diff options
-rw-r--r-- | src/zsh_completion/_firejail.in | 192 |
1 files changed, 96 insertions, 96 deletions
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index f58f0d4b9..3640ab129 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in | |||
@@ -28,13 +28,13 @@ _all_profiles() { | |||
28 | 28 | ||
29 | _firejail_args=( | 29 | _firejail_args=( |
30 | '*::arguments:_normal' | 30 | '*::arguments:_normal' |
31 | '(--profile)'{--profile=,--profile=}'[use a custom profile]: :_all_profiles' | 31 | '--profile=-[use a custom profile]: :_all_profiles' |
32 | '--caps[enable default Linux capabilities filter]' | 32 | '--caps[enable default Linux capabilities filter]' |
33 | '(--caps.drop)'{--caps.drop=,--caps.drop=}'[drop capabilities: all|cap1,cap2,...]: :->caps_drop' | 33 | '*--caps.drop=-[drop capabilities: all|cap1,cap2,...]: :->caps_drop' |
34 | '(--caps.keep)'{--caps.keep=,--caps.keep=}'[keep capabilities: cap1,cap2,...]: :->caps_keep' | 34 | '*--caps.keep=-[keep capabilities: cap1,cap2,...]: :->caps_keep' |
35 | '(--caps.print)'{--caps.print=,--caps.print=}'[print the caps filter name|pid]:firejail:_all_firejails' | 35 | '--caps.print=-[print the caps filter name|pid]:firejail:_all_firejails' |
36 | '--allow-debuggers[allow tools such as strace and gdb inside the sandbox]' | 36 | '--allow-debuggers[allow tools such as strace and gdb inside the sandbox]' |
37 | '(--debug)'{--debug,--debug}'[print sandbox debug messages]' | 37 | '--debug[print sandbox debug messages]' |
38 | '--debug-blacklists[debug blacklisting]' | 38 | '--debug-blacklists[debug blacklisting]' |
39 | '--debug-caps[print all recognized capabilities]' | 39 | '--debug-caps[print all recognized capabilities]' |
40 | '--debug-errnos[print all recognized error numbers]' | 40 | '--debug-errnos[print all recognized error numbers]' |
@@ -44,53 +44,53 @@ _firejail_args=( | |||
44 | '--debug-syscalls32[print all recognized 32 bit system calls]' | 44 | '--debug-syscalls32[print all recognized 32 bit system calls]' |
45 | '--debug-whitelists[debug whitelisting]' | 45 | '--debug-whitelists[debug whitelisting]' |
46 | # Ignore that you can do -? too as it's the only short option | 46 | # Ignore that you can do -? too as it's the only short option |
47 | '(--help)'{--help,--help}'[this help screen]' | 47 | '--help[this help screen]' |
48 | '--allusers[all user home directories are visible inside the sandbox]' | 48 | '--allusers[all user home directories are visible inside the sandbox]' |
49 | '--appimage[sandbox an AppImage application]' | 49 | '--appimage[sandbox an AppImage application]' |
50 | '--private[temporary home directory]' | 50 | '--private[temporary home directory]' |
51 | '(--private)'{--private=,--private=}'[use directory as user home]: : _files -/' | 51 | '--private=-[use directory as user home]: :_files -/' |
52 | '--seccomp[enable seccomp filter and apply the default blacklist]' | 52 | '--seccomp[enable seccomp filter and apply the default blacklist]: :' |
53 | '(--seccomp=)'{--seccomp=,--seccomp=}'[enable seccomp filter, blacklist the default syscall list and the syscalls specified by the command]:' | 53 | '--seccomp=-[enable seccomp filter, blacklist the default syscall list and the syscalls specified by the command]:' |
54 | '(--seccomp.print)'{--seccomp.print=,--seccomp.print=}'[print the seccomp filter for the sandbox identified by name|pid]: : _all_firejails' | 54 | '--seccomp.print=-[print the seccomp filter for the sandbox identified by name|pid]: :_all_firejails' |
