diff options
author | startx2017 <vradu.startx@yandex.com> | 2020-09-02 07:33:27 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2020-09-02 07:33:27 -0400 |
commit | 3e022b77fada5fc1fe748bf8771c71ca8ffcc629 (patch) | |
tree | b4b154bdac1edc42e360759f53e5fb7fb867b7d6 /src | |
parent | harden redeclipse (diff) | |
download | firejail-3e022b77fada5fc1fe748bf8771c71ca8ffcc629.tar.gz firejail-3e022b77fada5fc1fe748bf8771c71ca8ffcc629.tar.zst firejail-3e022b77fada5fc1fe748bf8771c71ca8ffcc629.zip |
manpage: remove apparmor from non-apparor builds
Diffstat (limited to 'src')
-rw-r--r-- | src/man/Makefile.in | 2 | ||||
-rw-r--r-- | src/man/firecfg.txt | 3 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 6 | ||||
-rw-r--r-- | src/man/firejail.txt | 5 | ||||
-rw-r--r-- | src/man/preproc.c | 20 |
5 files changed, 31 insertions, 5 deletions
diff --git a/src/man/Makefile.in b/src/man/Makefile.in index 0180baee5..9d1c12fbc 100644 --- a/src/man/Makefile.in +++ b/src/man/Makefile.in | |||
@@ -11,7 +11,7 @@ preproc: $(OBJS) | |||
11 | %.man: %.txt preproc | 11 | %.man: %.txt preproc |
12 | ./preproc $(MANFLAGS) $< | 12 | ./preproc $(MANFLAGS) $< |
13 | 13 | ||
14 | clean:; rm -fr *.o preproc *.gcov *.gcda *.gcno *.plist *.man alldone | 14 | clean:; rm -fr *.o preproc *.gcov *.gcda *.gcno *.plist *.man |
15 | 15 | ||
16 | distclean: clean | 16 | distclean: clean |
17 | rm -fr Makefile | 17 | rm -fr Makefile |
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index e282c8cf0..f3123356a 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt | |||
@@ -44,9 +44,10 @@ The following actions are implemented by default by running sudo firecfg: | |||
44 | .br | 44 | .br |
45 | - fix desktop files in $HOME/.local/share/applications/ (firecfg --fix). | 45 | - fix desktop files in $HOME/.local/share/applications/ (firecfg --fix). |
46 | .br | 46 | .br |
47 | 47 | #ifdef HAVE_APPARMOR | |
48 | .br | 48 | .br |
49 | - automatically loads and forces the AppArmor profile "firejail-default". | 49 | - automatically loads and forces the AppArmor profile "firejail-default". |
50 | #endif | ||
50 | .RE | 51 | .RE |
51 | 52 | ||
52 | .SH OPTIONS | 53 | .SH OPTIONS |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 0784e7fd7..0da2a0ea7 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -369,9 +369,11 @@ The following security filters are currently implemented: | |||
369 | .TP | 369 | .TP |
370 | \fBallow-debuggers | 370 | \fBallow-debuggers |
371 | Allow tools such as strace and gdb inside the sandbox by whitelisting system calls ptrace and process_vm_readv. | 371 | Allow tools such as strace and gdb inside the sandbox by whitelisting system calls ptrace and process_vm_readv. |
372 | #ifdef HAVE_APPARMOR | ||
372 | .TP | 373 | .TP |
373 | \fBapparmor | 374 | \fBapparmor |
374 | Enable AppArmor confinement. | 375 | Enable AppArmor confinement. |
376 | #endif | ||
375 | .TP | 377 | .TP |
376 | \fBcaps | 378 | \fBcaps |
377 | Enable default Linux capabilities filter. | 379 | Enable default Linux capabilities filter. |
@@ -877,5 +879,5 @@ Homepage: https://firejail.wordpress.com | |||
877 | \&\flfirecfg\fR\|(1), | 879 | \&\flfirecfg\fR\|(1), |
878 | \&\flfirejail-login\fR\|(5), | 880 | \&\flfirejail-login\fR\|(5), |
879 | \&\flfirejail-users\fR\|(5), | 881 | \&\flfirejail-users\fR\|(5), |
880 | .UR https://github.com/netblue30/firejail/wiki/Creating-Profiles | 882 | .UR https://github.com/netblue30/firejail/wiki/Creating-Profiles |
881 | .UE | 883 | .UE |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 3b7ba4e3d..2fdf21a31 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -106,6 +106,7 @@ All directories under /home are visible inside the sandbox. By default, only cur | |||
106 | Example: | 106 | Example: |
107 | .br | 107 | .br |
108 | $ firejail --allusers | 108 | $ firejail --allusers |
109 | #ifdef HAVE_APPARMOR | ||
109 | .TP | 110 | .TP |
110 | \fB\-\-apparmor | 111 | \fB\-\-apparmor |
111 | Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. | 112 | Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. |
@@ -122,7 +123,7 @@ $ firejail \-\-apparmor.print=browser | |||
122 | 5074:netblue:/usr/bin/firejail /usr/bin/firefox-esr | 123 | 5074:netblue:/usr/bin/firejail /usr/bin/firefox-esr |
123 | .br | 124 | .br |
124 | AppArmor: firejail-default enforce | 125 | AppArmor: firejail-default enforce |
125 | 126 | #endif | |
126 | .TP | 127 | .TP |
127 | \fB\-\-appimage | 128 | \fB\-\-appimage |
128 | Sandbox an AppImage (https://appimage.org/) application. If the sandbox is started | 129 | Sandbox an AppImage (https://appimage.org/) application. If the sandbox is started |
@@ -2842,6 +2843,7 @@ Example: | |||
2842 | $ firejail --net=eth0 --x11=xephyr --xephyr-screen=640x480 firefox | 2843 | $ firejail --net=eth0 --x11=xephyr --xephyr-screen=640x480 firefox |
2843 | .br | 2844 | .br |
2844 | 2845 | ||
2846 | #ifdef HAVE_APPARMOR | ||
2845 | .SH APPARMOR | 2847 | .SH APPARMOR |
2846 | .TP | 2848 | .TP |
2847 | AppArmor support is disabled by default at compile time. Use --enable-apparmor configuration option to enable it: | 2849 | AppArmor support is disabled by default at compile time. Use --enable-apparmor configuration option to enable it: |
@@ -2884,6 +2886,7 @@ To enable AppArmor confinement on top of your current Firejail security features | |||
2884 | 2886 | ||
2885 | .br | 2887 | .br |
2886 | $ firejail --apparmor firefox | 2888 | $ firejail --apparmor firefox |
2889 | #endif | ||
2887 | 2890 | ||
2888 | .SH AUDIT | 2891 | .SH AUDIT |
2889 | Audit feature allows the user to point out gaps in security profiles. The | 2892 | Audit feature allows the user to point out gaps in security profiles. The |
diff --git a/src/man/preproc.c b/src/man/preproc.c index 34a49d335..eefa45278 100644 --- a/src/man/preproc.c +++ b/src/man/preproc.c | |||
@@ -1,3 +1,23 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2020 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
1 | #include <stdio.h> | 21 | #include <stdio.h> |
2 | #include <stdlib.h> | 22 | #include <stdlib.h> |
3 | #include <string.h> | 23 | #include <string.h> |