1 files changed, 22 insertions, 3 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index fa522c154..aa1aec567 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -81,11 +81,21 @@ Include other.profile file.
 Example: "include /etc/firejail/disable-common.inc"
-other.profile file name can be prefixed with ${HOME}. This will force Firejail to look for the
+The file name can be prefixed with a macro such as ${HOME} or ${CFG}.
-file in user home directory.
+${HOME} is expanded as user home directory, and ${CFG} is expanded as
+Firejail system configuration directory - in most cases /etc/firejail or
+/usr/local/etc/firejail.
 Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file.
+Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file.
+System configuration files in ${CFG} are overwritten during software installation.
+Persistent configuration at system level is handled in ".local" files. For every
+profile file in ${CFG} directory, the user can create a corresponding .local file 
+storing modifications to the persistent configuration. Persistent .local files
+are included at the start of regular profile files.
 .TP
 \fBnoblacklist file_name
 If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow.
@@ -240,6 +250,11 @@ Mount /etc directory read-write.
 .TP
 \fBwritable-var
 Mount /var directory read-write.
+.TP
+\fBwritable-var-log
+Use the real /var/log directory, not a clone. By default, a tmpfs is mounted on top of /var/log
+directory, and a skeleton filesystem is created based on the original /var/log.
 .SH Security filters
 The following security filters are currently implemented:
@@ -388,6 +403,10 @@ Set a DNS server for the sandbox. Up to three DNS servers can be defined.
 Set a hostname for the sandbox.
 .TP
+\fBhosts-file file
+Use file as /etc/hosts.
+.TP
 \fBip address
 Assign IP addresses to the last network interface defined by a net command. A
 default gateway is assigned by default.
@@ -448,7 +467,7 @@ Assign MAC addresses to the last network interface defined by a net command.
 .TP
 \fBmachine-id
-Preserve id number in /etc/machine-id file. By default a new random id is generated inside the sandbox.
+Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox.
 .TP
 \fBmtu number

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index fa522c154..aa1aec567 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -81,11 +81,21 @@ Include other.profile file.
81		81
82	Example: "include /etc/firejail/disable-common.inc"	82	Example: "include /etc/firejail/disable-common.inc"
83		83
84	other.profile file name can be prefixed with ${HOME}. This will force Firejail to look for the	84	The file name can be prefixed with a macro such as ${HOME} or ${CFG}.
85	file in user home directory.	85	${HOME} is expanded as user home directory, and ${CFG} is expanded as
		86	Firejail system configuration directory - in most cases /etc/firejail or
		87	/usr/local/etc/firejail.
86		88
87	Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file.	89	Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file.
88		90
		91	Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file.
		92
		93	System configuration files in ${CFG} are overwritten during software installation.
		94	Persistent configuration at system level is handled in ".local" files. For every
		95	profile file in ${CFG} directory, the user can create a corresponding .local file
		96	storing modifications to the persistent configuration. Persistent .local files
		97	are included at the start of regular profile files.
		98
89	.TP	99	.TP
90	\fBnoblacklist file_name	100	\fBnoblacklist file_name
91	If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow.	101	If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow.
@@ -240,6 +250,11 @@ Mount /etc directory read-write.
240	.TP	250	.TP
241	\fBwritable-var	251	\fBwritable-var
242	Mount /var directory read-write.	252	Mount /var directory read-write.
		253	.TP
		254	\fBwritable-var-log
		255	Use the real /var/log directory, not a clone. By default, a tmpfs is mounted on top of /var/log
		256	directory, and a skeleton filesystem is created based on the original /var/log.
		257
243	.SH Security filters	258	.SH Security filters
244	The following security filters are currently implemented:	259	The following security filters are currently implemented:
245		260
@@ -388,6 +403,10 @@ Set a DNS server for the sandbox. Up to three DNS servers can be defined.
388	Set a hostname for the sandbox.	403	Set a hostname for the sandbox.
389		404
390	.TP	405	.TP
		406	\fBhosts-file file
		407	Use file as /etc/hosts.
		408
		409	.TP
391	\fBip address	410	\fBip address
392	Assign IP addresses to the last network interface defined by a net command. A	411	Assign IP addresses to the last network interface defined by a net command. A
393	default gateway is assigned by default.	412	default gateway is assigned by default.
@@ -448,7 +467,7 @@ Assign MAC addresses to the last network interface defined by a net command.
448		467
449	.TP	468	.TP
450	\fBmachine-id	469	\fBmachine-id
451	Preserve id number in /etc/machine-id file. By default a new random id is generated inside the sandbox.	470	Spoof id number in /etc/machine-id file - a new random id is generated inside the sandbox.
452		471
453	.TP	472	.TP
454	\fBmtu number	473	\fBmtu number