55 | '--seccomp.block-secondary[build only the native architecture filters]' | 55 | '--seccomp.block-secondary[build only the native architecture filters]' |
56 | '(--seccomp.drop)'{--seccomp.drop=,--seccomp.drop=}'[enable seccomp filter, and blacklist the syscalls specified by the command]: :' | 56 | '*--seccomp.drop=-[enable seccomp filter, and blacklist the syscalls specified by the command]: :' |
57 | '(--seccomp.keep)'{--seccomp.keep=,--seccomp.keep=}'[enable seccomp filter, and whitelist the syscalls specified by the command]: :' | 57 | '*--seccomp.keep=-[enable seccomp filter, and whitelist the syscalls specified by the command]: :' |
58 | '(--seccomp.32.drop)'{--seccomp.32.drop=,--seccomp.32.drop=}'[enable seccomp filter, and blacklist the 32 bit syscalls specified by the command]: :' | 58 | '*--seccomp.32.drop=-[enable seccomp filter, and blacklist the 32 bit syscalls specified by the command]: :' |
59 | '(--seccomp.32.keep)'{--seccomp.32.keep=,--seccomp.32.keep=}'[enable seccomp filter, and whitelist the 32 bit syscalls specified by the command]: :' | 59 | '*--seccomp.32.keep=-[enable seccomp filter, and whitelist the 32 bit syscalls specified by the command]: :' |
60 | '(--seccomp-error-action)'{--seccomp-error-action=,--seccomp-error-action=}'[change error code, kill process or log the attempt]: :(ERRNO kill log)' | 60 | '--seccomp-error-action=-[change error code, kill process or log the attempt]: :(ERRNO kill log)' |
61 | '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]' | 61 | '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]' |
62 | '*'{--blacklist=,--blacklist=}'[blacklist directory or file]: : _files' | 62 | '*--blacklist=-[blacklist directory or file]: :_files' |
63 | '--writable-etc[/etc directory is mounted read-write]' | 63 | '--writable-etc[/etc directory is mounted read-write]' |
64 | '--writable-run-user[allow access to /run/user/$UID/systemd and /run/user/$UID/gnupg]' | 64 | '--writable-run-user[allow access to /run/user/$UID/systemd and /run/user/$UID/gnupg]' |
65 | '--writable-var[/var directory is mounted read-write]' | 65 | '--writable-var[/var directory is mounted read-write]' |
66 | '--writable-var-log[use the real /var/log directory, not a clone]' | 66 | '--writable-var-log[use the real /var/log directory, not a clone]' |
67 | '--build[build a whitelisted profile for the application and print it on stdout]' | 67 | '--build[build a whitelisted profile for the application and print it on stdout]' |
68 | '(--build)'{--build=,--build=}'[build a whitelisted profile for the application and save it]: : _files' | 68 | '--build=-[build a whitelisted profile for the application and save it]: :_files' |
69 | '(--fs.print)'{--fs.print=,--fs.print=}'[print the filesystem log name|pid]: : _all_firejails' | 69 | '--fs.print=-[print the filesystem log name|pid]: :_all_firejails' |
70 | '(--join)'{--join=,--join=}'[join the sandbox name|pid]: : _all_firejails' | 70 | '--join=-[join the sandbox name|pid]: :_all_firejails' |
71 | '(--join-filesystem)'{--join-filesystem=,--join-filesystem=}'[join the mount namespace name|pid]: : _all_firejails' | 71 | '--join-filesystem=-[join the mount namespace name|pid]: :_all_firejails' |
72 | '(--profile.print)'{--profile.print=,--profile.print=}'[print the name of profile file name|pid]: : _all_firejails' | 72 | '--profile.print=-[print the name of profile file name|pid]: :_all_firejails' |
73 | '(--protocol.print)'{--protocol.print=,--protocol.print=}'[print the protocol filter name|pid]: : _all_firejails' | 73 | '--protocol.print=-[print the protocol filter name|pid]: :_all_firejails' |
