aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/usage.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/usage.c')
-rw-r--r--src/firejail/usage.c41
1 files changed, 21 insertions, 20 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index a21633349..76930e1de 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -36,10 +36,10 @@ void usage(void) {
36 printf(" --apparmor - enable AppArmor confinement.\n"); 36 printf(" --apparmor - enable AppArmor confinement.\n");
37 printf(" --appimage - sandbox an AppImage application.\n"); 37 printf(" --appimage - sandbox an AppImage application.\n");
38 printf(" --audit[=test-program] - audit the sandbox.\n"); 38 printf(" --audit[=test-program] - audit the sandbox.\n");
39#ifdef HAVE_NETWORK 39#ifdef HAVE_NETWORK
40 printf(" --bandwidth=name|pid - set bandwidth limits.\n"); 40 printf(" --bandwidth=name|pid - set bandwidth limits.\n");
41#endif 41#endif
42#ifdef HAVE_BIND 42#ifdef HAVE_BIND
43 printf(" --bind=dirname1,dirname2 - mount-bind dirname1 on top of dirname2.\n"); 43 printf(" --bind=dirname1,dirname2 - mount-bind dirname1 on top of dirname2.\n");
44 printf(" --bind=filename1,filename2 - mount-bind filename1 on top of filename2.\n"); 44 printf(" --bind=filename1,filename2 - mount-bind filename1 on top of filename2.\n");
45#endif 45#endif
@@ -51,7 +51,7 @@ void usage(void) {
51 printf(" --caps.keep=capability,capability - whitelist capabilities filter.\n"); 51 printf(" --caps.keep=capability,capability - whitelist capabilities filter.\n");
52 printf(" --caps.print=name|pid - print the caps filter.\n"); 52 printf(" --caps.print=name|pid - print the caps filter.\n");
53 printf(" --cgroup=tasks-file - place the sandbox in the specified control group.\n"); 53 printf(" --cgroup=tasks-file - place the sandbox in the specified control group.\n");
54#ifdef HAVE_CHROOT 54#ifdef HAVE_CHROOT
55 printf(" --chroot=dirname - chroot into directory.\n"); 55 printf(" --chroot=dirname - chroot into directory.\n");
56#endif 56#endif
57 printf(" --cpu=cpu-number,cpu-number - set cpu affinity.\n"); 57 printf(" --cpu=cpu-number,cpu-number - set cpu affinity.\n");
@@ -64,15 +64,15 @@ void usage(void) {
64 printf(" --debug-errnos - print all recognized error numbers.\n"); 64 printf(" --debug-errnos - print all recognized error numbers.\n");
65 printf(" --debug-protocols - print all recognized protocols.\n"); 65 printf(" --debug-protocols - print all recognized protocols.\n");
66 printf(" --debug-syscalls - print all recognized system calls.\n"); 66 printf(" --debug-syscalls - print all recognized system calls.\n");
67#ifdef HAVE_WHITELIST 67#ifdef HAVE_WHITELIST
68 printf(" --debug-whitelists - debug whitelisting.\n"); 68 printf(" --debug-whitelists - debug whitelisting.\n");
69#endif 69#endif
70#ifdef HAVE_NETWORK 70#ifdef HAVE_NETWORK
71 printf(" --defaultgw=address - configure default gateway.\n"); 71 printf(" --defaultgw=address - configure default gateway.\n");
72#endif 72#endif
73 printf(" --dns=address - set DNS server.\n"); 73 printf(" --dns=address - set DNS server.\n");
74 printf(" --dns.print=name|pid - print DNS configuration.\n"); 74 printf(" --dns.print=name|pid - print DNS configuration.\n");
75 75
76 printf(" --env=name=value - set environment variable.\n"); 76 printf(" --env=name=value - set environment variable.\n");
77 printf(" --force - attempt to start a new sandbox inside the existing sandbox.\n"); 77 printf(" --force - attempt to start a new sandbox inside the existing sandbox.\n");
78 printf(" --fs.print=name|pid - print the filesystem log.\n"); 78 printf(" --fs.print=name|pid - print the filesystem log.\n");
@@ -86,7 +86,7 @@ void usage(void) {
86 printf(" --hostname=name - set sandbox hostname.\n"); 86 printf(" --hostname=name - set sandbox hostname.\n");
