diff options
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 841aa47a7..da842e17b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2564,6 +2564,7 @@ int main(int argc, char **argv, char **envp) { | |||
2564 | cfg.timeout = extract_timeout(argv[i] + 10); | 2564 | cfg.timeout = extract_timeout(argv[i] + 10); |
2565 | else if (strcmp(argv[i], "--audit") == 0) { | 2565 | else if (strcmp(argv[i], "--audit") == 0) { |
2566 | arg_audit_prog = LIBDIR "/firejail/faudit"; | 2566 | arg_audit_prog = LIBDIR "/firejail/faudit"; |
2567 | profile_add_ignore("shell none"); | ||
2567 | arg_audit = 1; | 2568 | arg_audit = 1; |
2568 | } | 2569 | } |
2569 | else if (strncmp(argv[i], "--audit=", 8) == 0) { | 2570 | else if (strncmp(argv[i], "--audit=", 8) == 0) { |
@@ -2580,6 +2581,7 @@ int main(int argc, char **argv, char **envp) { | |||
2580 | fprintf(stderr, "Error: cannot find the audit program %s\n", arg_audit_prog); | 2581 | fprintf(stderr, "Error: cannot find the audit program %s\n", arg_audit_prog); |
2581 | exit(1); | 2582 | exit(1); |
2582 | } | 2583 | } |
2584 | profile_add_ignore("shell none"); | ||
2583 | arg_audit = 1; | 2585 | arg_audit = 1; |
2584 | } | 2586 | } |
2585 | else if (strcmp(argv[i], "--appimage") == 0) | 2587 | else if (strcmp(argv[i], "--appimage") == 0) |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index c4b0d384b..b602bcada 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2930,6 +2930,10 @@ In the examples above, the sandbox configures transmission-gtk profile and | |||
2930 | starts the test program. The real program, transmission-gtk, will not be | 2930 | starts the test program. The real program, transmission-gtk, will not be |
2931 | started. | 2931 | started. |
2932 | 2932 | ||
2933 | You can also audit a specific profile without specifying a program. | ||
2934 | .br | ||
2935 | $ firejail --audit --profile=/etc/firejail/zoom.profile | ||
2936 | |||
2933 | Limitations: audit feature is not implemented for --x11 commands. | 2937 | Limitations: audit feature is not implemented for --x11 commands. |
2934 | 2938 | ||
2935 | .SH DESKTOP INTEGRATION | 2939 | .SH DESKTOP INTEGRATION |