74 | '(--shutdown)'{--shutdown=,--shutdown=}'[shutdown the sandbox identified by name|pid]: : _all_firejails' | 74 | '--shutdown=-[shutdown the sandbox identified by name|pid]: :_all_firejails' |
75 | '(--cat)'{--cat=,--cat=}'[print content of file from sandbox container name|pid]: : _all_firejails' | 75 | '--cat=-[print content of file from sandbox container name|pid]: :_all_firejails' |
76 | '(--cpu.print)'{--cpu.print=,--cpu.print=}'[print the cpus in use name|pid]: : _all_firejails' | 76 | '--cpu.print=-[print the cpus in use name|pid]: :_all_firejails' |
77 | '--list[list all sandboxes]' | 77 | '--list[list all sandboxes]' |
78 | '(--dns)'{--dns=,--dns=}'[set DNS server]: :' | 78 | '*--dns=-[set DNS server]: :' |
79 | '*--mkdir=-[create a directory]:' | 79 | '*--mkdir=-[create a directory]:' |
80 | '*--mkfile=-[create a file]:' | 80 | '*--mkfile=-[create a file]:' |
81 | '(--protocol)'{--protocol=,--protocol=}'[enable protocol filter]: :' | 81 | '*--protocol=-[enable protocol filter]: :' |
82 | '(--join-or-start)'{--join-or-start=,--join-or-start=}'[join the sandbox or start a new one name|pid]: : _all_firejails' | 82 | '--join-or-start=-[join the sandbox or start a new one name|pid]: :_all_firejails' |
83 | '(--hosts-file)'{--hosts-file=,--hosts-file=}'[use file as /etc/hosts]: : _files' | 83 | '--hosts-file=-[use file as /etc/hosts]: :_files' |
84 | '--shell=none[run the program directly without a user shell]' | 84 | '--shell=none[run the program directly without a user shell]' |
85 | '(--shell)'{--shell=,--shell=}'[set default user shell]: : _files -g "*(*)"' | 85 | '--shell=-[set default user shell]: :_files -g "*(*)"' |
86 | '(--output)'{--output=,--output=}'[stdout logging and log rotation]: : _files' | 86 | '--output=-[stdout logging and log rotation]: :_files' |
87 | '(--output-stderr)'{--output-stderr=,--output-stderr=}'[stdout and stderr logging and log rotation]: : _files' | 87 | '--output-stderr=-[stdout and stderr logging and log rotation]: :_files' |
88 | '--no3d[disable 3D hardware acceleration]' | 88 | '--no3d[disable 3D hardware acceleration]' |
89 | '--nodvd[disable DVD and audio CD devices]' | 89 | '--nodvd[disable DVD and audio CD devices]' |
90 | '--nogroups[disable supplementary groups]' | 90 | '--nogroups[disable supplementary groups]' |
91 | '--nonewprivs[sets the NO_NEW_PRIVS prctl]' | 91 | '--nonewprivs[sets the NO_NEW_PRIVS prctl]' |
92 | '--noprofile[do not use a security profile]' | 92 | '--noprofile[do not use a security profile]' |
93 | '(--noexec)'{--noexec=,--noexec=}'[remount the file or directory noexec nosuid and nodev]: : _files' | 93 | '*--noexec=-[remount the file or directory noexec nosuid and nodev]: :_files' |
94 | '--ipc-namespace[enable a new IPC namespace]' | 94 | '--ipc-namespace[enable a new IPC namespace]' |
95 | '--keep-dev-shm[/dev/shm directory is untouched (even with --private-dev)]' | 95 | '--keep-dev-shm[/dev/shm directory is untouched (even with --private-dev)]' |
96 | '--keep-var-tmp[/var/tmp directory is untouched]' | 96 | '--keep-var-tmp[/var/tmp directory is untouched]' |
@@ -98,78 +98,78 @@ _firejail_args=( | |||
98 | '--trace[trace open, access and connect system calls]' | 98 | '--trace[trace open, access and connect system calls]' |
99 | '--tracelog[add a syslog message for every access to files or directories blacklisted by the security profile]' | 99 | '--tracelog[add a syslog message for every access to files or directories blacklisted by the security profile]' |
