diff options
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index fa522c154..aa1aec567 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -81,11 +81,21 @@ Include other.profile file. | |||
81 | 81 | ||
82 | Example: "include /etc/firejail/disable-common.inc" | 82 | Example: "include /etc/firejail/disable-common.inc" |
83 | 83 | ||
84 | other.profile file name can be prefixed with ${HOME}. This will force Firejail to look for the | 84 | The file name can be prefixed with a macro such as ${HOME} or ${CFG}. |
85 | file in user home directory. | 85 | ${HOME} is expanded as user home directory, and ${CFG} is expanded as |
86 | Firejail system configuration directory - in most cases /etc/firejail or | ||
87 | /usr/local/etc/firejail. | ||
86 | 88 | ||
87 | Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. | 89 | Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. |
88 | 90 | ||
91 | Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file. | ||
92 | |||
93 | System configuration files in ${CFG} are overwritten during software installation. | ||
94 | Persistent configuration at system level is handled in ".local" files. For every | ||
95 | profile file in ${CFG} directory, the user can create a corresponding .local file | ||
96 | storing modifications to the persistent configuration. Persistent .local files | ||
97 | are included at the start of regular profile files. | ||
98 | |||
89 | .TP | 99 | .TP |
90 | \fBnoblacklist file_name | 100 | \fBnoblacklist file_name |
91 | If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow. | 101 | If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow. |
@@ -240,6 +250,11 @@ Mount /etc directory read-write. | |||
240 | .TP | 250 | .TP |
241 | \fBwritable-var | 251 | \fBwritable-var |
242 | Mount /var directory read-write. | 252 | Mount /var directory read-write. |
253 | .TP | ||
254 | \fBwritable-var-log | ||
255 | Use the real /var/log directory, not a clone. By default, a tmpfs is mounted on top of /var/log | ||
256 | directory, and a skeleton filesystem is created based on the original /var/log. | ||
257 | |||
243 | .SH Security filters | 258 | .SH Security filters |
244 | The following security filters are currently implemented: | 259 | The following security filters are currently implemented: |
245 | 260 | ||
@@ -388,6 +403,10 @@ Set a DNS server for the sandbox. Up to three DNS servers can be defined. | |||
388 | Set a hostname for the sandbox. | 403 | Set a hostname for the sandbox. |
389 | 404 | ||
390 | .TP | 405 | .TP |
406 | \fBhosts-file file | ||
407 | Use file as /etc/hosts. | ||
408 | |||
409 | .TP | ||
391 | \fBip address | 410 | \fBip address |
392 | Assign IP addresses to the last network interface defined by a net command. A | 411 | Assign IP addresses to the last network interface defined by a net command. A |
393 | default gateway is assigned by default. | 412 | default gateway is assigned by default. |
@@ -448,7 +467,7 @@ Assign MAC addresses to the last network interface defined by a net command. | |||
448 | 467 | ||
449 | .TP | 468 | .TP |
450 | \fBmachine-id | 469 | \fBmachine-id |
451 | Preserve id number in /etc/machine-id file. By default a new random id is generated inside the sandbox. | 470 | Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox. |
452 | 471 | ||
453 | .TP | 472 | .TP |
454 | \fBmtu number | 473 | \fBmtu number |