diff options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 3 | ||||
-rw-r--r-- | src/man/firejail.txt | 51 |
2 files changed, 49 insertions, 5 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 5825d3427..185420ba4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -382,6 +382,9 @@ place the sandbox in an existing control group. | |||
382 | Examples: | 382 | Examples: |
383 | 383 | ||
384 | .TP | 384 | .TP |
385 | \fBrlimit-as 123456789012 | ||
386 | Set he maximum size of the process's virtual memory to 123456789012 bytes. | ||
387 | .TP | ||
385 | \fBrlimit-fsize 1024 | 388 | \fBrlimit-fsize 1024 |
386 | Set the maximum file size that can be created by a process to 1024 bytes. | 389 | Set the maximum file size that can be created by a process to 1024 bytes. |
387 | .TP | 390 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 20f2b7f8c..7ba09ba8a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -140,7 +140,7 @@ Example: | |||
140 | # firejail \-\-bind=/config/etc/passwd,/etc/passwd | 140 | # firejail \-\-bind=/config/etc/passwd,/etc/passwd |
141 | .TP | 141 | .TP |
142 | \fB\-\-blacklist=dirname_or_filename | 142 | \fB\-\-blacklist=dirname_or_filename |
143 | Blacklist directory or file. | 143 | Blacklist directory or file. File globbing is supported, see \fBFILE GLOBBING\fR section for more details. |
144 | .br | 144 | .br |
145 | 145 | ||
146 | .br | 146 | .br |
@@ -1009,7 +1009,7 @@ Example: | |||
1009 | $ firejail \-\-nodvd | 1009 | $ firejail \-\-nodvd |
1010 | .TP | 1010 | .TP |
1011 | \fB\-\-noexec=dirname_or_filename | 1011 | \fB\-\-noexec=dirname_or_filename |
1012 | Remount directory or file noexec, nodev and nosuid. | 1012 | Remount directory or file noexec, nodev and nosuid. File globbing is supported, see \fBFILE GLOBBING\fR section for more details. |
1013 | .br | 1013 | .br |
1014 | 1014 | ||
1015 | .br | 1015 | .br |
@@ -1275,7 +1275,8 @@ $ firejail \-\-private-home=.mozilla firefox | |||
1275 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | 1275 | Build a new /bin in a temporary filesystem, and copy the programs in the list. |
1276 | If no listed file is found, /bin directory will be empty. | 1276 | If no listed file is found, /bin directory will be empty. |
1277 | The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin. | 1277 | The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin. |
1278 | All modifications are discarded when the sandbox is closed. | 1278 | All modifications are discarded when the sandbox is closed. File globbing is supported, |
1279 | see \fBFILE GLOBBING\fR section for more details. | ||
1279 | .br | 1280 | .br |
1280 | 1281 | ||
1281 | .br | 1282 | .br |
@@ -1505,7 +1506,7 @@ Put a file in sandbox container, see \fBFILE TRANSFER\fR section for more detail | |||
1505 | Turn off Firejail's output. | 1506 | Turn off Firejail's output. |
1506 | .TP | 1507 | .TP |
1507 | \fB\-\-read-only=dirname_or_filename | 1508 | \fB\-\-read-only=dirname_or_filename |
1508 | Set directory or file read-only. | 1509 | Set directory or file read-only. File globbing is supported, see \fBFILE GLOBBING\fR section for more details. |
1509 | .br | 1510 | .br |
1510 | 1511 | ||
1511 | .br | 1512 | .br |
@@ -1526,7 +1527,8 @@ $ firejail --whitelist=~/work --read-only=~ --read-only=~/work | |||
1526 | .TP | 1527 | .TP |
1527 | \fB\-\-read-write=dirname_or_filename | 1528 | \fB\-\-read-write=dirname_or_filename |
1528 | Set directory or file read-write. Only files or directories belonging to the current user are allowed for | 1529 | Set directory or file read-write. Only files or directories belonging to the current user are allowed for |
1529 | this operation. Example: | 1530 | this operation. File globbing is supported, see \fBFILE GLOBBING\fR section for more details. |
1531 | Example: | ||
1530 | .br | 1532 | .br |
1531 | 1533 | ||
1532 | .br | 1534 | .br |
@@ -1538,6 +1540,10 @@ $ firejail --read-only=~/test --read-write=~/test/a | |||
1538 | 1540 | ||
1539 | 1541 | ||
1540 | .TP | 1542 | .TP |
1543 | \fB\-\-rlimit-as=number | ||
1544 | Set the maximum size of the process's virtual memory (address space) in bytes. | ||
1545 | |||
1546 | .TP | ||
1541 | \fB\-\-rlimit-fsize=number | 1547 | \fB\-\-rlimit-fsize=number |
1542 | Set the maximum file size that can be created by a process. | 1548 | Set the maximum file size that can be created by a process. |
1543 | .TP | 1549 | .TP |
@@ -1833,6 +1839,7 @@ $ firejail \-\-shutdown=3272 | |||
1833 | .TP | 1839 | .TP |
1834 | \fB\-\-tmpfs=dirname | 1840 | \fB\-\-tmpfs=dirname |
1835 | Mount a tmpfs filesystem on directory dirname. This option is available only when running the sandbox as root. | 1841 | Mount a tmpfs filesystem on directory dirname. This option is available only when running the sandbox as root. |
1842 | File globbing is supported, see \fBFILE GLOBBING\fR section for more details. | ||
1836 | .br | 1843 | .br |
1837 | 1844 | ||
1838 | .br | 1845 | .br |
@@ -2234,6 +2241,40 @@ $ firejail --tree | |||
2234 | 2241 | ||
2235 | We provide a tool that automates all this integration, please see \fBman 1 firecfg\fR for more details. | 2242 | We provide a tool that automates all this integration, please see \fBman 1 firecfg\fR for more details. |
2236 | 2243 | ||
2244 | .SH FILE GLOBBING | ||
2245 | .TP | ||
2246 | Globbing is the operation that expands a wildcard pattern into the list of pathnames matching the pattern. Matching is defined by: | ||
2247 | .br | ||
2248 | |||
2249 | .br | ||
2250 | - '?' matches any character | ||
2251 | .br | ||
2252 | - '*' matches any string | ||
2253 | .br | ||
2254 | - '[' denotes a range of characters | ||
2255 | .br | ||
2256 | .TP | ||
2257 | The gobing feature is implemented using glibc glob command. For more information on the wildcard syntax see man 7 glob. | ||
2258 | .br | ||
2259 | |||
2260 | .br | ||
2261 | .TP | ||
2262 | The following command line options are supported: \-\-blacklist, \-\-private-bin, \-\-noexec, \-\-read-only, \-\-read-write, and \-\-tmpfs. | ||
2263 | .br | ||
2264 | |||
2265 | .br | ||
2266 | .TP | ||
2267 | Examples: | ||
2268 | .br | ||
2269 | |||
2270 | .br | ||
2271 | $ firejail --private-bin=sh,bash,python* | ||
2272 | .br | ||
2273 | $ firejail --blacklist=~/dir[1234] | ||
2274 | .br | ||
2275 | $ firejail --read-only=~/dir[1-4] | ||
2276 | .br | ||
2277 | |||
2237 | .SH APPARMOR | 2278 | .SH APPARMOR |
2238 | .TP | 2279 | .TP |
2239 | AppArmor support is disabled by default at compile time. Use --enable-apparmor configuration option to enable it: | 2280 | AppArmor support is disabled by default at compile time. Use --enable-apparmor configuration option to enable it: |