diff options
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index fae97ceb7..982b40d89 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -326,6 +326,22 @@ $ firejail \-\-list | |||
326 | $ firejail \-\-cpu.print=3272 | 326 | $ firejail \-\-cpu.print=3272 |
327 | 327 | ||
328 | .TP | 328 | .TP |
329 | \fB\-\-dbus-log=file | ||
330 | Specify the location for the DBus log file. | ||
331 | .br | ||
332 | |||
333 | .br | ||
334 | The log file contains events for both the system and session buses if both of | ||
335 | the --dbus-sysem.log and --dbus-user.log options are specified. If no log file | ||
336 | path is given, logs are written to the standard output instead. | ||
337 | .br | ||
338 | |||
339 | .br | ||
340 | Example: | ||
341 | .br | ||
342 | $ firejail --dbus-system=filter --dbus-system.log --dbus-log=dbus.txt | ||
343 | |||
344 | .TP | ||
329 | \fB\-\-dbus-system=filter|none | 345 | \fB\-\-dbus-system=filter|none |
330 | Set system DBus sandboxing policy. | 346 | Set system DBus sandboxing policy. |
331 | .br | 347 | .br |
@@ -353,6 +369,52 @@ Example: | |||
353 | $ firejail \-\-dbus-system=none | 369 | $ firejail \-\-dbus-system=none |
354 | 370 | ||
355 | .TP | 371 | .TP |
372 | \fB\-\-dbus-system.broadcast=name=[member][@path] | ||
373 | Allows the application to receive broadcast signals from theindicated interface | ||
374 | member at the indicated object path exposed by the indicated bus name on the | ||
375 | system DBus. | ||
376 | The name may have a .* suffix to match all names underneath it, including | ||
377 | itself. | ||
378 | The interface member may have a .* to match all members of an interface, or be * to match all interfaces. | ||
379 | The path may have a /* suffix to indicate all objects underneath it, including | ||
380 | itself. | ||
381 | Omitting the interface member or the object path will match all members and | ||
382 | object paths, respectively. | ||
383 | .br | ||
384 | |||
385 | .br | ||
386 | Example: | ||
387 | .br | ||
388 | $ firejail --dbus-system=filter --dbus-system.broadcast=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
389 | |||
390 | .TP | ||
391 | \fB\-\-dbus-system.call=name=[member][@path] | ||
392 | Allows the application to call the indicated interface member at the indicated | ||
393 | object path exposed by the indicated bus name on the system DBus. | ||
394 | The name may have a .* suffix to match all names underneath it, including | ||
395 | itself. | ||
396 | The interface member may have a .* to match all members of an interface, or be * to match all interfaces. | ||
397 | The path may have a /* suffix to indicate all objects underneath it, including | ||
398 | itself. | ||
399 | Omitting the interface member or the object path will match all members and | ||
400 | object paths, respectively. | ||
401 | .br | ||
402 | |||
403 | .br | ||
404 | Example: | ||
405 | .br | ||
406 | $ firejail --dbus-system=filter --dbus-system.call=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
407 | |||
408 | .TP | ||
409 | \fB\-\-dbus-system.log | ||
410 | Turn on DBus logging for the system DBus. This option requires --dbus-system=log. | ||
411 | |||
412 | .br | ||
413 | Example: | ||
414 | .br | ||
415 | $ firejail --dbus-system=filter --dbus-system.log | ||
416 | |||
417 | .TP | ||
356 | \fB\-\-dbus-system.own=name | 418 | \fB\-\-dbus-system.own=name |
357 | Allows the application to own the specified well-known name on the system DBus. | 419 | Allows the application to own the specified well-known name on the system DBus. |
358 | The name may have a .* suffix to match all names underneath it, including itself | 420 | The name may have a .* suffix to match all names underneath it, including itself |
@@ -366,6 +428,20 @@ Example: | |||
366 | $ firejail --dbus-system=filter --dbus-system.own=org.gnome.ghex.* | 428 | $ firejail --dbus-system=filter --dbus-system.own=org.gnome.ghex.* |
367 | 429 | ||
368 | .TP | 430 | .TP |
431 | \fB\-\-dbus-system.see=name | ||
432 | Allows the application to see, but not talk to the specified well-known name on | ||
433 | the system DBus. | ||
434 | The name may have a .* suffix to match all names underneath it, including itself | ||
435 | (e.g. "foo.bar.*" matches "foo.bar", "foo.bar.baz" and "foo.bar.baz.quux", but | ||
