diff options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 639b171cd..f9111ae7b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -155,12 +155,6 @@ $ firejail --appimage --private krita-3.0-x86_64.appimage | |||
155 | $ firejail --appimage --net=none --x11 krita-3.0-x86_64.appimage | 155 | $ firejail --appimage --net=none --x11 krita-3.0-x86_64.appimage |
156 | #endif | 156 | #endif |
157 | .TP | 157 | .TP |
158 | \fB\-\-audit | ||
159 | Audit the sandbox, see \fBAUDIT\fR section for more details. | ||
160 | .TP | ||
161 | \fB\-\-audit=test-program | ||
162 | Audit the sandbox, see \fBAUDIT\fR section for more details. | ||
163 | .TP | ||
164 | \fB\-\-bandwidth=name|pid | 158 | \fB\-\-bandwidth=name|pid |
165 | Set bandwidth limits for the sandbox identified by name or PID, see \fBTRAFFIC SHAPING\fR section for more details. | 159 | Set bandwidth limits for the sandbox identified by name or PID, see \fBTRAFFIC SHAPING\fR section for more details. |
166 | .TP | 160 | .TP |
@@ -2972,30 +2966,6 @@ To enable AppArmor confinement on top of your current Firejail security features | |||
2972 | $ firejail --apparmor firefox | 2966 | $ firejail --apparmor firefox |
2973 | #endif | 2967 | #endif |
2974 | 2968 | ||
2975 | .SH AUDIT | ||
2976 | Audit feature allows the user to point out gaps in security profiles. The | ||
2977 | implementation replaces the program to be sandboxed with a test program. By | ||
2978 | default, we use faudit program distributed with Firejail. A custom test program | ||
2979 | can also be supplied by the user. Examples: | ||
2980 | |||
2981 | Running the default audit program: | ||
2982 | .br | ||
2983 | $ firejail --audit transmission-gtk | ||
2984 | |||
2985 | Running a custom audit program: | ||
2986 | .br | ||
2987 | $ firejail --audit=~/sandbox-test transmission-gtk | ||
2988 | |||
2989 | In the examples above, the sandbox configures transmission-gtk profile and | ||
2990 | starts the test program. The real program, transmission-gtk, will not be | ||
2991 | started. | ||
2992 | |||
2993 | You can also audit a specific profile without specifying a program. | ||
2994 | .br | ||
2995 | $ firejail --audit --profile=/etc/firejail/zoom.profile | ||
2996 | |||
2997 | Limitations: audit feature is not implemented for --x11 commands. | ||
2998 | |||
2999 | .SH DESKTOP INTEGRATION | 2969 | .SH DESKTOP INTEGRATION |
3000 | A symbolic link to /usr/bin/firejail under the name of a program, will start the program in Firejail sandbox. | 2970 | A symbolic link to /usr/bin/firejail under the name of a program, will start the program in Firejail sandbox. |
3001 | The symbolic link should be placed in the first $PATH position. On most systems, a good place | 2971 | The symbolic link should be placed in the first $PATH position. On most systems, a good place |