fixes

2 files changed, 118 insertions, 0 deletions

diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt
new file mode 100644
index 000000000..55c35181a
--- /dev/null
+++ b/src/man/firejail-config.txt
@@ -0,0 +1,65 @@
+.TH FIREJAIL-CONFIG 5 "MONTH YEAR" "VERSION" "firejail.config man page"
+.SH NAME
+firejail.config \- Firejail run time configuration file
+
+.SH DESCRIPTION
+/etc/firejail/firejail.config is the system-wide configuration file for Firejail.
+It allows the system administrator to enable or disable a number of
+features and Linux kernel security technologies used by Firejail sandbox.
+The file contains keyword-argument pairs, one per line.
+Use 'yes' or 'no' as configuration values.
+
+Note that some of these features can also be enabled or disabled at compile
+time. Most features are enabled by default both at compile time and
+at run time.
+
+.TP
+\fBsecomp
+Enable or disable seccomp support, default enabled.
+
+.TP
+\fBchroot
+Enable or disable chroot support, default enabled.
+
+.TP
+\fBbind
+Enable or disable bind support, default enabled.
+
+.TP
+\fBnetwork
+Enable or disable networking features, default enabled.
+
+.TP
+\fBrestricted-network
+Enable or disable restricted network support, default disabled. If enabled,
+networking features should also be enabled (network yes).
+Restricted networking grants access to --interface and --net=ethXXX
+only to root user. Regular users are only allowed --net=none.
+
+.TP
+\fBuserns
+Enable or disable user namespace support, default enabled.
+
+.TP
+\fBx11
+Enable or disable X11 sandboxing support, default enabled.
+
+.TP
+\fBfile-transfer
+Enable or disable file transfer support, default enabled.
+
+.SH FILES
+/etc/firejail/firejail.config
+
+.SH LICENSE
+Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: http://firejail.wordpress.com
+.SH SEE ALSO
+\&\flfirejail\fR\|(1),
+\&\flfiremon\fR\|(1),
+\&\flfirejail-profile\fR\|(5)
+\&\flfirejail-login\fR\|(5)
+
+
+
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index f3c023aba..99a9429c7 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1534,6 +1534,59 @@ Example:
 .br
 $ firejail \-\-zsh
 
+.SH DESKTOP INTEGRATION
+A symbolic link to /usr/bin/firejail under the name of a program, will start the program in Firejail sandbox.
+The symbolic link should be placed in the first $PATH position. On most systems, a good place
+is /usr/local/bin directory. Example:
+.PP
+.RS
+.br
+
+.br
+Make a firefox symlink to /usr/bin/firejail:
+.br
+
+.br
+$ ln -s /usr/bin/firejail /usr/local/bin/firefox
+.br
+
+.br
+Verify $PATH
+.br
+
+.br
+$ which -a firefox
+.br
+/usr/local/bin/firefox
+.br
+/usr/bin/firefox
+.br
+
+.br
+Starting firefox in this moment, automatically invokes “firejail firefox”.
+.RE
+.br
+
+.br
+This works for clicking on desktop environment icons, menus etc. Use "firejail --tree"
+to verify the program is sandboxed.
+.PP
+.RS
+.br
+
+.br
+.br
+$ firejail --tree
+.br
+1189:netblue:firejail firefox
+.br
+  1190:netblue:firejail firefox
+.br
+    1220:netblue:/bin/sh -c "/usr/lib/firefox/firefox"  
+.br
+      1221:netblue:/usr/lib/firefox/firefox
+.RE
+
 .SH FILE TRANSFER
 These features allow the user to inspect the filesystem container of an existing sandbox
 and transfer files from the container to the host filesystem.