100 | '--tree[print a tree of all sandboxed processes]' | 100 | '--tree[print a tree of all sandboxed processes]' |
101 | '(--cpu)'{--cpu=,--cpu=}'[set cpu affinity]: :->cpus' | 101 | '--cpu=-[set cpu affinity]: :->cpus' |
102 | '--private-dev[create a new /dev directory with a small number of common device files]' | 102 | '--private-dev[create a new /dev directory with a small number of common device files]' |
103 | '--private-tmp[mount a tmpfs on top of /tmp directory]' | 103 | '--private-tmp[mount a tmpfs on top of /tmp directory]' |
104 | '--private-cwd[do not inherit working directory inside jail]' | 104 | '--private-cwd[do not inherit working directory inside jail]' |
105 | '(--private-cwd)'{--private-cwd=,--private-cwd=}'[set working directory inside jail]: : _files -/' | 105 | '--private-cwd=-[set working directory inside jail]: :_files -/' |
106 | '*'{--read-only=,--read-only=}'[set directory or file read-only]: : _files' | 106 | '*--read-only=-[set directory or file read-only]: :_files' |
107 | '*'{--read-write=,--read-write=}'[set directory or file read-write]: : _files' | 107 | '*--read-write=-[set directory or file read-write]: :_files' |
108 | '(--tmpfs)'{--tmpfs=,--tmpfs=}'[mount a tmpfs filesystem on directory dirname]: : _files -/' | 108 | '*--tmpfs=-[mount a tmpfs filesystem on directory dirname]: :_files -/' |
109 | '(--private-etc)'{--private-etc=,--private-etc=}'[build a new /etc in a temporary filesystem, and copy the files and directories in the list]: : _files' | 109 | '*--private-etc=-[build a new /etc in a temporary filesystem, and copy the files and directories in the list]: :_files' |
110 | "--deterministic-exit-code[always exit with first child's status code]" | 110 | "--deterministic-exit-code[always exit with first child's status code]" |
111 | '--machine-id[preserve /etc/machine-id]' | 111 | '--machine-id[preserve /etc/machine-id]' |
112 | # Sample values as I don't think | 112 | # Sample values as I don't think |
113 | # many would enjoy getting a list from -20..20 | 113 | # many would enjoy getting a list from -20..20 |
114 | '(--nice)'{--nice=,--nice=}'[set nice value]: :(1 10 15 20)' | 114 | '--nice=-[set nice value]: :(1 10 15 20)' |
115 | # Should be _files, a comma and files or files -/ | 115 | # Should be _files, a comma and files or files -/ |
116 | '*'{--bind=,--bind=}'[mount-bind dirname1/filename1 on top of dirname2/filename2]: :(file1,file2 dir1,dir2)' | 116 | '*--bind=-[mount-bind dirname1/filename1 on top of dirname2/filename2]: :(file1,file2 dir1,dir2)' |
117 | '(--cgroup)'{--cgroup=,--cgroup=}'[place the sandbox in the specified control group]: :' | 117 | '--cgroup=-[place the sandbox in the specified control group]: :' |
118 | '*'{--env=,--env=}'[set environment variable]: :' | 118 | '*--env=-[set environment variable]: :' |
119 | '(--hostname)'{--hostname=,--hostname=}'[set sandbox hostname]: :' | 119 | '--hostname=-[set sandbox hostname]: :' |
120 | '(--ignore)'{--ignore=,--ignore=}'[ignore command in profile files]: :' | 120 | '*--ignore=-[ignore command in profile files]: :' |
121 | '(--name)'{--name=,--name=}'[set sandbox name]: :' | 121 | '--name=-[set sandbox name]: :' |
122 | '(--rlimit-as)'{--rlimit-as=,--rlimit-as=}"[set the maximum size of the process's virtual memory (address space) in bytes]: :" | 122 | '(--rlimit-as)'{--rlimit-as=,--rlimit-as=}"[set the maximum size of the process's virtual memory (address space) in bytes]: :" |
123 | '(--rlimit-cpu)'{--rlimit-cpu=,--rlimit-cpu=}'[set the maximum CPU time in seconds]: :' | 123 | '(--rlimit-cpu)'{--rlimit-cpu=,--rlimit-cpu=}'[set the maximum CPU time in seconds]: :' |
