1 files changed, 165 insertions, 23 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 9045c1122..d6113218c 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -44,7 +44,7 @@ To disable default profile loading, use --noprofile command option. Example:
 .RS
 $ firejail
 .br
-Reading profile /etc/firejail/generic.profile
+Reading profile /etc/firejail/default.profile
 .br
 Parent pid 8553, child pid 8554
 .br
@@ -93,11 +93,17 @@ If the file name matches file_name, the file will not be blacklisted in any blac
 Example: "noblacklist ${HOME}/.mozilla"
 .TP
-\fBignore command
+\fBignore
 Ignore command.
 Example: "ignore seccomp"
+.TP
+\fBquiet
+Disable Firejail's output. This should be the first uncommented command in the profile file.
+Example: "quiet"
 .SH Filesystem
 These profile entries define a chroot filesystem built on top of the existing
 host filesystem. Each line describes a file element that is removed from
@@ -122,11 +128,16 @@ blacklist ${PATH}/ifconfig
 blacklist ${HOME}/.ssh
 .TP
-\fBread-only file_or_directory
+\fBblacklist-nolog file_or_directory
-Make directory or file read-only.
+When --tracelog flag is set, blacklisting generates syslog messages if the sandbox tries to access the file or directory.
-.TP
+blacklist-nolog command disables syslog messages for this particular file or directory. Examples:
-\fBtmpfs directory
+.br
-Mount an empty tmpfs filesystem on top of directory. This option is available only when running the sandbox as root.
+.br
+blacklist-nolog /usr/bin
+.br
+blacklist-nolog /usr/bin/gcc*
 .TP
 \fBbind directory1,directory2
 Mount-bind directory1 on top of directory2. This option is only available when running as root.
@@ -135,8 +146,14 @@ Mount-bind directory1 on top of directory2. This option is only available when r
 Mount-bind file1 on top of file2. This option is only available when running as root.
 .TP
 \fBmkdir directory
-Create a directory in user home. Use this command for whitelisted directories you need to preserve
+Create a directory in user home before the sandbox is started.
-when the sandbox is closed. Subdirectories also need to be created using mkdir. Example from
+The directory is created if it doesn't already exist.
+.br
+.br
+Use this command for whitelisted directories you need to preserve
+when the sandbox is closed. Without it, the application will create the directory, and the directory
+will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from
 firefox profile:
 .br
@@ -145,14 +162,17 @@ mkdir ~/.mozilla
 .br
 whitelist ~/.mozilla
 .br
-mkdir ~/.cache
-.br
-mkdir ~/.cache/mozilla
-.br
 mkdir ~/.cache/mozilla/firefox
 .br
 whitelist ~/.cache/mozilla/firefox
 .TP
+\fBmkfile file
+Similar to mkdir, this command creates a file in user home before the sandbox is started.
+The file is created if it doesn't already exist, but it's target directory has to exist.
+.TP
+\fBnoexec file_or_directory
+Remount the file or the directory noexec, nodev and nosuid.
+.TP
 \fBprivate
 Mount new /root and /home/user directories in temporary
 filesystems. All modifications are discarded when the sandbox is
@@ -161,6 +181,12 @@ closed.
 \fBprivate directory
 Use directory as user home.
 .TP
+\f\private-home file,directory
+Build a new user home in a temporary
+filesystem, and copy the files and directories in the list in the
+new home. All modifications are discarded when the sandbox is
+closed.
+.TP
 \fBprivate-bin file,file
 Build a new /bin in a temporary filesystem, and copy the programs in the list.
 The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin.
@@ -174,19 +200,43 @@ filesystem, and copy the files and directories in the list.
 All modifications are discarded when the sandbox is closed.
 .TP
 \fBprivate-tmp
-Mount an empty temporary filesystem on top of /tmp directory.
+Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix.
 .TP
-\fBwhitelist file_or_directory
+\fBread-only file_or_directory
-Build a new user home in a temporary filesystem, and mount-bind file_or_directory.
+Make directory or file read-only.
-The modifications to file_or_directory are persistent, everything else is discarded
+.TP
-when the sandbox is closed.