87 printf(" --hosts-file=file - use file as /etc/hosts.\n"); 87 printf(" --hosts-file=file - use file as /etc/hosts.\n");
88 printf(" --ignore=command - ignore command in profile files.\n"); 88 printf(" --ignore=command - ignore command in profile files.\n");
89#ifdef HAVE_NETWORK 89#ifdef HAVE_NETWORK
90 printf(" --interface=name - move interface in sandbox.\n"); 90 printf(" --interface=name - move interface in sandbox.\n");
91 printf(" --ip=address - set interface IP address.\n"); 91 printf(" --ip=address - set interface IP address.\n");
92 printf(" --ip=none - no IP address and no default gateway are configured.\n"); 92 printf(" --ip=none - no IP address and no default gateway are configured.\n");
@@ -96,21 +96,21 @@ void usage(void) {
96 printf(" --ipc-namespace - enable a new IPC namespace.\n"); 96 printf(" --ipc-namespace - enable a new IPC namespace.\n");
97 printf(" --join=name|pid - join the sandbox.\n"); 97 printf(" --join=name|pid - join the sandbox.\n");
98 printf(" --join-filesystem=name|pid - join the mount namespace.\n"); 98 printf(" --join-filesystem=name|pid - join the mount namespace.\n");
99#ifdef HAVE_NETWORK 99#ifdef HAVE_NETWORK
100 printf(" --join-network=name|pid - join the network namespace.\n"); 100 printf(" --join-network=name|pid - join the network namespace.\n");
101#endif 101#endif
102 printf(" --join-or-start=name|pid - join the sandbox or start a new one.\n"); 102 printf(" --join-or-start=name|pid - join the sandbox or start a new one.\n");
103 printf(" --list - list all sandboxes.\n"); 103 printf(" --list - list all sandboxes.\n");
104 printf(" --ls=name|pid dir_or_filename - list files in sandbox container.\n"); 104 printf(" --ls=name|pid dir_or_filename - list files in sandbox container.\n");
105#ifdef HAVE_NETWORK 105#ifdef HAVE_NETWORK
106 printf(" --mac=xx:xx:xx:xx:xx:xx - set interface MAC address.\n"); 106 printf(" --mac=xx:xx:xx:xx:xx:xx - set interface MAC address.\n");
107#endif 107#endif
108 printf(" --machine-id - preserve /etc/machine-id\n"); 108 printf(" --machine-id - preserve /etc/machine-id\n");
109#ifdef HAVE_NETWORK 109#ifdef HAVE_NETWORK
110 printf(" --mtu=number - set interface MTU.\n"); 110 printf(" --mtu=number - set interface MTU.\n");
111#endif 111#endif
112 printf(" --name=name - set sandbox name.\n"); 112 printf(" --name=name - set sandbox name.\n");
113#ifdef HAVE_NETWORK 113#ifdef HAVE_NETWORK
114 printf(" --net=bridgename - enable network namespaces and connect to this bridge.\n"); 114 printf(" --net=bridgename - enable network namespaces and connect to this bridge.\n");
115 printf(" --net=ethernet_interface - enable network namespaces and connect to this\n"); 115 printf(" --net=ethernet_interface - enable network namespaces and connect to this\n");
116 printf("\tEthernet interface.\n"); 116 printf("\tEthernet interface.\n");
@@ -127,17 +127,18 @@ void usage(void) {
127 printf(" --nogroups - disable supplementary groups.\n"); 127 printf(" --nogroups - disable supplementary groups.\n");
128 printf(" --nonewprivs - sets the NO_NEW_PRIVS prctl.\n"); 128 printf(" --nonewprivs - sets the NO_NEW_PRIVS prctl.\n");
129 printf(" --noprofile - do not use a security profile.\n"); 129 printf(" --noprofile - do not use a security profile.\n");
130#ifdef HAVE_USERNS 130#ifdef HAVE_USERNS
131 printf(" --noroot - install a user namespace with only the current user.\n"); 131 printf(" --noroot - install a user namespace with only the current user.\n");
132#endif 132#endif
133 printf(" --nosound - disable sound system.\n"); 133 printf(" --nosound - disable sound system.\n");
134 printf(" --novideo - disable video devices.\n");
134 printf(" --nowhitelist=filename - disable whitelist for file or directory .\n"); 135 printf(" --nowhitelist=filename - disable whitelist for file or directory .\n");
