1 files changed, 136 insertions, 0 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index fae97ceb7..982b40d89 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -326,6 +326,22 @@ $ firejail \-\-list
 $ firejail \-\-cpu.print=3272
 .TP
+\fB\-\-dbus-log=file
+Specify the location for the DBus log file.
+.br
+.br
+The log file contains events for both the system and session buses if both of
+the --dbus-sysem.log and --dbus-user.log options are specified. If no log file
+path is given, logs are written to the standard output instead.
+.br
+.br
+Example:
+.br
+$ firejail --dbus-system=filter --dbus-system.log --dbus-log=dbus.txt
+.TP
 \fB\-\-dbus-system=filter|none
 Set system DBus sandboxing policy. 
 .br
@@ -353,6 +369,52 @@ Example:
 $ firejail \-\-dbus-system=none
 .TP
+\fB\-\-dbus-system.broadcast=name=[member][@path]
+Allows the application to receive broadcast signals from theindicated interface
+member at the indicated object path exposed by the indicated bus name on the
+system DBus.
+The name may have a .* suffix to match all names underneath it, including
+itself.
+The interface member may have a .* to match all members of an interface, or be * to match all interfaces.
+The path may have a /* suffix to indicate all objects underneath it, including
+itself.
+Omitting the interface member or the object path will match all members and
+object paths, respectively.
+.br
+.br
+Example:
+.br
+$ firejail --dbus-system=filter --dbus-system.broadcast=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
+.TP
+\fB\-\-dbus-system.call=name=[member][@path]
+Allows the application to call the indicated interface member at the indicated
+object path exposed by the indicated bus name on the system DBus.
+The name may have a .* suffix to match all names underneath it, including
+itself.
+The interface member may have a .* to match all members of an interface, or be * to match all interfaces.
+The path may have a /* suffix to indicate all objects underneath it, including
+itself.
+Omitting the interface member or the object path will match all members and
+object paths, respectively.
+.br
+.br
+Example:
+.br
+$ firejail --dbus-system=filter --dbus-system.call=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
+.TP
+\fB\-\-dbus-system.log
+Turn on DBus logging for the system DBus. This option requires --dbus-system=log.
+.br
+Example:
+.br
+$ firejail --dbus-system=filter --dbus-system.log
+.TP
 \fB\-\-dbus-system.own=name
 Allows the application to own the specified well-known name on the system DBus.
 The name may have a .* suffix to match all names underneath it, including itself
@@ -366,6 +428,20 @@ Example:
 $ firejail --dbus-system=filter --dbus-system.own=org.gnome.ghex.*
 .TP
+\fB\-\-dbus-system.see=name
+Allows the application to see, but not talk to the specified well-known name on
+the system DBus.
+The name may have a .* suffix to match all names underneath it, including itself
+(e.g. "foo.bar.*" matches "foo.bar", "foo.bar.baz" and "foo.bar.baz.quux", but
+not "foobar").
+.br
+.br
+Example:
+.br
+$ firejail --dbus-system=filter --dbus-system.see=org.freedesktop.Notifications
+.TP
 \fB\-\-dbus-system.talk=name
 Allows the application to talk to the specified well-known name on the system DBus.
 The name may have a .* suffix to match all names underneath it, including itself
@@ -406,6 +482,52 @@ Example:
 $ firejail \-\-dbus-user=none
 .TP
+\fB\-\-dbus-user.broadcast=name=[member][@path]
+Allows the application to receive broadcast signals from theindicated interface
+member at the indicated object path exposed by the indicated bus name on the
+session DBus.
+The name may have a .* suffix to match all names underneath it, including
+itself.
+The interface member may have a .* to match all members of an interface, or be * to match all interfaces.
+The path may have a /* suffix to indicate all objects underneath it, including
+itself.
+Omitting the interface member or the object path will match all members and
+object paths, respectively.
+.br
+.br
+Example:
+.br
+$ firejail --dbus-user=filter --dbus-user.broadcast=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
+.TP
+\fB\-\-dbus-user.call=name=[member][@path]
+Allows the application to call the indicated interface member at the indicated
+object path exposed by the indicated bus name on the session DBus.
+The name may have a .* suffix to match all names underneath it, including
+itself.
+The interface member may have a .* to match all members of an interface, or be * to match all interfaces.
+The path may have a /* suffix to indicate all objects underneath it, including
+itself.
+Omitting the interface member or the object path will match all members and
+object paths, respectively.