+\fBread-write file_or_directory
+Make directory or file read-write.
+.TP
+\fBtmpfs directory
+Mount an empty tmpfs filesystem on top of directory. This option is available only when running the sandbox as root.
 .TP
 \fBtracelog
 Blacklist violations logged to syslog.
+.TP
+\fBwhitelist file_or_directory
+Whitelist directory or file. A temporary file system is mounted on the top directory, and the
+whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
+everything else is discarded when the sandbox is closed. The top directory could be 
+user home, /dev, /media, /mnt, /opt, /srv, /var, and /tmp.
+.br
+.br
+Symbolic link handling: with the exception of user home, both the link and the real file should be in
+the same top directory. For user home, both the link and the real file should be owned by the user.
+.TP
+\fBwritable-etc
+Mount /etc directory read-write.
+.TP
+\fBwritable-var
+Mount /var directory read-write.
 .SH Security filters
 The following security filters are currently implemented:
 .TP
+\fBapparmor
+Enable AppArmor confinement.
+.TP
 \fBcaps
 Enable default Linux capabilities filter.
 .TP
@@ -205,10 +255,7 @@ first argument to socket system call. Recognized values: \fBunix\fR,
 \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR.
 .TP
 \fBseccomp
-Enable default seccomp filter.  The default list is as follows:
+Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details.
-mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,
-iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev,
-sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.
 .TP
 \fBseccomp syscall,syscall,syscall
 Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter.
@@ -219,9 +266,32 @@ Enable seccomp filter and blacklist  the system calls in the list.
 \fBseccomp.keep syscall,syscall,syscall
 Enable seccomp filter and whitelist the system calls in the list.
 .TP
+\fBnonewprivs
+Sets the NO_NEW_PRIVS prctl.  This ensures that child processes
+cannot acquire new privileges using execve(2);  in particular,
+this means that calling a suid binary (or one with file capabilities)
+does not result in an increase of privilege.
+.TP
 \fBnoroot
 Use this command  to enable an user namespace. The namespace has only one user, the current user.
 There is no root account (uid 0) defined in the namespace.
+.TP
+\fBx11
+Enable X11 sandboxing.
+.TP
+\fBx11 none
+Blacklist /tmp/.X11-unix directory, ${HOME}/.Xauthority and file specified in ${XAUTHORITY} environment variable.
+Remove DISPLAY and XAUTHORITY environment variables.
+Stop with error message if X11 abstract socket will be accessible in jail.
+.TP
+\fBx11 xephyr
+Enable X11 sandboxing with xephyr.
+.TP
+\fBx11 xorg
+Enable X11 sandboxing with X11 security extension.
+.TP
+\fBx11 xpra
+Enable X11 sandboxing with xpra.
 .SH Resource limits, CPU affinity, Control Groups
 These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox.
@@ -255,6 +325,10 @@ The sandbox is placed in g1 control group.
 .SH User Environment
 .TP
+\fBallusers
+All user home directories are visible inside the sandbox. By default, only current user home directory is visible.
+.TP
 \fBname sandboxname
 Set sandbox name. Example:
 .br
@@ -284,9 +358,18 @@ Enable IPC namespace.
 .TP
 \fBnosound
 Disable sound system.
+.TP
+\fBno3d
+Disable 3D hardware acceleration.
 .SH Networking
 Networking features available in profile files.
+.TP
+\fBdefaultgw address
+Use this address as default gateway in the new network namespace.
+.TP
 \fBdns address
 Set a DNS server for the sandbox. Up to three DNS servers can be defined.
@@ -295,6 +378,45 @@ Set a DNS server for the sandbox. Up to three DNS servers can be defined.
 Set a hostname for the sandbox.
 .TP
+\fBip address
+Assign IP addresses to the last network interface defined by a net command. A
+default gateway is assigned by default.
+.br
+.br
+Example:
+.br
+net eth0
+.br
+ip 10.10.20.56
+.TP
+\fBip none
+No IP address and no default gateway are configured for the last interface
+defined by a net command. Use this option
+in case you intend to start an external DHCP client in the sandbox.