124 | '(--rlimit-fsize)'{--rlimit-fsize=,--rlimit-fsize=}'[set the maximum file size that can be created by a process]: :' | 124 | '(--rlimit-fsize)'{--rlimit-fsize=,--rlimit-fsize=}'[set the maximum file size that can be created by a process]: :' |
125 | '(--rlimit-nofile)'{--rlimit-nofile=,--rlimit-nofile=}'[set the maximum number of files that can be opened by a process]: :' | 125 | '(--rlimit-nofile)'{--rlimit-nofile=,--rlimit-nofile=}'[set the maximum number of files that can be opened by a process]: :' |
126 | '(--rlimit-nproc)'{--rlimit-nproc=,--rlimit-nproc=}'[set the maximum number of processes that can be created for the real user ID of the calling process]: :' | 126 | '(--rlimit-nproc)'{--rlimit-nproc=,--rlimit-nproc=}'[set the maximum number of processes that can be created for the real user ID of the calling process]: :' |
127 | '(--rlimit-sigpending)'{--rlimit-sigpending=,--rlimit-sigpending=}'[set the maximum number of pending signals for a process]: :' | 127 | '(--rlimit-sigpending)'{--rlimit-sigpending=,--rlimit-sigpending=}'[set the maximum number of pending signals for a process]: :' |
128 | '*'{--rmenv=,--rmenv=}'[remove environment variable in the new sandbox]: :' | 128 | '*--rmenv=-[remove environment variable in the new sandbox]: :' |
129 | '(--timeout)'{--timeout=,--timeout=}'[kill the sandbox automatically after the time has elapsed]: :(hh\:mm\:ss)' | 129 | '--timeout=-[kill the sandbox automatically after the time has elapsed]: :(hh\:mm\:ss)' |
130 | "--quiet[turn off Firejail's output.]" | 130 | "--quiet[turn off Firejail's output.]" |
131 | '--version[print program version and exit]' | 131 | '--version[print program version and exit]' |
132 | #ifdef HAVE_APPARMOR | 132 | #ifdef HAVE_APPARMOR |
133 | '--apparmor[enable AppArmor confinement]' | 133 | '--apparmor[enable AppArmor confinement]' |
134 | '(--apparmor.print=)'{--apparmor.print=,--apparmor.print=}'[print apparmor status name|pid]:firejail:_all_firejails' | 134 | '--apparmor.print=-[print apparmor status name|pid]:firejail:_all_firejails' |
135 | #endif | 135 | #endif |
136 | #ifdef HAVE_CHROOT | 136 | #ifdef HAVE_CHROOT |
137 | '(--chroot)'{--chroot=,--chroot=}'[chroot into directory]: : _files -/' | 137 | '--chroot=-[chroot into directory]: :_files -/' |
138 | #endif | 138 | #endif |
139 | #ifdef HAVE_FILE_TRANSFER | 139 | #ifdef HAVE_FILE_TRANSFER |
140 | '(--get)'{--get=,--get=}'[get a file from sandbox container name|pid]: : _all_firejails' | 140 | '--get=-[get a file from sandbox container name|pid]: :_all_firejails' |
141 | # --put=name|pid src-filename dest-filename - put a file in sandbox container. | 141 | # --put=name|pid src-filename dest-filename - put a file in sandbox container. |
142 | '(--put)'{--put=,--put=}'[put a file in sandbox container]: :' | 142 | '--put=-[put a file in sandbox container]: :' |
143 | '(--ls)'{--ls=,--ls=}'[list files in sandbox container name|pid]: : _all_firejails' | 143 | '--ls=-[list files in sandbox container name|pid]: :_all_firejails' |
144 | #endif | 144 | #endif |
145 | #ifdef HAVE_NETWORK | 145 | #ifdef HAVE_NETWORK |
146 | # '--net=none[enable a new, unconnected network namespace]' | 146 | # '--net=none[enable a new, unconnected network namespace]' |
147 | '(--net)'{--net=,--net=}'[enable network namespaces and connect to this bridge or Ethernet interface (or none to disable)]: :->net_or_none' | 147 | '(--net)'{--net=,--net=}'[enable network namespaces and connect to this bridge or Ethernet interface (or none to disable)]: :->net_or_none' |