+.br
+.br
+Example:
+.br
+$ firejail --dbus-user=filter --dbus-user.call=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
+.TP
+\fB\-\-dbus-user.log
+Turn on DBus logging for the session DBus. This option requires --dbus-user=log.
+.br
+Example:
+.br
+$ firejail --dbus-user=filter --dbus-user.log
+.TP
 \fB\-\-dbus-user.own=name
 Allows the application to own the specified well-known name on the session DBus.
 The name may have a .* suffix to match all names underneath it, including itself
@@ -432,6 +554,20 @@ Example:
 $ firejail --dbus-user=filter --dbus-user.talk=org.freedesktop.Notifications
 .TP
+\fB\-\-dbus-user.see=name
+Allows the application to see, but not talk to the specified well-known name on
+the session DBus.
+The name may have a .* suffix to match all names underneath it, including itself
+(e.g. "foo.bar.*" matches "foo.bar", "foo.bar.baz" and "foo.bar.baz.quux", but
+not "foobar").
+.br
+.br
+Example:
+.br
+$ firejail --dbus-user=filter --dbus-user.see=org.freedesktop.Notifications
+.TP
 \fB\-\-debug\fR
 Print debug messages.
 .br

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index fae97ceb7..982b40d89 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -326,6 +326,22 @@ $ firejail \-\-list
326	$ firejail \-\-cpu.print=3272	326	$ firejail \-\-cpu.print=3272
327		327
328	.TP	328	.TP
		329	\fB\-\-dbus-log=file
		330	Specify the location for the DBus log file.
		331	.br
		332
		333	.br
		334	The log file contains events for both the system and session buses if both of
		335	the --dbus-sysem.log and --dbus-user.log options are specified. If no log file
		336	path is given, logs are written to the standard output instead.
		337	.br
		338
		339	.br
		340	Example:
		341	.br
		342	$ firejail --dbus-system=filter --dbus-system.log --dbus-log=dbus.txt
		343
		344	.TP
329	\fB\-\-dbus-system=filter\|none	345	\fB\-\-dbus-system=filter\|none
330	Set system DBus sandboxing policy.	346	Set system DBus sandboxing policy.
331	.br	347	.br
@@ -353,6 +369,52 @@ Example:
353	$ firejail \-\-dbus-system=none	369	$ firejail \-\-dbus-system=none
354		370
355	.TP	371	.TP
		372	\fB\-\-dbus-system.broadcast=name=[member][@path]
		373	Allows the application to receive broadcast signals from theindicated interface
		374	member at the indicated object path exposed by the indicated bus name on the
		375	system DBus.
		376	The name may have a .* suffix to match all names underneath it, including
		377	itself.
		378	The interface member may have a .* to match all members of an interface, or be * to match all interfaces.
		379	The path may have a /* suffix to indicate all objects underneath it, including
		380	itself.
		381	Omitting the interface member or the object path will match all members and
		382	object paths, respectively.
		383	.br
		384
		385	.br
		386	Example:
		387	.br
		388	$ firejail --dbus-system=filter --dbus-system.broadcast=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
		389
		390	.TP
		391	\fB\-\-dbus-system.call=name=[member][@path]
		392	Allows the application to call the indicated interface member at the indicated
		393	object path exposed by the indicated bus name on the system DBus.
		394	The name may have a .* suffix to match all names underneath it, including
		395	itself.
		396	The interface member may have a .* to match all members of an interface, or be * to match all interfaces.
		397	The path may have a /* suffix to indicate all objects underneath it, including
		398	itself.
		399	Omitting the interface member or the object path will match all members and
		400	object paths, respectively.
		401	.br
		402
		403	.br
		404	Example:
		405	.br
		406	$ firejail --dbus-system=filter --dbus-system.call=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
		407
		408	.TP
		409	\fB\-\-dbus-system.log
		410	Turn on DBus logging for the system DBus. This option requires --dbus-system=log.
		411
		412	.br
		413	Example:
		414	.br
		415	$ firejail --dbus-system=filter --dbus-system.log
		416
		417	.TP
356	\fB\-\-dbus-system.own=name	418	\fB\-\-dbus-system.own=name
357	Allows the application to own the specified well-known name on the system DBus.	419	Allows the application to own the specified well-known name on the system DBus.
