diff options
-rw-r--r-- | README.md | 11 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | src/firejail/usage.c | 9 | ||||
-rw-r--r-- | src/man/firejail.txt | 5 |
4 files changed, 23 insertions, 4 deletions
@@ -123,6 +123,17 @@ Check the status of the latest build here: https://travis-ci.org/netblue30/firej | |||
123 | --output-stderr=logfile | 123 | --output-stderr=logfile |
124 | Similar to --output, but stderr is also stored. | 124 | Similar to --output, but stderr is also stored. |
125 | 125 | ||
126 | --notv Disable DVB (Digital Video Broadcasting) TV devices. | ||
127 | |||
128 | Example: | ||
129 | $ firejail --notv vlc | ||
130 | |||
131 | --nodvd | ||
132 | Disable DVD and audio CD devices. | ||
133 | |||
134 | Example: | ||
135 | $ firejail --nodvd | ||
136 | |||
126 | ````` | 137 | ````` |
127 | 138 | ||
128 | ## /etc/firejail/firejail.config | 139 | ## /etc/firejail/firejail.config |
@@ -9,6 +9,8 @@ firejail (0.9.49) baseline; urgency=low | |||
9 | * enhancement: support for newer Xpra versions (2.1+) - | 9 | * enhancement: support for newer Xpra versions (2.1+) - |
10 | set "xpra-attach yes" in /etc/firejail/firejail.config | 10 | set "xpra-attach yes" in /etc/firejail/firejail.config |
11 | * enhancement: all profiles use a standard layout style | 11 | * enhancement: all profiles use a standard layout style |
12 | * enhancement: disable CDROM/DVD drive (--nodvd) | ||
13 | * enhancement: disable DVD devices (--notv) | ||
12 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, | 14 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, |
13 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, | 15 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, |
14 | * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, | 16 | * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index b9ab00eae..4de33c83d 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -148,8 +148,8 @@ void usage(void) { | |||
148 | printf("\tthe new home.\n"); | 148 | printf("\tthe new home.\n"); |
149 | printf(" --private-bin=file,file - build a new /bin in a temporary filesystem,\n"); | 149 | printf(" --private-bin=file,file - build a new /bin in a temporary filesystem,\n"); |
150 | printf("\tand copy the programs in the list.\n"); | 150 | printf("\tand copy the programs in the list.\n"); |
151 | printf(" --private-dev - create a new /dev directory. Only dri, null, full, zero,\n"); | 151 | printf(" --private-dev - create a new /dev directory with a small number of\n"); |
152 | printf("\ttty, pst, ptms, random, snd, urandom, log and shm devices are available.\n"); | 152 | printf("\tcommon device files.\n"); |
153 | printf(" --private-etc=file,directory - build a new /etc in a temporary\n"); | 153 | printf(" --private-etc=file,directory - build a new /etc in a temporary\n"); |
154 | printf("\tfilesystem, and copy the files and directories in the list.\n"); | 154 | printf("\tfilesystem, and copy the files and directories in the list.\n"); |
155 | printf(" --private-tmp - mount a tmpfs on top of /tmp directory.\n"); | 155 | printf(" --private-tmp - mount a tmpfs on top of /tmp directory.\n"); |
@@ -158,10 +158,11 @@ void usage(void) { | |||
158 | printf(" --profile-path=directory - use this directory to look for profile files.\n"); | 158 | printf(" --profile-path=directory - use this directory to look for profile files.\n"); |
159 | printf(" --protocol=protocol,protocol,protocol - enable protocol filter.\n"); | 159 | printf(" --protocol=protocol,protocol,protocol - enable protocol filter.\n"); |
160 | printf(" --protocol.print=name|pid - print the protocol filter.\n"); | 160 | printf(" --protocol.print=name|pid - print the protocol filter.\n"); |
161 | printf(" --put=name|pid src-filename dest-filename - put a file in sandbox container.\n"); | 161 | printf(" --put=name|pid src-filename dest-filename - put a file in sandbox\n"); |
162 | printf("\tcontainer.\n"); | ||
162 | printf(" --quiet - turn off Firejail's output.\n"); | 163 | printf(" --quiet - turn off Firejail's output.\n"); |
163 | printf(" --read-only=filename - set directory or file read-only..\n"); | 164 | printf(" --read-only=filename - set directory or file read-only..\n"); |
164 | printf(" --read-write=filename - set directory or file read-write..\n"); | 165 | printf(" --read-write=filename - set directory or file read-write.\n"); |
165 | printf(" --rlimit-fsize=number - set the maximum file size that can be created\n"); | 166 | printf(" --rlimit-fsize=number - set the maximum file size that can be created\n"); |
166 | printf("\tby a process.\n"); | 167 | printf("\tby a process.\n"); |
167 | printf(" --rlimit-nofile=number - set the maximum number of files that can be\n"); | 168 | printf(" --rlimit-nofile=number - set the maximum number of files that can be\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index be73429bc..0be8a1d81 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1004,6 +1004,11 @@ sandbox. For root user supplementary groups are always disabled. | |||
1004 | .br | 1004 | .br |
1005 | 1005 | ||
1006 | .br | 1006 | .br |
1007 | Note: By default all regular user groups are removed with the exception of the current user. This can be changed | ||
1008 | using \-\-allusers command option. | ||
1009 | .br | ||
1010 | |||
1011 | .br | ||
1007 | Example: | 1012 | Example: |
1008 | .br | 1013 | .br |
1009 | $ id | 1014 | $ id |