436 | not "foobar"). | ||
437 | .br | ||
438 | |||
439 | .br | ||
440 | Example: | ||
441 | .br | ||
442 | $ firejail --dbus-system=filter --dbus-system.see=org.freedesktop.Notifications | ||
443 | |||
444 | .TP | ||
369 | \fB\-\-dbus-system.talk=name | 445 | \fB\-\-dbus-system.talk=name |
370 | Allows the application to talk to the specified well-known name on the system DBus. | 446 | Allows the application to talk to the specified well-known name on the system DBus. |
371 | The name may have a .* suffix to match all names underneath it, including itself | 447 | The name may have a .* suffix to match all names underneath it, including itself |
@@ -406,6 +482,52 @@ Example: | |||
406 | $ firejail \-\-dbus-user=none | 482 | $ firejail \-\-dbus-user=none |
407 | 483 | ||
408 | .TP | 484 | .TP |
485 | \fB\-\-dbus-user.broadcast=name=[member][@path] | ||
486 | Allows the application to receive broadcast signals from theindicated interface | ||
487 | member at the indicated object path exposed by the indicated bus name on the | ||
488 | session DBus. | ||
489 | The name may have a .* suffix to match all names underneath it, including | ||
490 | itself. | ||
491 | The interface member may have a .* to match all members of an interface, or be * to match all interfaces. | ||
492 | The path may have a /* suffix to indicate all objects underneath it, including | ||
493 | itself. | ||
494 | Omitting the interface member or the object path will match all members and | ||
495 | object paths, respectively. | ||
496 | .br | ||
497 | |||
498 | .br | ||
499 | Example: | ||
500 | .br | ||
501 | $ firejail --dbus-user=filter --dbus-user.broadcast=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
502 | |||
503 | .TP | ||
504 | \fB\-\-dbus-user.call=name=[member][@path] | ||
505 | Allows the application to call the indicated interface member at the indicated | ||
506 | object path exposed by the indicated bus name on the session DBus. | ||
507 | The name may have a .* suffix to match all names underneath it, including | ||
508 | itself. | ||
509 | The interface member may have a .* to match all members of an interface, or be * to match all interfaces. | ||
510 | The path may have a /* suffix to indicate all objects underneath it, including | ||
511 | itself. | ||
512 | Omitting the interface member or the object path will match all members and | ||
513 | object paths, respectively. | ||
514 | .br | ||
515 | |||
516 | .br | ||
517 | Example: | ||
518 | .br | ||
519 | $ firejail --dbus-user=filter --dbus-user.call=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications | ||
520 | |||
521 | .TP | ||
522 | \fB\-\-dbus-user.log | ||
523 | Turn on DBus logging for the session DBus. This option requires --dbus-user=log. | ||
524 | |||
525 | .br | ||
526 | Example: | ||
527 | .br | ||
528 | $ firejail --dbus-user=filter --dbus-user.log | ||
529 | |||
530 | .TP | ||
409 | \fB\-\-dbus-user.own=name | 531 | \fB\-\-dbus-user.own=name |
410 | Allows the application to own the specified well-known name on the session DBus. | 532 | Allows the application to own the specified well-known name on the session DBus. |
411 | The name may have a .* suffix to match all names underneath it, including itself | 533 | The name may have a .* suffix to match all names underneath it, including itself |
@@ -432,6 +554,20 @@ Example: | |||
432 | $ firejail --dbus-user=filter --dbus-user.talk=org.freedesktop.Notifications | 554 | $ firejail --dbus-user=filter --dbus-user.talk=org.freedesktop.Notifications |
433 | 555 | ||
434 | .TP | 556 | .TP |
557 | \fB\-\-dbus-user.see=name | ||
558 | Allows the application to see, but not talk to the specified well-known name on | ||
559 | the session DBus. | ||
560 | The name may have a .* suffix to match all names underneath it, including itself | ||
561 | (e.g. "foo.bar.*" matches "foo.bar", "foo.bar.baz" and "foo.bar.baz.quux", but | ||
562 | not "foobar"). | ||
563 | .br | ||
564 | |||
565 | .br | ||
566 | Example: | ||
567 | .br | ||
568 | $ firejail --dbus-user=filter --dbus-user.see=org.freedesktop.Notifications | ||
569 | |||
570 | .TP | ||
435 | \fB\-\-debug\fR | 571 | \fB\-\-debug\fR |
436 | Print debug messages. | 572 | Print debug messages. |
437 | .br | 573 | .br |