135 printf(" --output=logfile - stdout logging and log rotation.\n"); 136 printf(" --output=logfile - stdout logging and log rotation.\n");
136 printf(" --overlay - mount a filesystem overlay on top of the current filesystem.\n"); 137 printf(" --overlay - mount a filesystem overlay on top of the current filesystem.\n");
137 printf(" --overlay-named=name - mount a filesystem overlay on top of the current\n"); 138 printf(" --overlay-named=name - mount a filesystem overlay on top of the current\n");
138 printf("\tfilesystem, and store it in name directory.\n"); 139 printf("\tfilesystem, and store it in name directory.\n");
139 printf(" --overlay-tmpfs - mount a temporary filesystem overlay on top of the current\n"); 140 printf(" --overlay-tmpfs - mount a temporary filesystem overlay on top of the current\n");
140 printf("\tfilesystem.\n"); 141 printf("\tfilesystem.\n");
141 printf(" --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n"); 142 printf(" --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n");
142 printf(" --private - temporary home directory.\n"); 143 printf(" --private - temporary home directory.\n");
143 printf(" --private=directory - use directory as user home.\n"); 144 printf(" --private=directory - use directory as user home.\n");
@@ -169,9 +170,9 @@ void usage(void) {
169 printf(" --rlimit-sigpending=number - set the maximum number of pending signals\n"); 170 printf(" --rlimit-sigpending=number - set the maximum number of pending signals\n");
170 printf("\tfor a process.\n"); 171 printf("\tfor a process.\n");
171 printf(" --rmenv=name - remove environment variable in the new sandbox.\n"); 172 printf(" --rmenv=name - remove environment variable in the new sandbox.\n");
172#ifdef HAVE_NETWORK 173#ifdef HAVE_NETWORK
173 printf(" --scan - ARP-scan all the networks from inside a network namespace.\n"); 174 printf(" --scan - ARP-scan all the networks from inside a network namespace.\n");
174#endif 175#endif
175#ifdef HAVE_SECCOMP 176#ifdef HAVE_SECCOMP
176 printf(" --seccomp - enable seccomp filter and apply the default blacklist.\n"); 177 printf(" --seccomp - enable seccomp filter and apply the default blacklist.\n");
177 printf(" --seccomp=syscall,syscall,syscall - enable seccomp filter, blacklist the\n"); 178 printf(" --seccomp=syscall,syscall,syscall - enable seccomp filter, blacklist the\n");
@@ -195,12 +196,12 @@ void usage(void) {
195 printf("\tdirectoires blacklisted by the security profile.\n"); 196 printf("\tdirectoires blacklisted by the security profile.\n");
196 printf(" --tree - print a tree of all sandboxed processes.\n"); 197 printf(" --tree - print a tree of all sandboxed processes.\n");
197 printf(" --version - print program version and exit.\n"); 198 printf(" --version - print program version and exit.\n");
198#ifdef HAVE_NETWORK 199#ifdef HAVE_NETWORK
199 printf(" --veth-name=name - use this name for the interface connected to the bridge.\n"); 200 printf(" --veth-name=name - use this name for the interface connected to the bridge.\n");
200#endif 201#endif
201#ifdef HAVE_WHITELIST 202#ifdef HAVE_WHITELIST
202 printf(" --whitelist=filename - whitelist directory or file.\n"); 203 printf(" --whitelist=filename - whitelist directory or file.\n");
203#endif 204#endif
204 printf(" --writable-etc - /etc directory is mounted read-write.\n"); 205 printf(" --writable-etc - /etc directory is mounted read-write.\n");
205 printf(" --writable-var - /var directory is mounted read-write.\n"); 206 printf(" --writable-var - /var directory is mounted read-write.\n");
206 printf(" --writable-var-log - use the real /var/log directory, not a clone.\n"); 207 printf(" --writable-var-log - use the real /var/log directory, not a clone.\n");
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-02 04:29:13 +0000