the file and adds the current user to the list. Example:
+        $ sudo firecfg
+See \fBman 1 firecfg\fR for details.
+.SH FILES
+/etc/firejail/firejail.users
+.SH LICENSE
+Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: https://firejail.wordpress.com
+.SH SEE ALSO
+\&\flfirejail\fR\|(1),
+\&\flfiremon\fR\|(1),
+\&\flfirecfg\fR\|(1),
+\&\flfirejail-profile\fR\|(5)
+\&\flfirejail-login\fR\|(5)
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index e55d01253..6e8e4eb2c 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -2691,7 +2691,7 @@ Child process initialized
 [...]
 .RE
-See man 5 firejail-profile for profile file syntax information.
+See \fBman 5 firejail-profile\fR for profile file syntax information.
 .SH RESTRICTED SHELL
 To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in
@@ -2739,3 +2739,4 @@ Homepage: https://firejail.wordpress.com
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
diff --git a/src/man/firemon.txt b/src/man/firemon.txt
index 91c59af4d..9cae72b54 100644
--- a/src/man/firemon.txt
+++ b/src/man/firemon.txt
@@ -111,3 +111,4 @@ Homepage: http://firejail.wordpress.com
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
author	netblue30 <netblue30@yahoo.com>	2018-04-08 14:29:55 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-04-08 14:29:55 -0400
commit	75311732cc354f8c5aaf4468313822c104b50c9e (patch)
tree	e401dae3b3032ac5bd88c06122021801a5ea0a1a /src
parent	optimize seccomp.drop and seccomp= filters (diff)
download	firejail-75311732cc354f8c5aaf4468313822c104b50c9e.tar.gz firejail-75311732cc354f8c5aaf4468313822c104b50c9e.tar.zst firejail-75311732cc354f8c5aaf4468313822c104b50c9e.zip

diff --git a/src/firecfg/main.c b/src/firecfg/main.c index a54607aec..b79053d3e 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c
@@ -30,7 +30,7 @@ static char *usage_str =
30	"The symbolic links are placed in /usr/local/bin. For more information, see\n"	30	"The symbolic links are placed in /usr/local/bin. For more information, see\n"
31	"DESKTOP INTEGRATION section in man 1 firejail.\n\n"	31	"DESKTOP INTEGRATION section in man 1 firejail.\n\n"
32	"Usage: firecfg [OPTIONS]\n\n"	32	"Usage: firecfg [OPTIONS]\n\n"
33	" --add-users user [user] - add the users to Firejail access database\n"	33	" --add-users user [user] - add the users to Firejail user access database.\n\n"
34	" --clean - remove all firejail symbolic links.\n\n"	34	" --clean - remove all firejail symbolic links.\n\n"
35	" --debug - print debug messages.\n\n"	35	" --debug - print debug messages.\n\n"
36	" --fix - fix .desktop files.\n\n"	36	" --fix - fix .desktop files.\n\n"


diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index e7a7ef6d9..fc0bbcee4 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt
@@ -30,9 +30,31 @@ installing new programs. If the program is supported by Firejail, the symbolic l
30	will be created. For a full list of programs supported by default run "cat /usr/lib/firejail/firecfg.config".	30	will be created. For a full list of programs supported by default run "cat /usr/lib/firejail/firecfg.config".
31		31
32	For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR.	32	For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR.
		33	.SH DEFAULT ACTIONS
		34	The following actions are implemented by default by running sudo firecfg:
		35
		36	.RS
		37	- set or update the symbolic links for desktop integration;
		38	.br
		39
		40	.br
		41	- add the current user to Firejail user access database (firecfg --add-users);
		42	.br
		43
		44	.br
		45	-fix desktop files in $HOME/.local/share/applications/ (firecfg --fix).
		46	.RE
33		47
34	.SH OPTIONS	48	.SH OPTIONS
35	.TP	49	.TP
		50	\fB\-\-add-users user [user]
		51	Add the list of users to Firejail user access databaseRemove all firejail symbolic links.
		52
		53	Example:
		54	.br
		55	$ sudo firecfg --add-users dustin lucas mike eleven
		56
		57	.TP
36	\fB\-\-clean	58	\fB\-\-clean
37	Remove all firejail symbolic links.	59	Remove all firejail symbolic links.
38		60
@@ -102,3 +124,4 @@ Homepage: https://firejail.wordpress.com
102	\&\flfiremon\fR\\|(1),	124	\&\flfiremon\fR\\|(1),
103	\&\flfirejail-profile\fR\\|(5),	125	\&\flfirejail-profile\fR\\|(5),
104	\&\flfirejail-login\fR\\|(5)	126	\&\flfirejail-login\fR\\|(5)
		127	\&\flfirejail-users\fR\\|(5)


diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt index 29030ba45..c2fa63dc4 100644 --- a/src/man/firejail-login.txt +++ b/src/man/firejail-login.txt
@@ -1,4 +1,4 @@
1	.TH FIREJAIL-LOGIN 5 "MONTH YEAR" "VERSION" "firejail login.users man page"	1	.TH FIREJAIL-LOGIN 5 "MONTH YEAR" "VERSION" "login.users man page"
2	.SH NAME	2	.SH NAME
3	login.users \- Login file syntax for Firejail	3	login.users \- Login file syntax for Firejail
4		4
@@ -38,3 +38,4 @@ Homepage: https://firejail.wordpress.com
38	\&\flfiremon\fR\\|(1),	38	\&\flfiremon\fR\\|(1),
39	\&\flfirecfg\fR\\|(1),	39	\&\flfirecfg\fR\\|(1),
40	\&\flfirejail-profile\fR\\|(5)	40	\&\flfirejail-profile\fR\\|(5)
		41	\&\flfirejail-users\fR\\|(5)