+.br
+.br
+Example:
+.br
+net eth0
+.br
+ip none
+.TP
+\fBip6 address
+Assign IPv6 addresses to the last network interface defined by a net command.
+.br
+.br
+Example:
+.br
+net eth0
+.br
+ip6 2001:0db8:0:f101::1/64
+.TP
 \fBiprange address,address
 Assign  an  IP address in the provided range to the last network
 interface defined by  a  net command.  A  default  gateway  is assigned by default.
@@ -311,6 +433,16 @@ iprange 192.168.1.150,192.168.1.160
 .br
 .TP
+\fBmac address
+Assign MAC addresses to the last network interface defined by a net command.
+.TP
+\fBmtu number
+Assign a MTU value to the last network interface defined by a net command.
+.TP
 \fBnetfilter
 If a new network namespace is created, enabled default network filter.
@@ -345,6 +477,17 @@ available in the new namespace is a new loopback interface (lo).
 Use this option to deny network access to programs that don't
 really need network access.
+.TP
+\fBveth-name name
+Use this name for the interface connected to the bridge for --net=bridge_interface commands, 
+instead of the default one.
+.SH Other
+.TP
+\fBjoin-or-start sandboxname
+Join the sandbox identified by name or start a new one.
+Same as "firejail --join=sandboxname" command if sandbox with specified name exists, otherwise same as "name sandboxname".
 .SH RELOCATING PROFILES
 For various reasons some users might want to keep the profile files in a different directory.
 Using \fB--profile-path\fR command line option, Firejail can be instructed to look for profiles
@@ -388,7 +531,6 @@ Homepage: http://firejail.wordpress.com
 \&\flfiremon\fR\|(1),
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-login\fR\|(5)
-\&\flfirejail-config\fR\|(5)

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 9045c1122..d6113218c 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -44,7 +44,7 @@ To disable default profile loading, use --noprofile command option. Example:
44	.RS	44	.RS
45	$ firejail	45	$ firejail
46	.br	46	.br
47	Reading profile /etc/firejail/generic.profile	47	Reading profile /etc/firejail/default.profile
48	.br	48	.br
49	Parent pid 8553, child pid 8554	49	Parent pid 8553, child pid 8554
50	.br	50	.br
@@ -93,11 +93,17 @@ If the file name matches file_name, the file will not be blacklisted in any blac
93	Example: "noblacklist ${HOME}/.mozilla"	93	Example: "noblacklist ${HOME}/.mozilla"
94		94
95	.TP	95	.TP
96	\fBignore command	96	\fBignore
97	Ignore command.	97	Ignore command.
98		98
99	Example: "ignore seccomp"	99	Example: "ignore seccomp"
100		100
		101	.TP
		102	\fBquiet
		103	Disable Firejail's output. This should be the first uncommented command in the profile file.
		104
		105	Example: "quiet"
		106
101	.SH Filesystem	107	.SH Filesystem
102	These profile entries define a chroot filesystem built on top of the existing	108	These profile entries define a chroot filesystem built on top of the existing
103	host filesystem. Each line describes a file element that is removed from	109	host filesystem. Each line describes a file element that is removed from
@@ -122,11 +128,16 @@ blacklist ${PATH}/ifconfig
122	blacklist ${HOME}/.ssh	128	blacklist ${HOME}/.ssh
123		129
124	.TP	130	.TP
125	\fBread-only file_or_directory	131	\fBblacklist-nolog file_or_directory
126	Make directory or file read-only.	132	When --tracelog flag is set, blacklisting generates syslog messages if the sandbox tries to access the file or directory.
127	.TP	133	blacklist-nolog command disables syslog messages for this particular file or directory. Examples:
128	\fBtmpfs directory	134	.br
129	Mount an empty tmpfs filesystem on top of directory. This option is available only when running the sandbox as root.	135
		136	.br
		137	blacklist-nolog /usr/bin
		138	.br
		139	blacklist-nolog /usr/bin/gcc*
		140
130	.TP	141	.TP
131	\fBbind directory1,directory2	142	\fBbind directory1,directory2
132	Mount-bind directory1 on top of directory2. This option is only available when running as root.	143	Mount-bind directory1 on top of directory2. This option is only available when running as root.
