diff options
-rw-r--r-- | src/firejail/util.c | 7 | ||||
-rw-r--r-- | src/man/firejail.txt | 7 |
2 files changed, 13 insertions, 1 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index f72df9fc6..7b871ae0d 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -443,6 +443,13 @@ void extract_command_name(int index, char **argv) { | |||
443 | char *tmp = strdup(ptr); | 443 | char *tmp = strdup(ptr); |
444 | if (!tmp) | 444 | if (!tmp) |
445 | errExit("strdup"); | 445 | errExit("strdup"); |
446 | |||
447 | // limit the command to the first '.' | ||
448 | char *ptr2 = tmp; | ||
449 | while (*ptr2 != '.' && *ptr2 != '\0') | ||
450 | ptr2++; | ||
451 | *ptr2 = '\0'; | ||
452 | |||
446 | free(cfg.command_name); | 453 | free(cfg.command_name); |
447 | cfg.command_name = tmp; | 454 | cfg.command_name = tmp; |
448 | } | 455 | } |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 0adb72151..0ddd8ae1d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -431,6 +431,7 @@ $ firejail \-\-ignore=shell --ignore=seccomp firefox | |||
431 | .TP | 431 | .TP |
432 | \fB\-\-interface=interface | 432 | \fB\-\-interface=interface |
433 | Move interface in a new network namespace. Up to four --interface options can be specified. | 433 | Move interface in a new network namespace. Up to four --interface options can be specified. |
434 | Note: wlan devices are not supported for this option. | ||
434 | .br | 435 | .br |
435 | 436 | ||
436 | .br | 437 | .br |
@@ -613,6 +614,7 @@ Unless specified with option \-\-ip and \-\-defaultgw, an IP address and a defau | |||
613 | automatically to the sandbox. The IP address is verified using ARP before assignment. The address | 614 | automatically to the sandbox. The IP address is verified using ARP before assignment. The address |
614 | configured as default gateway is the bridge device IP address. Up to four \-\-net | 615 | configured as default gateway is the bridge device IP address. Up to four \-\-net |
615 | bridge devices can be defined. Mixing bridge and macvlan devices is allowed. | 616 | bridge devices can be defined. Mixing bridge and macvlan devices is allowed. |
617 | Note: wlan devices are not supported for this option. | ||
616 | .br | 618 | .br |
617 | 619 | ||
618 | .br | 620 | .br |
@@ -638,6 +640,7 @@ to the sandbox. The IP address is verified using ARP before | |||
638 | assignment. The address configured as default gateway is the | 640 | assignment. The address configured as default gateway is the |
639 | default gateway of the host. Up to four \-\-net devices can | 641 | default gateway of the host. Up to four \-\-net devices can |
640 | be defined. Mixing bridge and macvlan devices is allowed. | 642 | be defined. Mixing bridge and macvlan devices is allowed. |
643 | Note: wlan devices are not supported for this option. | ||
641 | .br | 644 | .br |
642 | 645 | ||
643 | .br | 646 | .br |
@@ -1473,6 +1476,8 @@ firejail version 0.9.27 | |||
1473 | .TP | 1476 | .TP |
1474 | \fB\-\-whitelist=dirname_or_filename | 1477 | \fB\-\-whitelist=dirname_or_filename |
1475 | Whitelist directory or file. This feature is implemented only for user home, /dev, /media, /opt, /var, and /tmp directories. | 1478 | Whitelist directory or file. This feature is implemented only for user home, /dev, /media, /opt, /var, and /tmp directories. |
1479 | When whitlisting symbolic links, both the link and the real file should be in the same top directory | ||
1480 | (home user, /media, /var etc.) | ||
1476 | .br | 1481 | .br |
1477 | 1482 | ||
1478 | .br | 1483 | .br |
@@ -1650,7 +1655,7 @@ See man 5 firejail-profile for profile file syntax information. | |||
1650 | 1655 | ||
1651 | .SH RESTRICTED SHELL | 1656 | .SH RESTRICTED SHELL |
1652 | To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in | 1657 | To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in |
1653 | /etc/password file for each user that needs to be restricted. Alternatively, | 1658 | /etc/passwd file for each user that needs to be restricted. Alternatively, |
1654 | you can specify /usr/bin/firejail in adduser command: | 1659 | you can specify /usr/bin/firejail in adduser command: |
1655 | 1660 | ||
1656 | adduser \-\-shell /usr/bin/firejail username | 1661 | adduser \-\-shell /usr/bin/firejail username |