diff options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.1.in | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 19fc94ebd..06969e851 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in | |||
@@ -788,7 +788,6 @@ $ firejail \-\-list | |||
788 | .br | 788 | .br |
789 | $ firejail \-\-dns.print=3272 | 789 | $ firejail \-\-dns.print=3272 |
790 | 790 | ||
791 | #ifdef HAVE_NETWORK | ||
792 | .TP | 791 | .TP |
793 | \fB\-\-dnstrace[=name|pid] | 792 | \fB\-\-dnstrace[=name|pid] |
794 | Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes | 793 | Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes |
@@ -828,7 +827,6 @@ $ sudo firejail --dnstrace | |||
828 | .br | 827 | .br |
829 | 11:32:08 9.9.9.9 www.youtube.com (type 1) | 828 | 11:32:08 9.9.9.9 www.youtube.com (type 1) |
830 | .br | 829 | .br |
831 | #endif | ||
832 | 830 | ||
833 | .TP | 831 | .TP |
834 | \fB\-\-env=name=value | 832 | \fB\-\-env=name=value |
@@ -930,7 +928,6 @@ $ firejail --ignore=seccomp --ignore=caps firefox | |||
930 | $ firejail \-\-ignore="net eth0" firefox | 928 | $ firejail \-\-ignore="net eth0" firefox |
931 | #endif | 929 | #endif |
932 | 930 | ||
933 | #ifdef HAVE_NETWORK | ||
934 | .TP | 931 | .TP |
935 | \fB\-\-icmptrace[=name|pid] | 932 | \fB\-\-icmptrace[=name|pid] |
936 | Monitor ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes | 933 | Monitor ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes |
@@ -956,7 +953,6 @@ $ sudo firejail --icmptrace | |||
956 | .br | 953 | .br |
957 | 20:53:55 192.168.1.60 -> 1.1.1.1 - 154 bytes - Destination unreachable/Port unreachable | 954 | 20:53:55 192.168.1.60 -> 1.1.1.1 - 154 bytes - Destination unreachable/Port unreachable |
958 | .br | 955 | .br |
959 | #endif | ||
960 | 956 | ||
961 | .TP | 957 | .TP |
962 | \fB\-\-\include=file.profile | 958 | \fB\-\-\include=file.profile |
@@ -1643,6 +1639,7 @@ PID User RX(KB/s) TX(KB/s) Command | |||
1643 | 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox | 1639 | 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox |
1644 | .br | 1640 | .br |
1645 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission | 1641 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission |
1642 | #endif | ||
1646 | .TP | 1643 | .TP |
1647 | \fB\-\-nettrace[=name|pid] | 1644 | \fB\-\-nettrace[=name|pid] |
1648 | Monitor received TCP. UDP, and ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes | 1645 | Monitor received TCP. UDP, and ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes |
@@ -1658,17 +1655,15 @@ Example: | |||
1658 | .br | 1655 | .br |
1659 | $ sudo firejail --nettrace | 1656 | $ sudo firejail --nettrace |
1660 | .br | 1657 | .br |
1661 | 95 KB/s geoip 457, IP database 4436 | 1658 | 93 KB/s address:port (protocol) network |
1662 | .br | ||
1663 | 52 KB/s *********** 64.222.84.207:443 United States | ||
1664 | .br | 1659 | .br |
1665 | 33 KB/s ******* 89.147.74.105:63930 Hungary | 1660 | 14 B/s ** 104.24.8.4:443(QUIC) Cloudflare |
1666 | .br | 1661 | .br |
1667 | 0 B/s 45.90.28.0:443 NextDNS | 1662 | 80 KB/s ***************** 192.187.97.90:443(TLS) BitChute |
1668 | .br | 1663 | .br |
1669 | 0 B/s 94.70.122.176:52309(UDP) Greece | 1664 | 1 B/s 149.56.228.45:443(DoH) Canada |
1670 | .br | 1665 | .br |
1671 | 339 B/s 104.26.7.35:443 Cloudflare | 1666 | (D)isplay, (S)ave, (C)lear, e(X)it |
1672 | .br | 1667 | .br |
1673 | 1668 | ||
1674 | .br | 1669 | .br |
@@ -1677,7 +1672,6 @@ the country the traffic originates from is added to the trace. | |||
1677 | We also use the static IP map in /usr/lib/firejail/static-ip-map | 1672 | We also use the static IP map in /usr/lib/firejail/static-ip-map |
1678 | to print the domain names for some of the more common websites and cloud platforms. | 1673 | to print the domain names for some of the more common websites and cloud platforms. |
1679 | No external services are contacted for reverse IP lookup. | 1674 | No external services are contacted for reverse IP lookup. |
1680 | #endif | ||
1681 | .TP | 1675 | .TP |
1682 | \fB\-\-nice=value | 1676 | \fB\-\-nice=value |
1683 | Set nice value for all processes running inside the sandbox. | 1677 | Set nice value for all processes running inside the sandbox. |
@@ -2263,6 +2257,18 @@ All modifications are discarded when the sandbox is closed. | |||
2263 | Example: | 2257 | Example: |
2264 | .br | 2258 | .br |
2265 | $ firejail --private-opt=firefox /opt/firefox/firefox | 2259 | $ firejail --private-opt=firefox /opt/firefox/firefox |
2260 | .br | ||
2261 | |||
2262 | .br | ||
2263 | Note: Program installations in /opt tend to be relatively large and private-opt | ||
2264 | copies the entire path(s) into RAM, which may significantly increase RAM usage | ||
2265 | and break \fBfile-copy-limit\fR in firejail.config. | ||
2266 | Therefore, in general it is recommended to use "whitelist /opt/PATH" instead of | ||
2267 | "private-opt PATH". | ||
2268 | For details, see | ||
2269 | .UR https://github.com/netblue30/firejail/discussions/5307 | ||
2270 | #5307 | ||
2271 | .UE | ||
2266 | 2272 | ||
2267 | .TP | 2273 | .TP |
2268 | \fB\-\-private-srv=file,directory | 2274 | \fB\-\-private-srv=file,directory |
@@ -2850,7 +2856,6 @@ $ firejail \-\-list | |||
2850 | .br | 2856 | .br |
2851 | $ firejail \-\-shutdown=3272 | 2857 | $ firejail \-\-shutdown=3272 |
2852 | 2858 | ||
2853 | #ifdef HAVE_NETWORK | ||
2854 | .TP | 2859 | .TP |
2855 | \fB\-\-snitrace[=name|pid] | 2860 | \fB\-\-snitrace[=name|pid] |
2856 | Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes | 2861 | Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes |
@@ -2892,7 +2897,6 @@ $ sudo firejail --snitrace | |||
2892 | .br | 2897 | .br |
2893 | 07:53:11 192.0.73.2 1.gravatar.com | 2898 | 07:53:11 192.0.73.2 1.gravatar.com |
2894 | .br | 2899 | .br |
2895 | #endif | ||
2896 | 2900 | ||
2897 | .TP | 2901 | .TP |
2898 | \fB\-\-tab | 2902 | \fB\-\-tab |