@@ -135,8 +146,14 @@ Mount-bind directory1 on top of directory2. This option is only available when r
135	Mount-bind file1 on top of file2. This option is only available when running as root.	146	Mount-bind file1 on top of file2. This option is only available when running as root.
136	.TP	147	.TP
137	\fBmkdir directory	148	\fBmkdir directory
138	Create a directory in user home. Use this command for whitelisted directories you need to preserve	149	Create a directory in user home before the sandbox is started.
139	when the sandbox is closed. Subdirectories also need to be created using mkdir. Example from	150	The directory is created if it doesn't already exist.
		151	.br
		152
		153	.br
		154	Use this command for whitelisted directories you need to preserve
		155	when the sandbox is closed. Without it, the application will create the directory, and the directory
		156	will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from
140	firefox profile:	157	firefox profile:
141	.br	158	.br
142		159
@@ -145,14 +162,17 @@ mkdir ~/.mozilla
145	.br	162	.br
146	whitelist ~/.mozilla	163	whitelist ~/.mozilla
147	.br	164	.br
148	mkdir ~/.cache
149	.br
150	mkdir ~/.cache/mozilla
151	.br
152	mkdir ~/.cache/mozilla/firefox	165	mkdir ~/.cache/mozilla/firefox
153	.br	166	.br
154	whitelist ~/.cache/mozilla/firefox	167	whitelist ~/.cache/mozilla/firefox
155	.TP	168	.TP
		169	\fBmkfile file
		170	Similar to mkdir, this command creates a file in user home before the sandbox is started.
		171	The file is created if it doesn't already exist, but it's target directory has to exist.
		172	.TP
		173	\fBnoexec file_or_directory
		174	Remount the file or the directory noexec, nodev and nosuid.
		175	.TP
156	\fBprivate	176	\fBprivate
157	Mount new /root and /home/user directories in temporary	177	Mount new /root and /home/user directories in temporary
158	filesystems. All modifications are discarded when the sandbox is	178	filesystems. All modifications are discarded when the sandbox is
@@ -161,6 +181,12 @@ closed.
161	\fBprivate directory	181	\fBprivate directory
162	Use directory as user home.	182	Use directory as user home.
163	.TP	183	.TP
		184	\f\private-home file,directory
		185	Build a new user home in a temporary
		186	filesystem, and copy the files and directories in the list in the
		187	new home. All modifications are discarded when the sandbox is
		188	closed.
		189	.TP
164	\fBprivate-bin file,file	190	\fBprivate-bin file,file
165	Build a new /bin in a temporary filesystem, and copy the programs in the list.	191	Build a new /bin in a temporary filesystem, and copy the programs in the list.
166	The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin.	192	The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin.
@@ -174,19 +200,43 @@ filesystem, and copy the files and directories in the list.
174	All modifications are discarded when the sandbox is closed.	200	All modifications are discarded when the sandbox is closed.
175	.TP	201	.TP
176	\fBprivate-tmp	202	\fBprivate-tmp
177	Mount an empty temporary filesystem on top of /tmp directory.	203	Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix.
178	.TP	204	.TP
179	\fBwhitelist file_or_directory	205	\fBread-only file_or_directory
180	Build a new user home in a temporary filesystem, and mount-bind file_or_directory.	206	Make directory or file read-only.
181	The modifications to file_or_directory are persistent, everything else is discarded	207	.TP
182	when the sandbox is closed.	208	\fBread-write file_or_directory
		209	Make directory or file read-write.
		210	.TP
		211	\fBtmpfs directory
		212	Mount an empty tmpfs filesystem on top of directory. This option is available only when running the sandbox as root.
183	.TP	213	.TP
184	\fBtracelog	214	\fBtracelog
185	Blacklist violations logged to syslog.	215	Blacklist violations logged to syslog.
		216	.TP
		217	\fBwhitelist file_or_directory
		218	Whitelist directory or file. A temporary file system is mounted on the top directory, and the
		219	whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
		220	everything else is discarded when the sandbox is closed. The top directory could be
		221	user home, /dev, /media, /mnt, /opt, /srv, /var, and /tmp.
