diff options
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e60c139a5..a088d971a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2127,27 +2127,27 @@ cdrom cdrw dri dvd dvdrw full log null ptmx pts random shm snd sr0 | |||
2127 | .br | 2127 | .br |
2128 | $ | 2128 | $ |
2129 | .TP | 2129 | .TP |
2130 | \fB\-\-private-etc, \-\-private-etc=file,directory | 2130 | \fB\-\-private-etc, \-\-private-etc=file,directory,@group |
2131 | The files installed by \-\-private-etc are copies of the original system files from /etc directory. | 2131 | The files installed by \-\-private-etc are copies of the original system files from /etc directory. |
2132 | By default, the command brings in a skeleton of files and directories used by most console tools: | 2132 | By default, the command brings in a skeleton of files and directories used by most console tools: |
2133 | 2133 | ||
2134 | $ firejail --private-etc dig debian.org | 2134 | $ firejail --private-etc dig debian.org |
2135 | 2135 | ||
2136 | For X11/GTK/QT/Gnome/KDE programs add GUI group as a parameter. Example: | 2136 | For X11/GTK/QT/Gnome/KDE programs add @x11 group as a parameter. Example: |
2137 | 2137 | ||
2138 | $ firejail --private-etc=GUI,python* gimp | 2138 | $ firejail --private-etc=@x11,gcrypt,python* gimp |
2139 | 2139 | ||
2140 | /etc/python* directories are not part of the generic GUI group. | 2140 | gcrypt and /etc/python* directories are not part of the generic @x11 group. |
2141 | These directories are reuqired by Gimp plugin system. File globbing is supported. | 2141 | File globbing is supported. |
2142 | 2142 | ||
2143 | For games, add GAMES group: | 2143 | For games, add @games group: |
2144 | 2144 | ||
2145 | $ firejail --private-etc=GUI,GAMES warzone2100 | 2145 | $ firejail --private-etc=@games,@x11 warzone2100 |
2146 | 2146 | ||
2147 | Sound and networking files are included automatically, unless \-\-nosound or \-\-net=none are specified. | 2147 | Sound and networking files are included automatically, unless \-\-nosound or \-\-net=none are specified. |
2148 | Files for encrypted TLS/SSL protocol are in TLS-CA group. | 2148 | Files for encrypted TLS/SSL protocol are in @tls-ca group. |
2149 | 2149 | ||
2150 | $ firejail --private-etc=TLS-CA,wgetrc wget https://debian.org | 2150 | $ firejail --private-etc=@tls-ca,wgetrc wget https://debian.org |
2151 | 2151 | ||
2152 | 2152 | ||
2153 | Note: The easiest way to extract the list of /etc files accessed by your program is using strace utility: | 2153 | Note: The easiest way to extract the list of /etc files accessed by your program is using strace utility: |