diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/profile.c | 17 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 3 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 26f434f3b..916e39892 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -613,6 +613,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
613 | arg_private = 1; | 613 | arg_private = 1; |
614 | return 0; | 614 | return 0; |
615 | } | 615 | } |
616 | |||
617 | if (strcmp(ptr, "x11") == 0) { | ||
618 | #ifdef HAVE_X11 | ||
619 | if (checkcfg(CFG_X11)) { | ||
620 | char *x11env = getenv("FIREJAIL_X11"); | ||
621 | if (x11env && strcmp(x11env, "yes") == 0) | ||
622 | return 0; | ||
623 | else { | ||
624 | // start x11 | ||
625 | x11_start(cfg.original_argc, cfg.original_argv); | ||
626 | exit(0); | ||
627 | } | ||
628 | } | ||
629 | #endif | ||
630 | return 0; | ||
631 | } | ||
632 | |||
616 | 633 | ||
617 | if (strncmp(ptr, "private-template ", 17) == 0) { | 634 | if (strncmp(ptr, "private-template ", 17) == 0) { |
618 | if (arg_private) { | 635 | if (arg_private) { |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 52802755f..e3217bbff 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -258,6 +258,9 @@ does not result in an increase of privilege. | |||
258 | \fBnoroot | 258 | \fBnoroot |
259 | Use this command to enable an user namespace. The namespace has only one user, the current user. | 259 | Use this command to enable an user namespace. The namespace has only one user, the current user. |
260 | There is no root account (uid 0) defined in the namespace. | 260 | There is no root account (uid 0) defined in the namespace. |
261 | .TP | ||
262 | \fBx11 | ||
263 | Enable X11 sandboxing. | ||
261 | 264 | ||
262 | .SH Resource limits, CPU affinity, Control Groups | 265 | .SH Resource limits, CPU affinity, Control Groups |
263 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. | 266 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. |