diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 25 |
1 files changed, 12 insertions, 13 deletions
@@ -184,7 +184,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
184 | 184 | ||
185 | ### private-etc rework | 185 | ### private-etc rework |
186 | ````` | 186 | ````` |
187 | --private-etc, --private-etc=file,directory | 187 | --private-etc, --private-etc=file,directory,@group |
188 | The files installed by --private-etc are copies of the original | 188 | The files installed by --private-etc are copies of the original |
189 | system files from /etc directory. By default, the command | 189 | system files from /etc directory. By default, the command |
190 | brings in a skeleton of files and directories used by most con‐ | 190 | brings in a skeleton of files and directories used by most con‐ |
@@ -192,24 +192,23 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
192 | 192 | ||
193 | $ firejail --private-etc dig debian.org | 193 | $ firejail --private-etc dig debian.org |
194 | 194 | ||
195 | For X11/GTK/QT/Gnome/KDE programs add GUI group as a parameter. | 195 | For X11/GTK/QT/Gnome/KDE programs add @x11 group as a parame‐ |
196 | Example: | 196 | ter. Example: |
197 | 197 | ||
198 | $ firejail --private-etc=GUI,python* gimp | 198 | $ firejail --private-etc=@x11,gcrypt,python* gimp |
199 | 199 | ||
200 | /etc/python* directories are not part of the generic GUI group. | 200 | gcrypt and /etc/python* directories are not part of the generic |
201 | These directories are reuqired by Gimp plugin system. File glob‐ | 201 | @x11 group. File globbing is supported. |
202 | bing is supported. | ||
203 | 202 | ||
204 | For games, add GAMES group: | 203 | For games, add @games group: |
205 | 204 | ||
206 | $ firejail --private-etc=GUI,GAMES warzone2100 | 205 | $ firejail --private-etc=@games,@x11 warzone2100 |
207 | 206 | ||
208 | Sound and networking files are included automatically, unless | 207 | Sound and networking files are included automatically, unless |
209 | --nosound or --net=none are specified. Files for encrypted | 208 | --nosound or --net=none are specified. Files for encrypted |
210 | TLS/SSL protocol are in TLS-CA group. | 209 | TLS/SSL protocol are in @tls-ca group. |
211 | 210 | ||
212 | $ firejail --private-etc=TLS-CA,wgetrc wget https://debian.org | 211 | $ firejail --private-etc=@tls-ca,wgetrc wget https://debian.org |
213 | 212 | ||
214 | Note: The easiest way to extract the list of /etc files accessed | 213 | Note: The easiest way to extract the list of /etc files accessed |
215 | by your program is using strace utility: | 214 | by your program is using strace utility: |