diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 93 |
1 files changed, 1 insertions, 92 deletions
@@ -32,96 +32,5 @@ Documentation: https://firejail.wordpress.com/documentation-2/ | |||
32 | 32 | ||
33 | FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ | 33 | FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ |
34 | 34 | ||
35 | # Current development version: 0.9.37 | 35 | # Current development version: 0.9.39 |
36 | |||
37 | ## Symlink invocation | ||
38 | |||
39 | This is a small thing, but very convenient. Make a symbolic link (ln -s) to /usr/bin/firejail under | ||
40 | the name of the program you want to run, and put the link in the first $PATH position (for | ||
41 | example in /usr/local/bin). Example: | ||
42 | ````` | ||
43 | $ which -a transmission-gtk | ||
44 | /usr/bin/transmission-gtk | ||
45 | |||
46 | $ sudo ln -s /usr/bin/firejail /usr/local/bin/transmission-gtk | ||
47 | |||
48 | $ which -a transmission-gtk | ||
49 | /usr/local/bin/transmission-gtk | ||
50 | /usr/bin/transmission-gtk | ||
51 | ````` | ||
52 | We have in this moment two entries in $PATH for transmission. The first one is a symlink to firejail. | ||
53 | The second one is the real program. Starting transmission in this moment, invokes "firejail transmission-gtk" | ||
54 | ````` | ||
55 | $ transmission-gtk | ||
56 | Redirecting symlink to /usr/bin/transmission-gtk | ||
57 | Reading profile /etc/firejail/transmission-gtk.profile | ||
58 | Reading profile /etc/firejail/disable-mgmt.inc | ||
59 | Reading profile /etc/firejail/disable-secret.inc | ||
60 | Reading profile /etc/firejail/disable-common.inc | ||
61 | Reading profile /etc/firejail/disable-devel.inc | ||
62 | Parent pid 19343, child pid 19344 | ||
63 | Blacklist violations are logged to syslog | ||
64 | Child process initialized | ||
65 | ````` | ||
66 | |||
67 | |||
68 | ## IPv6 support: | ||
69 | ````` | ||
70 | --ip6=address | ||
71 | Assign IPv6 addresses to the last network interface defined by a | ||
72 | --net option. | ||
73 | |||
74 | Example: | ||
75 | $ firejail --net=eth0 --ip6=2001:0db8:0:f101::1/64 firefox | ||
76 | |||
77 | --netfilter6=filename | ||
78 | Enable the IPv6 network filter specified by filename in the new | ||
79 | network namespace. The filter file format is the format of | ||
80 | ip6tables-save and ip6table-restore commands. New network | ||
81 | namespaces are created using --net option. If a new network | ||
82 | namespaces is not created, --netfilter6 option does nothing. | ||
83 | |||
84 | ````` | ||
85 | |||
86 | ## join command enhancements | ||
87 | |||
88 | ````` | ||
89 | --join-filesystem=name | ||
90 | Join the mount namespace of the sandbox identified by name. By | ||
91 | default a /bin/bash shell is started after joining the sandbox. | ||
92 | If a program is specified, the program is run in the sandbox. | ||
93 | This command is available only to root user. Security filters, | ||
94 | cgroups and cpus configurations are not applied to the process | ||
95 | joining the sandbox. | ||
96 | |||
97 | --join-filesystem=pid | ||
98 | Join the mount namespace of the sandbox identified by process | ||
99 | ID. By default a /bin/bash shell is started after joining the | ||
100 | sandbox. If a program is specified, the program is run in the | ||
101 | sandbox. This command is available only to root user. Security | ||
102 | filters, cgroups and cpus configurations are not applied to the | ||
103 | process joining the sandbox. | ||
104 | |||
105 | --join-network=name | ||
106 | Join the network namespace of the sandbox identified by name. By | ||
107 | default a /bin/bash shell is started after joining the sandbox. | ||
108 | If a program is specified, the program is run in the sandbox. | ||
109 | This command is available only to root user. Security filters, | ||
110 | cgroups and cpus configurations are not applied to the process | ||
111 | joining the sandbox. | ||
112 | |||
113 | --join-network=pid | ||
114 | Join the network namespace of the sandbox identified by process | ||
115 | ID. By default a /bin/bash shell is started after joining the | ||
116 | sandbox. If a program is specified, the program is run in the | ||
117 | sandbox. This command is available only to root user. Security | ||
118 | filters, cgroups and cpus configurations are not applied to the | ||
119 | process joining the sandbox. | ||
120 | |||
121 | ````` | ||
122 | |||
123 | |||
124 | ## New profiles: KMail | ||
125 | |||
126 | |||
127 | 36 | ||