diff options
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 6 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 14 | ||||
-rw-r--r-- | src/man/firejail.txt | 12 |
3 files changed, 28 insertions, 4 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 98b713e9e..e1d972d04 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -47,7 +47,7 @@ jobs: | |||
47 | 47 | ||
48 | # Initializes the CodeQL tools for scanning. | 48 | # Initializes the CodeQL tools for scanning. |
49 | - name: Initialize CodeQL | 49 | - name: Initialize CodeQL |
50 | uses: github/codeql-action/init@f5d822707ee6e8fb81b04a5c0040b736da22e587 | 50 | uses: github/codeql-action/init@883476649888a9e8e219d5b2e6b789dc024f690c |
51 | with: | 51 | with: |
52 | languages: ${{ matrix.language }} | 52 | languages: ${{ matrix.language }} |
53 | # If you wish to specify custom queries, you can do so here or in a config file. | 53 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -58,7 +58,7 @@ jobs: | |||
58 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 58 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
59 | # If this step fails, then you should remove it and run the build manually (see below) | 59 | # If this step fails, then you should remove it and run the build manually (see below) |
60 | - name: Autobuild | 60 | - name: Autobuild |
61 | uses: github/codeql-action/autobuild@f5d822707ee6e8fb81b04a5c0040b736da22e587 | 61 | uses: github/codeql-action/autobuild@883476649888a9e8e219d5b2e6b789dc024f690c |
62 | 62 | ||
63 | # âšī¸ Command-line programs to run using the OS shell. | 63 | # âšī¸ Command-line programs to run using the OS shell. |
64 | # đ https://git.io/JvXDl | 64 | # đ https://git.io/JvXDl |
@@ -72,4 +72,4 @@ jobs: | |||
72 | # make release | 72 | # make release |
73 | 73 | ||
74 | - name: Perform CodeQL Analysis | 74 | - name: Perform CodeQL Analysis |
75 | uses: github/codeql-action/analyze@f5d822707ee6e8fb81b04a5c0040b736da22e587 | 75 | uses: github/codeql-action/analyze@883476649888a9e8e219d5b2e6b789dc024f690c |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index e962e18da..3dd339d94 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -343,6 +343,18 @@ closed. | |||
343 | .TP | 343 | .TP |
344 | \fBprivate directory | 344 | \fBprivate directory |
345 | Use directory as user home. | 345 | Use directory as user home. |
346 | --private and --private=directory cannot be used together. | ||
347 | .br | ||
348 | |||
349 | .br | ||
350 | Bug: Even with this enabled, some commands (such as mkdir, mkfile and | ||
351 | private-cache) will still operate on the original home directory. | ||
352 | Workaround: Disable the incompatible commands, such as by using "ignore mkdir" | ||
353 | and "ignore mkfile". | ||
354 | For details, see | ||
355 | .UR https://github.com/netblue30/firejail/issues/903 | ||
356 | #903 | ||
357 | .UE | ||
346 | .TP | 358 | .TP |
347 | \fBprivate-bin file,file | 359 | \fBprivate-bin file,file |
348 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | 360 | Build a new /bin in a temporary filesystem, and copy the programs in the list. |
@@ -505,7 +517,7 @@ There is no root account (uid 0) defined in the namespace. | |||
505 | Enable protocol filter. The filter is based on seccomp and checks the | 517 | Enable protocol filter. The filter is based on seccomp and checks the |
506 | first argument to socket system call. Recognized values: \fBunix\fR, | 518 | first argument to socket system call. Recognized values: \fBunix\fR, |
507 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR, and \fBbluetooth\fR. | 519 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR, and \fBbluetooth\fR. |
508 | Multiple protocol commands are allowed. | 520 | Multiple protocol commands are allowed and they accumulate. |
509 | .TP | 521 | .TP |
510 | \fBseccomp | 522 | \fBseccomp |
511 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. | 523 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index feb9e4e81..41171a4e7 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1905,6 +1905,17 @@ Use directory as user home. | |||
1905 | Example: | 1905 | Example: |
1906 | .br | 1906 | .br |
1907 | $ firejail \-\-private=/home/netblue/firefox-home firefox | 1907 | $ firejail \-\-private=/home/netblue/firefox-home firefox |
1908 | .br | ||
1909 | |||
1910 | .br | ||
1911 | Bug: Even with this enabled, some commands (such as mkdir, mkfile and | ||
1912 | private-cache) will still operate on the original home directory. | ||
1913 | Workaround: Disable the incompatible commands, such as by using "ignore mkdir" | ||
1914 | and "ignore mkfile". | ||
1915 | For details, see | ||
1916 | .UR https://github.com/netblue30/firejail/issues/903 | ||
1917 | #903 | ||
1918 | .UE | ||
1908 | 1919 | ||
1909 | .TP | 1920 | .TP |
1910 | \fB\-\-private-bin=file,file | 1921 | \fB\-\-private-bin=file,file |
@@ -2171,6 +2182,7 @@ $ firejail \-\-profile.print=browser | |||
2171 | \fB\-\-protocol=protocol,protocol,protocol | 2182 | \fB\-\-protocol=protocol,protocol,protocol |
2172 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. | 2183 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. |
2173 | Recognized values: unix, inet, inet6, netlink, packet, and bluetooth. This option is not supported for i386 architecture. | 2184 | Recognized values: unix, inet, inet6, netlink, packet, and bluetooth. This option is not supported for i386 architecture. |
2185 | Multiple protocol commands are allowed and they accumulate. | ||
2174 | .br | 2186 | .br |
2175 | 2187 | ||
2176 | .br | 2188 | .br |