diff options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 32 | ||||
-rw-r--r-- | src/man/firejail.txt | 52 |
2 files changed, 46 insertions, 38 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 246098bb7..5167a4c42 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -7,15 +7,18 @@ profile \- Security profile file syntax for Firejail | |||
7 | firejail \-\-profile=filename.profile | 7 | firejail \-\-profile=filename.profile |
8 | 8 | ||
9 | .SH DESCRIPTION | 9 | .SH DESCRIPTION |
10 | Several Firejail command line configuration options can be passed to the program using | 10 | Several command line options can be passed to the program using |
11 | profile files. | 11 | profile files. Firejail chooses the profile file as follows: |
12 | Firejail chooses a security profile in the following order: | ||
13 | 12 | ||
14 | 1. If a profile is provided by the user with --profile option, the profile is loaded. | 13 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. |
15 | Example: | 14 | Example: |
16 | .PP | 15 | .PP |
17 | .RS | 16 | .RS |
18 | $ firejail --profile=/home/netblue/icecat.profile icecat | 17 | $ firejail --profile=/home/netblue/icecat.profile icecat |
18 | .br | ||
19 | Reading profile /home/netblue/icecat.profile | ||
20 | .br | ||
21 | [...] | ||
19 | .RE | 22 | .RE |
20 | 23 | ||
21 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or | 24 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or |
@@ -26,7 +29,6 @@ $ firejail icecat | |||
26 | .br | 29 | .br |
27 | Command name #icecat# | 30 | Command name #icecat# |
28 | .br | 31 | .br |
29 | .br | ||
30 | Found icecat profile in /home/netblue/.config/firejail directory | 32 | Found icecat profile in /home/netblue/.config/firejail directory |
31 | .br | 33 | .br |
32 | Reading profile /home/netblue/.config/firejail/icecat.profile | 34 | Reading profile /home/netblue/.config/firejail/icecat.profile |
@@ -34,29 +36,31 @@ Reading profile /home/netblue/.config/firejail/icecat.profile | |||
34 | [...] | 36 | [...] |
35 | .RE | 37 | .RE |
36 | 38 | ||
37 | 3. Use the default profile in /etc/firejail/generic.profile. This can be disabled with --noprofile. Example: | 39 | 3. Use a default.profile file if the sandbox |
40 | is started by a regular user, or a server.profile file if the sandbox | ||
41 | is started by root. Firejail looks for these files in ~/.config/firejail directory, followed by /etc/firejail directory. | ||
42 | To disable default profile loading, use --noroot command option. Example: | ||
38 | .PP | 43 | .PP |
39 | .RS | 44 | .RS |
40 | $ firejail \-\-noprofile | 45 | $ firejail |
46 | .br | ||
47 | Reading profile /etc/firejail/generic.profile | ||
41 | .br | 48 | .br |
42 | Parent pid 8553, child pid 8554 | 49 | Parent pid 8553, child pid 8554 |
43 | .br | 50 | .br |
44 | Child process initialized | 51 | Child process initialized |
45 | .br | 52 | .br |
46 | $ exit | 53 | [...] |
47 | .br | 54 | .br |
55 | |||
48 | .br | 56 | .br |
49 | parent is shutting down, bye... | 57 | $ firejail \-\-noprofile |
50 | .br | ||
51 | $ firejail | ||
52 | .br | ||
53 | Reading profile /etc/firejail/generic.profile | ||
54 | .br | 58 | .br |
55 | Parent pid 8553, child pid 8554 | 59 | Parent pid 8553, child pid 8554 |
56 | .br | 60 | .br |
57 | Child process initialized | 61 | Child process initialized |
58 | .br | 62 | .br |
59 | $ | 63 | [...] |
60 | .RE | 64 | .RE |
61 | 65 | ||
62 | .SH Scripting | 66 | .SH Scripting |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index c07a02c57..62176b84f 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -52,8 +52,8 @@ The default Firejail filesystem is based on the host filesystem with the main di | |||
52 | Only /home, /tmp and /var directories are writable. | 52 | Only /home, /tmp and /var directories are writable. |
53 | .PP | 53 | .PP |
54 | As it starts up, Firejail tries to find a security profile based on the name of the application. | 54 | As it starts up, Firejail tries to find a security profile based on the name of the application. |
55 | If an appropriate profile is not found, Firejail will use the default profile stored in /etc/firejail/default.profile. | 55 | If an appropriate profile is not found, Firejail will use a default profile. |
56 | The default security profile is quite restrictive. In case the application doesn't work, use --noprofile option | 56 | The default profile is quite restrictive. In case the application doesn't work, use --noprofile option |
57 | to disable it. For more information, please see SECURITY PROFILES section. | 57 | to disable it. For more information, please see SECURITY PROFILES section. |
58 | .PP | 58 | .PP |