148 | '(--net.print)'{--net.print=,--net.print=}'[print network interface configuration name|pid]: : _all_firejails' | 148 | '--net.print=-[print network interface configuration name|pid]: :_all_firejails' |
149 | '(--netfilter.print)'{--netfilter.print=,--netfilter.print=}'[print the firewall name|pid]: : _all_firejails' | 149 | '--netfilter.print=-[print the firewall name|pid]: :_all_firejails' |
150 | '(--netfilter6.print)'{--netfilter6.print=,--netfilter6.print=}'[print the IPv6 firewall name|pid]: : _all_firejails' | 150 | '--netfilter6.print=-[print the IPv6 firewall name|pid]: :_all_firejails' |
151 | '--netstats[monitor network statistics]' | 151 | '--netstats[monitor network statistics]' |
152 | '(--netmask)'{--netmask=,--netmask=}'[define a network mask when dealing with unconfigured parrent interfaces]: :' | 152 | '--netmask=-[define a network mask when dealing with unconfigured parrent interfaces]: :' |
153 | '(--netns)'{--netns=,--netns=}'[Run the program in a named, persistent network namespace]: :' | 153 | '--netns=-[Run the program in a named, persistent network namespace]: :' |
154 | '(--netfilter)'{--netfilter=,--netfilter=}'[enable firewall]: :' | 154 | '--netfilter=-[enable firewall]: :' |
155 | '(--netfilter6)'{--netfilter6=,--netfilter6=}'[enable IPv6 firewall]: :' | 155 | '--netfilter6=-[enable IPv6 firewall]: :' |
156 | '(--veth-name)'{--veth-name=,--veth-name=}'[use this name for the interface connected to the bridge]: :' | 156 | '--veth-name=-[use this name for the interface connected to the bridge]: :' |
157 | '(--join-network)'{--join-network=,--join-network=}'[join the network namespace name|pid]: : _all_firejails' | 157 | '--join-network=-[join the network namespace name|pid]: :_all_firejails' |
158 | '(--defaultgw)'{--defaultgw=,--defaultgw=}'[configure default gateway]: :' | 158 | '--defaultgw=[configure default gateway]: :' |
159 | '(--ip)'{--ip=,--ip=}'[set interface IP address none|dhcp|ADDRESS]: :(none dhcp)' | 159 | '--ip=-[set interface IP address none|dhcp|ADDRESS]: :(none dhcp)' |
160 | '(--dns.print)'{--dns.print=,--dns.print=}'[print DNS configuration name|pid]: : _all_firejails' | 160 | '--dns.print=-[print DNS configuration name|pid]: :_all_firejails' |
161 | '(--interface)'{--interface=,--interface=}'[move interface in sandbox]: :' | 161 | '--interface=-[move interface in sandbox]: :' |
162 | '(--ip6)'{--ip6=,--ip6=}'[set interface IPv6 address or use dhcp via dhclient]: :(dhcp)' | 162 | '--ip6=-[set interface IPv6 address or use dhcp via dhclient]: :(dhcp)' |
163 | '(--iprange)'{--iprange=,--iprange=}'[configure an IP address in this range]: :' | 163 | '--iprange=-[configure an IP address in this range]: :' |
164 | '(--mac)'{--mac=,--mac=}'[set interface MAC address]: :(xx\:xx\:xx\:xx\:xx\:xx)' | 164 | '--mac=-[set interface MAC address]: :(xx\:xx\:xx\:xx\:xx\:xx)' |
165 | '(--mtu)'{--mtu=,--mtu=}'[set interface MTU]: :' | 165 | '--mtu=-[set interface MTU]: :' |
166 | '--scan[ARP-scan all the networks from inside a network namespace]' | 166 | '--scan[ARP-scan all the networks from inside a network namespace]' |
167 | '(--bandwidth)'{--bandwidth=,--bandwidth=}'[set bandwidth limits name|pid]: : _all_firejails' | 167 | '--bandwidth=-[set bandwidth limits name|pid]: :_all_firejails' |
168 | #endif | 168 | #endif |
169 | #ifdef HAVE_X11 | 169 | #ifdef HAVE_X11 |
