aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--RELNOTES4
-rw-r--r--src/man/firejail-profile.txt9
-rw-r--r--src/man/firejail.txt17
3 files changed, 23 insertions, 7 deletions
diff --git a/RELNOTES b/RELNOTES
index 327cfdb36..18b577cca 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -2,6 +2,8 @@ firejail (0.9.71) baseline; urgency=low
2 * work in progress 2 * work in progress
3 * feature: On failing to remount a fuse filesystem, give warning instead of 3 * feature: On failing to remount a fuse filesystem, give warning instead of
4 erroring out (#5240 #5242) 4 erroring out (#5240 #5242)
5 * feature: Update syscall tables and seccomp groups (#5188)
6 * feature: improve force-nonewprivs security guarantees (#5217 #5271)
5 * feature: restrict namespaces (--restrict-namespaces) implemented as 7 * feature: restrict namespaces (--restrict-namespaces) implemented as
6 a seccomp filter for both 64 and 32 bit architectures (#4939 #5259) 8 a seccomp filter for both 64 and 32 bit architectures (#4939 #5259)
7 * feature: support for custom AppArmor profiles (--apparmor=) (#5274 #5316 9 * feature: support for custom AppArmor profiles (--apparmor=) (#5274 #5316
@@ -38,6 +40,8 @@ firejail (0.9.71) baseline; urgency=low
38 * docs: Add IRC channel info to README.md (#5361) 40 * docs: Add IRC channel info to README.md (#5361)
39 * docs: man: Note that some commands can be disabled in firejail.config 41 * docs: man: Note that some commands can be disabled in firejail.config
40 (#5366) 42 (#5366)
43 * docs: Add gist note to bug_report.md (#5398)
44 * docs: clarify that --appimage should appear before --profile (#5402 #5451)
41 -- netblue30 <netblue30@yahoo.com> Sat, 11 Jun 2022 09:00:00 -0500 45 -- netblue30 <netblue30@yahoo.com> Sat, 11 Jun 2022 09:00:00 -0500
42 46
43firejail (0.9.70) baseline; urgency=low 47firejail (0.9.70) baseline; urgency=low
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 138aae8af..7fa677ae5 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -14,7 +14,7 @@ Using a specific profile:
14.br 14.br
15Example: 15Example:
16.br 16.br
17$ firejail --profile=/etc/firejail/kdenlive.profile --appimage kdenlive.appimage 17$ firejail --appimage --profile=/etc/firejail/kdenlive.profile kdenlive.appimage
18.br 18.br
19 19
20.br 20.br
@@ -25,7 +25,7 @@ $ firejail --profile=/etc/firejail/kdenlive.profile --appimage kdenlive.appimage
25.br 25.br
26Example: 26Example:
27.br 27.br
28$ firejail --profile=kdenlive --appimage kdenlive.appimage 28$ firejail --appimage --profile=kdenlive kdenlive.appimage
29.br 29.br
30 30
31.br 31.br
@@ -179,6 +179,11 @@ can be enabled or disabled globally in Firejail's configuration file.
179 179
180The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. 180The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines.
181 181
182Note: When using one or more conditionals and \fB--profile\fR, it is
183recommended that the relevant option(s) (such as \fB--appimage\fR) be specified
184before \fB--profile\fR, so that their respective conditional(s) (such as
185\fB?HAS_APPIMAGE\fR) inside of the profile evaluate to true.
186
182.TP 187.TP
183\fBinclude other.profile 188\fBinclude other.profile
184Include other.profile file. 189Include other.profile file.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index b4be1cd62..39c81312c 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -11,7 +11,7 @@ firejail [OPTIONS] [program and arguments]
11Start an AppImage program: 11Start an AppImage program:
12.PP 12.PP
13.RS 13.RS
14firejail [OPTIONS] --appimage [appimage-file and arguments] 14firejail [OPTIONS] --appimage [OPTIONS] [appimage-file and arguments]
15.RE 15.RE
16.PP 16.PP
17#ifdef HAVE_FILE_TRANSFER 17#ifdef HAVE_FILE_TRANSFER
@@ -164,15 +164,22 @@ private-bin and private-lib are disabled by default when running appimages.
164.br 164.br
165Example: 165Example:
166.br 166.br
167$ firejail --profile=krita --appimage krita-3.0-x86_64.appimage 167$ firejail --appimage --profile=krita krita-3.0-x86_64.appimage
168.br 168.br
169$ firejail --private --profile=krita --appimage krita-3.0-x86_64.appimage 169$ firejail --quiet --appimage --private --profile=krita krita-3.0-x86_64.appimage
170.br 170.br
171#ifdef HAVE_X11 171#ifdef HAVE_X11
172$ firejail --net=none --x11 --profile=krita --appimage krita-3.0-x86_64.appimage 172$ firejail --appimage --net=none --x11 --profile=krita krita-3.0-x86_64.appimage
173#endif 173#endif
174.TP 174.br
175
176.br
177Note: When using both \fB--appimage\fR and \fB--profile\fR, it is recommended
178to always specify the former before the latter, so that any \fB?HAS_APPIMAGE\fR
179conditionals inside of the profile evaluate to true (see \fB?CONDITIONAL\fR in
180firejail-profile(5)).
175#ifdef HAVE_NETWORK 181#ifdef HAVE_NETWORK
182.TP
176\fB\-\-bandwidth=name|pid 183\fB\-\-bandwidth=name|pid
177Set bandwidth limits for the sandbox identified by name or PID, see \fBTRAFFIC SHAPING\fR section for more details. 184Set bandwidth limits for the sandbox identified by name or PID, see \fBTRAFFIC SHAPING\fR section for more details.
178#endif 185#endif