diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/firejail/usage.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 24 |
3 files changed, 34 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 729b1805e..7f6d3a1f8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -636,6 +636,14 @@ int main(int argc, char **argv) { | |||
636 | profile_check_line(line, 0); // will exit if something wrong | 636 | profile_check_line(line, 0); // will exit if something wrong |
637 | profile_add(line); | 637 | profile_add(line); |
638 | } | 638 | } |
639 | else if (strncmp(argv[i], "--noblacklist=", 14) == 0) { | ||
640 | char *line; | ||
641 | if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1) | ||
642 | errExit("asprintf"); | ||
643 | |||
644 | profile_check_line(line, 0); // will exit if something wrong | ||
645 | profile_add(line); | ||
646 | } | ||
639 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { | 647 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { |
640 | char *line; | 648 | char *line; |
641 | if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) | 649 | if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 76c12ecc1..238205c04 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -140,6 +140,8 @@ void usage(void) { | |||
140 | 140 | ||
141 | printf("\t--netstats - monitor network statistics for sandboxes creating a new\n"); | 141 | printf("\t--netstats - monitor network statistics for sandboxes creating a new\n"); |
142 | printf("\t\tnetwork namespace.\n\n"); | 142 | printf("\t\tnetwork namespace.\n\n"); |
143 | printf("\t--noblacklist=dirname_or_filename - disable blacklist for directory\n"); | ||
144 | printf("\t\tor file.\n\n"); | ||
143 | printf("\t--nogroups - disable supplementary groups. Without this option,\n"); | 145 | printf("\t--nogroups - disable supplementary groups. Without this option,\n"); |
144 | printf("\t\tsupplementary groups are enabled for the user starting the\n"); | 146 | printf("\t\tsupplementary groups are enabled for the user starting the\n"); |
145 | printf("\t\tsandbox. For root user supplementary groups are always\n"); | 147 | printf("\t\tsandbox. For root user supplementary groups are always\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 912a08580..2a0c9eb47 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -608,6 +608,30 @@ PID User RX(KB/s) TX(KB/s) Command | |||
608 | 608 | ||
609 | 609 | ||
610 | .TP | 610 | .TP |
611 | \fB\-\-noblacklist=dirname_or_filename | ||
612 | Disable blacklist for this directory or file. | ||
613 | .br | ||
614 | |||
615 | .br | ||
616 | Example: | ||
617 | .br | ||
618 | $ firejail | ||
619 | .br | ||
620 | $ nc dict.org 2628 | ||
621 | .br | ||
622 | bash: /bin/nc: Permission denied | ||
623 | .br | ||
624 | $ exit | ||
625 | .br | ||
626 | |||
627 | .br | ||
628 | $ firejail --noblacklist=/bin/nc | ||
629 | .br | ||
630 | $ nc dict.org 2628 | ||
631 | .br | ||
632 | 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64 | ||
633 | .br | ||
634 | .TP | ||
611 | \fB\-\-nogroups | 635 | \fB\-\-nogroups |
612 | Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the | 636 | Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the |
613 | sandbox. For root user supplementary groups are always disabled. | 637 | sandbox. For root user supplementary groups are always disabled. |