170 | '--x11[enable X11 sandboxing. The software checks first if Xpra is installed, then it checks if Xephyr is installed. If all fails, it will attempt to use X11 security extension]' | 170 | '--x11[enable X11 sandboxing. The software checks first if Xpra is installed, then it checks if Xephyr is installed. If all fails, it will attempt to use X11 security extension]' |
171 | '(--x11)'{--x11=,--x11=}'[disable or enable specific X11 server]: :(none xephyr xorg xpra xvfb)' | 171 | '--x11=-[disable or enable specific X11 server]: :(none xephyr xorg xpra xvfb)' |
172 | '(--xephyr-screen)'{--xephyr-screen=,--xephyr-screen=}'[set screen size for --x11=xephyr]: :(WIDTHxHEIGHT)' | 172 | '--xephyr-screen=-[set screen size for --x11=xephyr]: :(WIDTHxHEIGHT)' |
173 | #endif | 173 | #endif |
174 | #ifdef HAVE_USERNS | 174 | #ifdef HAVE_USERNS |
175 | '--noroot[install a user namespace with only the current user]' | 175 | '--noroot[install a user namespace with only the current user]' |
@@ -180,45 +180,45 @@ _firejail_args=( | |||
180 | '--nou2f[disable U2F devices]' | 180 | '--nou2f[disable U2F devices]' |
181 | #ifdef HAVE_OVERLAYFS | 181 | #ifdef HAVE_OVERLAYFS |
182 | '--overlay[mount a filesystem overlay on top of the current filesystem]' | 182 | '--overlay[mount a filesystem overlay on top of the current filesystem]' |
183 | '(--overlay-named)'{--overlay-named=,--overlay-named=}'[mount a filesystem overlay on top of the current filesystem, and store it in name directory]: : _files -/' | 183 | '--overlay-named=-[mount a filesystem overlay on top of the current filesystem, and store it in name directory]: :_files -/' |
184 | '--overlay-tmpfs[mount a temporary filesystem overlay on top of the current filesystem]' | 184 | '--overlay-tmpfs[mount a temporary filesystem overlay on top of the current filesystem]' |
185 | '--overlay-clean[clean all overlays stored in $HOME/.firejail directory]' | 185 | '--overlay-clean[clean all overlays stored in $HOME/.firejail directory]' |
186 | #endif | 186 | #endif |
187 | #ifdef HAVE_WHITELIST | 187 | #ifdef HAVE_WHITELIST |
188 | '(--nowhitelist)'{--nowhitelist=,--nowhitelist=}'[disable whitelist for file or directory]: : _files' | 188 | '*--nowhitelist=-[disable whitelist for file or directory]: :_files' |
189 | '*'{--whitelist=,--whitelist=}'[whitelist directory or file]: : _files' | 189 | '*--whitelist=-[whitelist directory or file]: :_files' |
190 | #endif | 190 | #endif |
191 | '(--noblacklist)'{--noblacklist=,--noblacklist=}'[disable blacklist for file or directory]: : _files' | 191 | '--noblacklist=-[disable blacklist for file or directory]: :_files' |
192 | #ifdef HAVE_DBUSPROXY | 192 | #ifdef HAVE_DBUSPROXY |
193 | '(--dbus-system)'{--dbus-system=,--dbus-system=}'[set system DBus access policy or none]: :' | 193 | '--dbus-system=-[set system DBus access policy or none]: :' |
194 | '(--dbus-system.broadcast)'{--dbus-system.broadcast=,--dbus-system.broadcast=}'[allow signals on the system DBus according to rule]: :' | 194 | '--dbus-system.broadcast=-[allow signals on the system DBus according to rule]: :' |
195 | '(--dbus-system.call)'{--dbus-system.call=,--dbus-system.call=}'[allow calls on the system DBus according to rule]: :' | 195 | '--dbus-system.call=-[allow calls on the system DBus according to rule]: :' |
196 | '(--dbus-system.own)'{--dbus-system.own=,--dbus-system.own=}'[allow ownership of name on the system DBus]: :' | 196 | '--dbus-system.own=-[allow ownership of name on the system DBus]: :' |
197 | '(--dbus-system.see)'{--dbus-system.see=,--dbus-system.see=}'[allow seeing name on the system DBus]: :' | 197 | '--dbus-system.see=-[allow seeing name on the system DBus]: :' |