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 4b6e9766f..b529f63e3 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -232,7 +232,7 @@ All modifications are discarded when the sandbox is closed.
232	.TP	232	.TP
233	\fBprivate-lib file,directory	233	\fBprivate-lib file,directory
234	Build a new /lib directory and bring in the libraries required by the application to run.	234	Build a new /lib directory and bring in the libraries required by the application to run.
235	This feature is still under development, see man 1 firejail for some examples.	235	This feature is still under development, see \fBman 1 firejail\fR for some examples.
236	.TP	236	.TP
237	\fBprivate-opt file,directory	237	\fBprivate-opt file,directory
238	Build a new /optin a temporary	238	Build a new /optin a temporary
@@ -610,3 +610,4 @@ Homepage: https://firejail.wordpress.com
610	\&\flfiremon\fR\\|(1),	610	\&\flfiremon\fR\\|(1),
611	\&\flfirecfg\fR\\|(1),	611	\&\flfirecfg\fR\\|(1),
612	\&\flfirejail-login\fR\\|(5)	612	\&\flfirejail-login\fR\\|(5)
		613	\&\flfirejail-users\fR\\|(5)


diff --git a/src/man/firejail-users.txt b/src/man/firejail-users.txt new file mode 100644 index 000000000..ac9c1f621 --- /dev/null +++ b/src/man/firejail-users.txt
@@ -0,0 +1,45 @@
		1	.TH FIREJAIL-USERS 5 "MONTH YEAR" "VERSION" "firejail.users man page"
		2	.SH NAME
		3	firejail.users \- Firejail user access database
		4
		5	.SH DESCRIPTION
		6	/etc/firejail/firejail.users lists the users allowed to run firejail SUID executable.
		7	If the file is not present in the system, all users are allowed to use the sandbox.
		8	root user is allowed by default.
		9
		10	Example:
		11
		12	$ cat /etc/firejail/firejail.users
		13	.br
		14	dustin
		15	.br
		16	lucas
		17	.br
		18	mike
		19	.br
		20	eleven
		21
		22	Use a text editor to add or remove users from the list. You can also use firecfg \-\-add-users
		23	command. Example:
		24
		25	$ sudo firecfg --add-users dusting lucas mike eleven
		26
		27	By default, running firecfg creates the file and adds the current user to the list. Example:
		28
		29	$ sudo firecfg
		30
		31	See \fBman 1 firecfg\fR for details.
		32
		33	.SH FILES
		34	/etc/firejail/firejail.users
		35
		36	.SH LICENSE
		37	Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
		38	.PP
		39	Homepage: https://firejail.wordpress.com
		40	.SH SEE ALSO
		41	\&\flfirejail\fR\\|(1),
		42	\&\flfiremon\fR\\|(1),
		43	\&\flfirecfg\fR\\|(1),
		44	\&\flfirejail-profile\fR\\|(5)
		45	\&\flfirejail-login\fR\\|(5)


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e55d01253..6e8e4eb2c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -2691,7 +2691,7 @@ Child process initialized
2691	[...]	2691	[...]
2692	.RE	2692	.RE
2693		2693
2694	See man 5 firejail-profile for profile file syntax information.	2694	See \fBman 5 firejail-profile\fR for profile file syntax information.
2695		2695
2696	.SH RESTRICTED SHELL	2696	.SH RESTRICTED SHELL
2697	To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in	2697	To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in
@@ -2739,3 +2739,4 @@ Homepage: https://firejail.wordpress.com
2739	\&\flfirecfg\fR\\|(1),	2739	\&\flfirecfg\fR\\|(1),
2740	\&\flfirejail-profile\fR\\|(5),	2740	\&\flfirejail-profile\fR\\|(5),
2741	\&\flfirejail-login\fR\\|(5)	2741	\&\flfirejail-login\fR\\|(5)
		2742	\&\flfirejail-users\fR\\|(5)


diff --git a/src/man/firemon.txt b/src/man/firemon.txt index 91c59af4d..9cae72b54 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt
@@ -111,3 +111,4 @@ Homepage: http://firejail.wordpress.com
111	\&\flfirecfg\fR\\|(1),	111	\&\flfirecfg\fR\\|(1),
112	\&\flfirejail-profile\fR\\|(5),	112	\&\flfirejail-profile\fR\\|(5),
113	\&\flfirejail-login\fR\\|(5)	113	\&\flfirejail-login\fR\\|(5)
		114	\&\flfirejail-users\fR\\|(5)