diff options
| -rw-r--r-- | RELNOTES | 1 | ||||
| -rw-r--r-- | src/firejail/usage.c | 8 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 4 | ||||
| -rw-r--r-- | src/man/firejail.txt | 19 |
4 files changed, 29 insertions, 3 deletions
| @@ -1,6 +1,7 @@ | |||
| 1 | firejail (0.9.31) baseline; urgency=low | 1 | firejail (0.9.31) baseline; urgency=low |
| 2 | * added --interface option | 2 | * added --interface option |
| 3 | * added --mtu option | 3 | * added --mtu option |
| 4 | * added --private-bin option | ||
| 4 | * added seccomp errno support | 5 | * added seccomp errno support |
| 5 | * added FBReader default profile | 6 | * added FBReader default profile |
| 6 | * added Spotify default profile | 7 | * added Spotify default profile |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index dec8c5349..93d79fd94 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
| @@ -167,13 +167,15 @@ void usage(void) { | |||
| 167 | printf("\t\tand it is discarded when the sandbox is closed. (OverlayFS\n"); | 167 | printf("\t\tand it is discarded when the sandbox is closed. (OverlayFS\n"); |
| 168 | printf("\t\tsupport is required in Linux kernel for this option to work).\n\n"); | 168 | printf("\t\tsupport is required in Linux kernel for this option to work).\n\n"); |
| 169 | 169 | ||
| 170 | |||
| 171 | |||
| 172 | |||
| 173 | printf("\t--private - mount new /root and /home/user directories in temporary\n"); | 170 | printf("\t--private - mount new /root and /home/user directories in temporary\n"); |
| 174 | printf("\t\tfilesystems. All modifications are discarded when the sandbox is\n"); | 171 | printf("\t\tfilesystems. All modifications are discarded when the sandbox is\n"); |
| 175 | printf("\t\tclosed.\n\n"); | 172 | printf("\t\tclosed.\n\n"); |
| 176 | printf("\t--private=directory - use directory as user home.\n\n"); | 173 | printf("\t--private=directory - use directory as user home.\n\n"); |
| 174 | |||
| 175 | printf("\t--private-bin=file,file - build a new /bin in a temporary filesystem,\n"); | ||
| 176 | printf("\t\tand copy the programs in the list. The same directory is\n"); | ||
| 177 | printf("\t\talso bind-mounted over /sbin, /usr/bin and /usr/sbin.\n\n"); | ||
| 178 | |||
| 177 | printf("\t--private-home=file,directory - build a new user home in a temporary\n"); | 179 | printf("\t--private-home=file,directory - build a new user home in a temporary\n"); |
| 178 | printf("\t\tfilesystem, and copy the files and directories in the list in\n"); | 180 | printf("\t\tfilesystem, and copy the files and directories in the list in\n"); |
| 179 | printf("\t\tthe new home. All modifications are discarded when the sandbox\n"); | 181 | printf("\t\tthe new home. All modifications are discarded when the sandbox\n"); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index e470cab36..1369fdc91 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -133,6 +133,10 @@ Mount new /root and /home/user directories in temporary | |||
| 133 | filesystems. All modifications are discarded when the sandbox is | 133 | filesystems. All modifications are discarded when the sandbox is |
| 134 | closed. | 134 | closed. |
| 135 | .TP | 135 | .TP |
| 136 | \f\private-bin file,file | ||
| 137 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | ||
| 138 | The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin. | ||
| 139 | .TP | ||
| 136 | \f\private directory | 140 | \f\private directory |
| 137 | Use directory as user home. | 141 | Use directory as user home. |
| 138 | .TP | 142 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index af3a18746..00360e65b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -735,6 +735,25 @@ Example: | |||
| 735 | $ firejail \-\-private=/home/netblue/firefox-home firefox | 735 | $ firejail \-\-private=/home/netblue/firefox-home firefox |
| 736 | 736 | ||
| 737 | .TP | 737 | .TP |
| 738 | \fB\-\-private-bin=file,file | ||
| 739 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | ||
| 740 | The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin. | ||
| 741 | .br | ||
| 742 | |||
| 743 | .br | ||
| 744 | Example: | ||
| 745 | .br | ||
| 746 | $ firejail \-\-private-bin=bash,sed,ls,cat | ||
| 747 | .br | ||
| 748 | Parent pid 20841, child pid 20842 | ||
| 749 | .br | ||
| 750 | Child process initialized | ||
| 751 | .br | ||
| 752 | $ ls /bin | ||
| 753 | .br | ||
| 754 | bash cat ls sed | ||
| 755 | |||
| 756 | .TP | ||
| 738 | \fB\-\-private-keep=file,directory | 757 | \fB\-\-private-keep=file,directory |
| 739 | This option is deprecated, use private-home instead | 758 | This option is deprecated, use private-home instead |
| 740 | 759 | ||