198 | '(--dbus-system.talk)'{--dbus-system.talk=,--dbus-system.talk=}'[allow talking to name on the system DBus]: :' | 198 | '--dbus-system.talk=-[allow talking to name on the system DBus]: :' |
199 | '(--dbus-user)'{--dbus-user=,--dbus-user=}'[set session DBus access policy or none]: :' | 199 | '--dbus-user=-[set session DBus access policy or none]: :' |
200 | '(--dbus-user.broadcast)'{--dbus-user.broadcast=,--dbus-user.broadcast=}'[allow signals on the session DBus according to rule]: :' | 200 | '--dbus-user.broadcast=-[allow signals on the session DBus according to rule]: :' |
201 | '(--dbus-user.call)'{--dbus-user.call=,--dbus-user.call=}'[allow calls on the session DBus according to rule]: :' | 201 | '--dbus-user.call=-[allow calls on the session DBus according to rule]: :' |
202 | '(--dbus-user.see)'{--dbus-user.see=,--dbus-user.see=}'[allow seeing name on the session DBus]: :' | 202 | '--dbus-user.see=-[allow seeing name on the session DBus]: :' |
203 | '(--dbus-user.talk)'{--dbus-user.talk=,--dbus-user.talk=}'[allow talking to name on the session DBus]: :' | 203 | '--dbus-user.talk=-[allow talking to name on the session DBus]: :' |
204 | '(--dbus-log)'{--dbus-log=,--dbus-log=}'[set DBus log file location]: : _files' | 204 | '--dbus-log=-[set DBus log file location]: :_files' |
205 | '(--dbus-system)'{--dbus-system=,--dbus-system=}'[set system DBus access policy]: :(filter none)' | 205 | '--dbus-system=-[set system DBus access policy]: :(filter none)' |
206 | '--dbus-user.log[turn on logging for the user DBus]' | 206 | '--dbus-user.log[turn on logging for the user DBus]' |
207 | '(--dbus-user.own)'{--dbus-user.own=,--dbus-user.own=}'[allow ownership of name on the session DBus]: :' | 207 | '--dbus-user.own=-[allow ownership of name on the session DBus]: :' |
208 | '--dbus-system.log[turn on logging for the system DBus]' | 208 | '--dbus-system.log[turn on logging for the system DBus]' |
209 | '--nodbus[disable D-Bus access]' | 209 | '--nodbus[disable D-Bus access]' |
210 | #endif | 210 | #endif |
211 | #ifdef HAVE_PRIVATE_HOME | 211 | #ifdef HAVE_PRIVATE_HOME |
212 | '(--private-home)'{--private-home=,--private-home=}'[build a new user home in a temporary filesystem, and copy the files and directories in the list in the new home]: :' | 212 | '--private-home=-[build a new user home in a temporary filesystem, and copy the files and directories in the list in the new home]: :_files' |
213 | #endif | 213 | #endif |
214 | '(--private-bin)'{--private-bin=,--private-bin=}'[build a new /bin in a temporary filesystem, and copy the programs in the list]: :' | 214 | '--private-bin=-[build a new /bin in a temporary filesystem, and copy the programs in the list]: :' |
215 | '(--private-opt)'{--private-opt=,--private-opt=}'[build a new /opt in a temporary filesystem]: :' | 215 | '--private-opt=-[build a new /opt in a temporary filesystem]: :' |
216 | '(--private-srv)'{--private-srv=,--private-srv=}'[build a new /srv in a temporary filesystem]: :' | 216 | '--private-srv=-[build a new /srv in a temporary filesystem]: :' |
217 | #ifdef HAVE_USERTMPFS | 217 | #ifdef HAVE_USERTMPFS |
218 | '--private-cache[temporary ~/.cache directory]' | 218 | '--private-cache[temporary ~/.cache directory]' |
219 | #endif | 219 | #endif |
220 | #ifdef HAVE_FIRETUNNEL | 220 | #ifdef HAVE_FIRETUNNEL |
221 | '(--tunnel)'{--tunnel=,--tunnel=}'[connect the sandbox to a tunnel created by firetunnel utility]: :' | 221 | '--tunnel=-[connect the sandbox to a tunnel created by firetunnel utility]: :' |
222 | #endif | 222 | #endif |
223 | ) | 223 | ) |
224 | 224 | ||