59 | If a program argument is not specified, Firejail starts /bin/bash shell. | 59 | If a program argument is not specified, Firejail starts /bin/bash shell. |
@@ -575,32 +575,31 @@ $ | |||
575 | 575 | ||
576 | .TP | 576 | .TP |
577 | \fB\-\-noprofile | 577 | \fB\-\-noprofile |
578 | Do not use a profile. | 578 | Do not use a security profile. |
579 | .br | 579 | .br |
580 | 580 | ||
581 | .br | 581 | .br |
582 | Example: | 582 | Example: |
583 | .br | 583 | .br |
584 | $ firejail \-\-noprofile | 584 | $ firejail |
585 | .br | ||
586 | Reading profile /etc/firejail/generic.profile | ||
585 | .br | 587 | .br |
586 | Parent pid 8553, child pid 8554 | 588 | Parent pid 8553, child pid 8554 |
587 | .br | 589 | .br |
588 | Child process initialized | 590 | Child process initialized |
589 | .br | 591 | .br |
590 | $ exit | 592 | [...] |
591 | .br | 593 | .br |
594 | |||
592 | .br | 595 | .br |
593 | parent is shutting down, bye... | 596 | $ firejail \-\-noprofile |
594 | .br | ||
595 | $ firejail | ||
596 | .br | ||
597 | Reading profile /etc/firejail/generic.profile | ||
598 | .br | 597 | .br |
599 | Parent pid 8553, child pid 8554 | 598 | Parent pid 8553, child pid 8554 |
600 | .br | 599 | .br |
601 | Child process initialized | 600 | Child process initialized |
602 | .br | 601 | .br |
603 | $ | 602 | [...] |
604 | 603 | ||
605 | .TP | 604 | .TP |
606 | \fB\-\-noroot | 605 | \fB\-\-noroot |
@@ -1194,14 +1193,18 @@ User | |||
1194 | The owner of the sandbox. | 1193 | The owner of the sandbox. |
1195 | 1194 | ||
1196 | .SH SECURITY PROFILES | 1195 | .SH SECURITY PROFILES |
1197 | Several command line configuration options can be passed to the program using | 1196 | Several command line options can be passed to the program using |
1198 | profile files. Firejail chooses a security profile in the following order: | 1197 | profile files. Firejail chooses the profile file as follows: |
1199 | 1198 | ||
1200 | 1. If a profile is provided by the user with --profile option, the profile is loaded. | 1199 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. |
1201 | Example: | 1200 | Example: |
1202 | .PP | 1201 | .PP |
1203 | .RS | 1202 | .RS |
1204 | $ firejail --profile=/home/netblue/icecat.profile icecat | 1203 | $ firejail --profile=/home/netblue/icecat.profile icecat |
1204 | .br | ||
1205 | Reading profile /home/netblue/icecat.profile | ||
1206 | .br | ||
1207 | [...] | ||
1205 | .RE | 1208 | .RE |
1206 | 1209 | ||
1207 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or | 1210 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or |
@@ -1212,7 +1215,6 @@ $ firejail icecat | |||
1212 | .br | 1215 | .br |
1213 | Command name #icecat# | 1216 | Command name #icecat# |
1214 | .br | 1217 | .br |
1215 | .br | ||
1216 | Found icecat profile in /home/netblue/.config/firejail directory | 1218 | Found icecat profile in /home/netblue/.config/firejail directory |
1217 | .br | 1219 | .br |
1218 | Reading profile /home/netblue/.config/firejail/icecat.profile | 1220 | Reading profile /home/netblue/.config/firejail/icecat.profile |
@@ -1220,29 +1222,31 @@ Reading profile /home/netblue/.config/firejail/icecat.profile | |||
1220 | [...] | 1222 | [...] |
1221 | .RE | 1223 | .RE |
1222 | 1224 | ||
1223 | 3. Use the default profile in /etc/firejail/generic.profile | 1225 | 3. Use a default.profile file if the sandbox |
1226 | is started by a regular user, or a server.profile file if the sandbox | ||
1227 | is started by root. Firejail looks for these files in ~/.config/firejail directory, followed by /etc/firejail directory. | ||
1228 | To disable default profile loading, use --noroot command option. Example: | ||
1224 | .PP | 1229 | .PP |
1225 | .RS | 1230 | .RS |
1226 | $ firejail \-\-noprofile | 1231 | $ firejail |
1232 | .br | ||
1233 | Reading profile /etc/firejail/generic.profile | ||
1227 | .br | 1234 | .br |
1228 | Parent pid 8553, child pid 8554 | 1235 | Parent pid 8553, child pid 8554 |
1229 | .br | 1236 | .br |
1230 | Child process initialized | 1237 | Child process initialized |
1231 | .br | 1238 | .br |
1232 | $ exit | 1239 | [...] |
1233 | .br | 1240 | .br |
1241 | |||
1234 | .br | 1242 | .br |
1235 | parent is shutting down, bye... | 1243 | $ firejail \-\-noprofile |
1236 | .br | ||
1237 | $ firejail | ||
1238 | .br | ||
1239 | Reading profile /etc/firejail/generic.profile | ||
1240 | .br | 1244 | .br |
1241 | Parent pid 8553, child pid 8554 | 1245 | Parent pid 8553, child pid 8554 |
1242 | .br | 1246 | .br |
1243 | Child process initialized | 1247 | Child process initialized |
1244 | .br | 1248 | .br |
1245 | $ | 1249 | [...] |
1246 | .RE | 1250 | .RE |
1247 | 1251 | ||
1248 | See man 5 firejail-profile for profile file syntax information. | 1252 | See man 5 firejail-profile for profile file syntax information. |