358	The name may have a .* suffix to match all names underneath it, including itself	420	The name may have a .* suffix to match all names underneath it, including itself
@@ -366,6 +428,20 @@ Example:
366	$ firejail --dbus-system=filter --dbus-system.own=org.gnome.ghex.*	428	$ firejail --dbus-system=filter --dbus-system.own=org.gnome.ghex.*
367		429
368	.TP	430	.TP
		431	\fB\-\-dbus-system.see=name
		432	Allows the application to see, but not talk to the specified well-known name on
		433	the system DBus.
		434	The name may have a .* suffix to match all names underneath it, including itself
		435	(e.g. "foo.bar.*" matches "foo.bar", "foo.bar.baz" and "foo.bar.baz.quux", but
		436	not "foobar").
		437	.br
		438
		439	.br
		440	Example:
		441	.br
		442	$ firejail --dbus-system=filter --dbus-system.see=org.freedesktop.Notifications
		443
		444	.TP
369	\fB\-\-dbus-system.talk=name	445	\fB\-\-dbus-system.talk=name
370	Allows the application to talk to the specified well-known name on the system DBus.	446	Allows the application to talk to the specified well-known name on the system DBus.
371	The name may have a .* suffix to match all names underneath it, including itself	447	The name may have a .* suffix to match all names underneath it, including itself
@@ -406,6 +482,52 @@ Example:
406	$ firejail \-\-dbus-user=none	482	$ firejail \-\-dbus-user=none
407		483
408	.TP	484	.TP
		485	\fB\-\-dbus-user.broadcast=name=[member][@path]
		486	Allows the application to receive broadcast signals from theindicated interface
		487	member at the indicated object path exposed by the indicated bus name on the
		488	session DBus.
		489	The name may have a .* suffix to match all names underneath it, including
		490	itself.
		491	The interface member may have a .* to match all members of an interface, or be * to match all interfaces.
		492	The path may have a /* suffix to indicate all objects underneath it, including
		493	itself.
		494	Omitting the interface member or the object path will match all members and
		495	object paths, respectively.
		496	.br
		497
		498	.br
		499	Example:
		500	.br
		501	$ firejail --dbus-user=filter --dbus-user.broadcast=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
		502
		503	.TP
		504	\fB\-\-dbus-user.call=name=[member][@path]
		505	Allows the application to call the indicated interface member at the indicated
		506	object path exposed by the indicated bus name on the session DBus.
		507	The name may have a .* suffix to match all names underneath it, including
		508	itself.
		509	The interface member may have a .* to match all members of an interface, or be * to match all interfaces.
		510	The path may have a /* suffix to indicate all objects underneath it, including
		511	itself.
		512	Omitting the interface member or the object path will match all members and
		513	object paths, respectively.
		514	.br
		515
		516	.br
		517	Example:
		518	.br
		519	$ firejail --dbus-user=filter --dbus-user.call=org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
		520
		521	.TP
		522	\fB\-\-dbus-user.log
		523	Turn on DBus logging for the session DBus. This option requires --dbus-user=log.
		524
		525	.br
		526	Example:
		527	.br
		528	$ firejail --dbus-user=filter --dbus-user.log
		529
		530	.TP
409	\fB\-\-dbus-user.own=name	531	\fB\-\-dbus-user.own=name
410	Allows the application to own the specified well-known name on the session DBus.	532	Allows the application to own the specified well-known name on the session DBus.
411	The name may have a .* suffix to match all names underneath it, including itself	533	The name may have a .* suffix to match all names underneath it, including itself
@@ -432,6 +554,20 @@ Example:
432	$ firejail --dbus-user=filter --dbus-user.talk=org.freedesktop.Notifications	554	$ firejail --dbus-user=filter --dbus-user.talk=org.freedesktop.Notifications
433		555
434	.TP	556	.TP
		557	\fB\-\-dbus-user.see=name
		558	Allows the application to see, but not talk to the specified well-known name on
		559	the session DBus.
		560	The name may have a .* suffix to match all names underneath it, including itself
		561	(e.g. "foo.bar.*" matches "foo.bar", "foo.bar.baz" and "foo.bar.baz.quux", but
		562	not "foobar").
		563	.br
		564
		565	.br
		566	Example:
		567	.br
		568	$ firejail --dbus-user=filter --dbus-user.see=org.freedesktop.Notifications
		569
		570	.TP
435	\fB\-\-debug\fR	571	\fB\-\-debug\fR
436	Print debug messages.	572	Print debug messages.
437	.br	573	.br