diff options
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 6eb7c3ff7..a3c39a82b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1513,10 +1513,28 @@ $ firejail "\-\-whitelist=/home/username/My Virtual Machines" | |||
1513 | 1513 | ||
1514 | .TP | 1514 | .TP |
1515 | \fB\-\-x11 | 1515 | \fB\-\-x11 |
1516 | Start a new X11 server using Xpra or Xephyr and attach the sandbox to this server. | ||
1517 | The regular X11 server (display 0) is not visible in the sandbox. This prevents screenshot and keylogger | ||
1518 | applications started in the sandbox from accessing other X11 displays. | ||
1519 | A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket. | ||
1520 | .br | ||
1521 | |||
1522 | .br | ||
1523 | Firejail will try first Xpra, and if Xpra is not installed on the system, it will try to find Xephyr. | ||
1524 | This feature is not available when running as root. | ||
1525 | .br | ||
1526 | |||
1527 | .br | ||
1528 | Example: | ||
1529 | .br | ||
1530 | $ firejail \-\-x11 --net=eth0 firefox | ||
1531 | |||
1532 | .TP | ||
1533 | \fB\-\-x11=xpra | ||
1516 | Start a new X11 server using Xpra (http://xpra.org) and attach the sandbox to this server. | 1534 | Start a new X11 server using Xpra (http://xpra.org) and attach the sandbox to this server. |
1517 | Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens. | 1535 | Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens. |
1518 | The regular X11 server (display 0) is not visible in the sandbox. This prevents screenshot and keylogger | 1536 | On Debian platforms Xpra is installed with the command \fBsudo apt-get install xpra\fR. |
1519 | applications started in the sandbox from accessing display 0. This feature is not available when running as root. | 1537 | This feature is not available when running as root. |
1520 | .br | 1538 | .br |
1521 | 1539 | ||
1522 | .br | 1540 | .br |
@@ -1525,6 +1543,27 @@ Example: | |||
1525 | $ firejail \-\-x11 --net=eth0 firefox | 1543 | $ firejail \-\-x11 --net=eth0 firefox |
1526 | 1544 | ||
1527 | .TP | 1545 | .TP |
1546 | \fB\-\-x11=xephyr | ||
1547 | Start a new X11 server using Xephyr and attach the sandbox to this server. | ||
1548 | Xephyr is a display server implementing the X11 display server protocol. | ||
1549 | It runs in a window just like other X applications, but it is an X server itself in which you can run other software. | ||
1550 | The default Xephyr window size is 800x600. This can be modified in /etc/firejail/firejail.config file, | ||
1551 | see \fBman 5 firejail-config\fR for more details. | ||
1552 | .br | ||
1553 | |||
1554 | .br | ||
1555 | The recommended way to use this feature is to run a window manager inside the sandbox. | ||
1556 | A security profile for OpenBox is provided. | ||
1557 | On Debian platforms Xephyr is installed with the command \fBsudo apt-get install xserver-xephyr\fR. | ||
1558 | This feature is not available when running as root. | ||
1559 | .br | ||
1560 | |||
1561 | .br | ||
1562 | Example: | ||
1563 | .br | ||
1564 | $ firejail \-\-x11 --net=eth0 openbox | ||
1565 | |||
1566 | .TP | ||
1528 | \fB\-\-zsh | 1567 | \fB\-\-zsh |
1529 | Use /usr/bin/zsh as default user shell. | 1568 | Use /usr/bin/zsh as default user shell. |
1530 | .br | 1569 | .br |