		222	.br
		223
		224	.br
		225	Symbolic link handling: with the exception of user home, both the link and the real file should be in
		226	the same top directory. For user home, both the link and the real file should be owned by the user.
		227	.TP
		228	\fBwritable-etc
		229	Mount /etc directory read-write.
		230	.TP
		231	\fBwritable-var
		232	Mount /var directory read-write.
186	.SH Security filters	233	.SH Security filters
187	The following security filters are currently implemented:	234	The following security filters are currently implemented:
188		235
189	.TP	236	.TP
		237	\fBapparmor
		238	Enable AppArmor confinement.
		239	.TP
190	\fBcaps	240	\fBcaps
191	Enable default Linux capabilities filter.	241	Enable default Linux capabilities filter.
192	.TP	242	.TP
@@ -205,10 +255,7 @@ first argument to socket system call. Recognized values: \fBunix\fR,
205	\fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR.	255	\fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR.
206	.TP	256	.TP
207	\fBseccomp	257	\fBseccomp
208	Enable default seccomp filter. The default list is as follows:	258	Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details.
209	mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,
210	iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev,
211	sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.
212	.TP	259	.TP
213	\fBseccomp syscall,syscall,syscall	260	\fBseccomp syscall,syscall,syscall
214	Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter.	261	Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter.
@@ -219,9 +266,32 @@ Enable seccomp filter and blacklist the system calls in the list.
219	\fBseccomp.keep syscall,syscall,syscall	266	\fBseccomp.keep syscall,syscall,syscall
220	Enable seccomp filter and whitelist the system calls in the list.	267	Enable seccomp filter and whitelist the system calls in the list.
221	.TP	268	.TP
		269	\fBnonewprivs
		270	Sets the NO_NEW_PRIVS prctl. This ensures that child processes
		271	cannot acquire new privileges using execve(2); in particular,
		272	this means that calling a suid binary (or one with file capabilities)
		273	does not result in an increase of privilege.
		274	.TP
222	\fBnoroot	275	\fBnoroot
223	Use this command to enable an user namespace. The namespace has only one user, the current user.	276	Use this command to enable an user namespace. The namespace has only one user, the current user.
224	There is no root account (uid 0) defined in the namespace.	277	There is no root account (uid 0) defined in the namespace.
		278	.TP
		279	\fBx11
		280	Enable X11 sandboxing.
		281	.TP
		282	\fBx11 none
		283	Blacklist /tmp/.X11-unix directory, ${HOME}/.Xauthority and file specified in ${XAUTHORITY} environment variable.
		284	Remove DISPLAY and XAUTHORITY environment variables.
		285	Stop with error message if X11 abstract socket will be accessible in jail.
		286	.TP
		287	\fBx11 xephyr
		288	Enable X11 sandboxing with xephyr.
		289	.TP
		290	\fBx11 xorg
		291	Enable X11 sandboxing with X11 security extension.
		292	.TP
		293	\fBx11 xpra
		294	Enable X11 sandboxing with xpra.
225		295
226	.SH Resource limits, CPU affinity, Control Groups	296	.SH Resource limits, CPU affinity, Control Groups
227	These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox.	297	These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox.
@@ -255,6 +325,10 @@ The sandbox is placed in g1 control group.
255		325
256	.SH User Environment	326	.SH User Environment
257	.TP	327	.TP
		328	\fBallusers
		329	All user home directories are visible inside the sandbox. By default, only current user home directory is visible.
		330
		331	.TP
258	\fBname sandboxname	332	\fBname sandboxname
259	Set sandbox name. Example:	333	Set sandbox name. Example:
260	.br	334	.br
@@ -284,9 +358,18 @@ Enable IPC namespace.
