6 files changed, 22 insertions, 0 deletions

diff --git a/README b/README
index 94d3b5ed6..9b981d805 100644
--- a/README
+++ b/README
@@ -74,6 +74,9 @@ Fred-Barclay (https://github.com/Fred-Barclay)
         - added eom profile
         - added gnome-chess profile
         - added DOSBox profile
+        - evince profile enhancement
+graywolf (https://github.com/graywolf)
+        - spelling fix
 Dara Adib (https://github.com/daradib)
         - ssh profile fix
 Tomasz Jan Góralczyk (https://github.com/tjg)
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index e3bf5e187..e76f54ec3 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -318,6 +318,7 @@ extern char *arg_audit_prog;	// audit
 extern int arg_apparmor;        // apparmor
 extern int arg_allow_debuggers; // allow debuggers
 extern int arg_x11_block;       // block X11
+extern int arg_allusers;        // all user home directories visible
 
 extern int login_shell;
 extern int parent_to_child_fds[2];
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 03ffab788..1f2ee9573 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -106,8 +106,11 @@ char *arg_audit_prog = NULL;			// audit
 int arg_apparmor = 0;                           // apparmor
 int arg_allow_debuggers = 0;                    // allow debuggers
 int arg_x11_block = 0;                          // block X11
+int arg_allusers = 0;                           // all user home directories visible
+
 int login_shell = 0;
 
+
 int parent_to_child_fds[2];
 int child_to_parent_fds[2];
 
@@ -1296,6 +1299,8 @@ int main(int argc, char **argv) {
                 //*************************************
                 // filesystem
                 //*************************************
+                else if (strcmp(argv[i], "--allusers") == 0)
+                        arg_allusers = 1;
 #ifdef HAVE_BIND                
                 else if (strncmp(argv[i], "--bind=", 7) == 0) {
                         if (checkcfg(CFG_BIND)) {
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index cb999a4a6..9e0c789aa 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -335,6 +335,9 @@ errout:
 }
 
 void restrict_users(void) {
+        if (arg_allusers)
+                return;
+                
         // only in user mode
         if (getuid()) {
                 if (strncmp(cfg.homedir, "/home/", 6) == 0) {
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index c08ec18a0..3425b050e 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -35,6 +35,7 @@ void usage(void) {
         printf("Options:\n\n");
         printf("    -- - signal the end of options and disables further option processing.\n\n");
         printf("    --allow-debuggers - allow tools such as strace and gdb inside the sandbox.\n\n");
+        printf("    --allusers - all user home directories are visible inside the sandbox.\n\n");
         printf("    --apparmor - enable AppArmor confinement\n\n");
         printf("    --appimage - sandbox an AppImage application\n\n");
         printf("    --audit - audit the sandbox, see Audit section for more details\n\n");
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 88c884801..71624afc2 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -84,6 +84,15 @@ Example:
 .br
 $ firejail  --allow-debuggers --profile=/etc/firejail/firefox.profile strace -f firefox
 .TP
+\fB\-\-allusers
+All user home directories are visible inside the sandbox. By default, only current user home directory is visible.
+.br
+
+.br
+Example:
+.br
+$ firejail --allusers
+.TP
 \fB\-\-apparmor
 Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below.
 .TP