diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/fbuilder/build_fs.c | 6 | ||||
-rw-r--r-- | src/firejail/usage.c | 1 | ||||
-rw-r--r-- | src/man/firejail.txt | 12 |
3 files changed, 18 insertions, 1 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 76281a54d..dcd86e069 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -148,7 +148,11 @@ void build_etc(const char *fname) { | |||
148 | //******************************************* | 148 | //******************************************* |
149 | static FileDB *var_out = NULL; | 149 | static FileDB *var_out = NULL; |
150 | static void var_callback(char *ptr) { | 150 | static void var_callback(char *ptr) { |
151 | if (strncmp(ptr, "/var/lib/menu-xdg", 17) == 0) | 151 | if (strcmp(ptr, "/var/lib") == 0) |
152 | ; | ||
153 | else if (strcmp(ptr, "/var/cache") == 0) | ||
154 | ; | ||
155 | else if (strncmp(ptr, "/var/lib/menu-xdg", 17) == 0) | ||
152 | var_out = filedb_add(var_out, "/var/lib/menu-xdg"); | 156 | var_out = filedb_add(var_out, "/var/lib/menu-xdg"); |
153 | else if (strncmp(ptr, "/var/cache/fontconfig", 21) == 0) | 157 | else if (strncmp(ptr, "/var/cache/fontconfig", 21) == 0) |
154 | var_out = filedb_add(var_out, "/var/cache/fontconfig"); | 158 | var_out = filedb_add(var_out, "/var/cache/fontconfig"); |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index fc7dbd69c..f09eb6416 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -44,6 +44,7 @@ void usage(void) { | |||
44 | printf(" --bind=filename1,filename2 - mount-bind filename1 on top of filename2.\n"); | 44 | printf(" --bind=filename1,filename2 - mount-bind filename1 on top of filename2.\n"); |
45 | #endif | 45 | #endif |
46 | printf(" --blacklist=filename - blacklist directory or file.\n"); | 46 | printf(" --blacklist=filename - blacklist directory or file.\n"); |
47 | printf(" --build - build a whitelisted profile for the application.\n"); | ||
47 | printf(" -c - execute command and exit.\n"); | 48 | printf(" -c - execute command and exit.\n"); |
48 | printf(" --caps - enable default Linux capabilities filter.\n"); | 49 | printf(" --caps - enable default Linux capabilities filter.\n"); |
49 | printf(" --caps.drop=all - drop all capabilities.\n"); | 50 | printf(" --caps.drop=all - drop all capabilities.\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2dd3abbb7..36ae3166b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -154,6 +154,18 @@ $ firejail "\-\-blacklist=/home/username/My Virtual Machines" | |||
154 | .br | 154 | .br |
155 | $ firejail \-\-blacklist=/home/username/My\\ Virtual\\ Machines | 155 | $ firejail \-\-blacklist=/home/username/My\\ Virtual\\ Machines |
156 | .TP | 156 | .TP |
157 | \fB\-\-build | ||
158 | The command builds a whitelisted profile. If /usr/bin/strace is installed on the system, it also | ||
159 | builds a whitelisted seccomp profile. The program is run in a very relaxed sandbox, | ||
160 | with only --caps.drop=all and --nonewprivs. Only programs that don't rise privileges are supported | ||
161 | in order to allow strace to run. Chromium and Chromium-based browsers will not work. | ||
162 | .br | ||
163 | |||
164 | .br | ||
165 | Example: | ||
166 | .br | ||
167 | $ firejail --build vlc ~/Videos/test.mp4 | ||
168 | .TP | ||
157 | \fB\-c | 169 | \fB\-c |
158 | Execute command and exit. | 170 | Execute command and exit. |
159 | .TP | 171 | .TP |