284	.TP	358	.TP
285	\fBnosound	359	\fBnosound
286	Disable sound system.	360	Disable sound system.
		361	.TP
		362	\fBno3d
		363	Disable 3D hardware acceleration.
		364
287	.SH Networking	365	.SH Networking
288	Networking features available in profile files.	366	Networking features available in profile files.
289		367
		368	.TP
		369	\fBdefaultgw address
		370	Use this address as default gateway in the new network namespace.
		371
		372	.TP
290	\fBdns address	373	\fBdns address
291	Set a DNS server for the sandbox. Up to three DNS servers can be defined.	374	Set a DNS server for the sandbox. Up to three DNS servers can be defined.
292		375
@@ -295,6 +378,45 @@ Set a DNS server for the sandbox. Up to three DNS servers can be defined.
295	Set a hostname for the sandbox.	378	Set a hostname for the sandbox.
296		379
297	.TP	380	.TP
		381	\fBip address
		382	Assign IP addresses to the last network interface defined by a net command. A
		383	default gateway is assigned by default.
		384	.br
		385
		386	.br
		387	Example:
		388	.br
		389	net eth0
		390	.br
		391	ip 10.10.20.56
		392
		393	.TP
		394	\fBip none
		395	No IP address and no default gateway are configured for the last interface
		396	defined by a net command. Use this option
		397	in case you intend to start an external DHCP client in the sandbox.
		398	.br
		399
		400	.br
		401	Example:
		402	.br
		403	net eth0
		404	.br
		405	ip none
		406
		407	.TP
		408	\fBip6 address
		409	Assign IPv6 addresses to the last network interface defined by a net command.
		410	.br
		411
		412	.br
		413	Example:
		414	.br
		415	net eth0
		416	.br
		417	ip6 2001:0db8:0:f101::1/64
		418
		419	.TP
298	\fBiprange address,address	420	\fBiprange address,address
299	Assign an IP address in the provided range to the last network	421	Assign an IP address in the provided range to the last network
300	interface defined by a net command. A default gateway is assigned by default.	422	interface defined by a net command. A default gateway is assigned by default.
@@ -311,6 +433,16 @@ iprange 192.168.1.150,192.168.1.160
311	.br	433	.br
312		434
313	.TP	435	.TP
		436	\fBmac address
		437	Assign MAC addresses to the last network interface defined by a net command.
		438
		439	.TP
		440	\fBmtu number
		441	Assign a MTU value to the last network interface defined by a net command.
		442
		443
		444
		445	.TP
314	\fBnetfilter	446	\fBnetfilter
315	If a new network namespace is created, enabled default network filter.	447	If a new network namespace is created, enabled default network filter.
316		448
@@ -345,6 +477,17 @@ available in the new namespace is a new loopback interface (lo).
345	Use this option to deny network access to programs that don't	477	Use this option to deny network access to programs that don't
346	really need network access.	478	really need network access.
347		479
		480	.TP
		481	\fBveth-name name
		482	Use this name for the interface connected to the bridge for --net=bridge_interface commands,
		483	instead of the default one.
		484
		485	.SH Other
		486	.TP
		487	\fBjoin-or-start sandboxname
		488	Join the sandbox identified by name or start a new one.
		489	Same as "firejail --join=sandboxname" command if sandbox with specified name exists, otherwise same as "name sandboxname".
		490
348	.SH RELOCATING PROFILES	491	.SH RELOCATING PROFILES
349	For various reasons some users might want to keep the profile files in a different directory.	492	For various reasons some users might want to keep the profile files in a different directory.
350	Using \fB--profile-path\fR command line option, Firejail can be instructed to look for profiles	493	Using \fB--profile-path\fR command line option, Firejail can be instructed to look for profiles
@@ -388,7 +531,6 @@ Homepage: http://firejail.wordpress.com
388	\&\flfiremon\fR\\|(1),	531	\&\flfiremon\fR\\|(1),
389	\&\flfirecfg\fR\\|(1),	532	\&\flfirecfg\fR\\|(1),
390	\&\flfirejail-login\fR\\|(5)	533	\&\flfirejail-login\fR\\|(5)
391	\&\flfirejail-config\fR\\|(5)
392		534
393		535
394		536