diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/usage.c | 8 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 4 | ||||
-rw-r--r-- | src/man/firejail.txt | 19 |
3 files changed, 28 insertions, 3 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index dec8c5349..93d79fd94 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -167,13 +167,15 @@ void usage(void) { | |||
167 | printf("\t\tand it is discarded when the sandbox is closed. (OverlayFS\n"); | 167 | printf("\t\tand it is discarded when the sandbox is closed. (OverlayFS\n"); |
168 | printf("\t\tsupport is required in Linux kernel for this option to work).\n\n"); | 168 | printf("\t\tsupport is required in Linux kernel for this option to work).\n\n"); |
169 | 169 | ||
170 | |||
171 | |||
172 | |||
173 | printf("\t--private - mount new /root and /home/user directories in temporary\n"); | 170 | printf("\t--private - mount new /root and /home/user directories in temporary\n"); |
174 | printf("\t\tfilesystems. All modifications are discarded when the sandbox is\n"); | 171 | printf("\t\tfilesystems. All modifications are discarded when the sandbox is\n"); |
175 | printf("\t\tclosed.\n\n"); | 172 | printf("\t\tclosed.\n\n"); |
176 | printf("\t--private=directory - use directory as user home.\n\n"); | 173 | printf("\t--private=directory - use directory as user home.\n\n"); |
174 | |||
175 | printf("\t--private-bin=file,file - build a new /bin in a temporary filesystem,\n"); | ||
176 | printf("\t\tand copy the programs in the list. The same directory is\n"); | ||
177 | printf("\t\talso bind-mounted over /sbin, /usr/bin and /usr/sbin.\n\n"); | ||
178 | |||
177 | printf("\t--private-home=file,directory - build a new user home in a temporary\n"); | 179 | printf("\t--private-home=file,directory - build a new user home in a temporary\n"); |
178 | printf("\t\tfilesystem, and copy the files and directories in the list in\n"); | 180 | printf("\t\tfilesystem, and copy the files and directories in the list in\n"); |
179 | printf("\t\tthe new home. All modifications are discarded when the sandbox\n"); | 181 | printf("\t\tthe new home. All modifications are discarded when the sandbox\n"); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index e470cab36..1369fdc91 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -133,6 +133,10 @@ Mount new /root and /home/user directories in temporary | |||
133 | filesystems. All modifications are discarded when the sandbox is | 133 | filesystems. All modifications are discarded when the sandbox is |
134 | closed. | 134 | closed. |
135 | .TP | 135 | .TP |
136 | \f\private-bin file,file | ||
137 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | ||
138 | The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin. | ||
139 | .TP | ||
136 | \f\private directory | 140 | \f\private directory |
137 | Use directory as user home. | 141 | Use directory as user home. |
138 | .TP | 142 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index af3a18746..00360e65b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -735,6 +735,25 @@ Example: | |||
735 | $ firejail \-\-private=/home/netblue/firefox-home firefox | 735 | $ firejail \-\-private=/home/netblue/firefox-home firefox |
736 | 736 | ||
737 | .TP | 737 | .TP |
738 | \fB\-\-private-bin=file,file | ||
739 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | ||
740 | The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin. | ||
741 | .br | ||
742 | |||
743 | .br | ||
744 | Example: | ||
745 | .br | ||
746 | $ firejail \-\-private-bin=bash,sed,ls,cat | ||
747 | .br | ||
748 | Parent pid 20841, child pid 20842 | ||
749 | .br | ||
750 | Child process initialized | ||
751 | .br | ||
752 | $ ls /bin | ||
753 | .br | ||
754 | bash cat ls sed | ||
755 | |||
756 | .TP | ||
738 | \fB\-\-private-keep=file,directory | 757 | \fB\-\-private-keep=file,directory |
739 | This option is deprecated, use private-home instead | 758 | This option is deprecated, use private-home instead |
740 | 759 | ||