diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_etc.c | 12 | ||||
-rw-r--r-- | src/include/etc_groups.h | 16 | ||||
-rw-r--r-- | src/man/firejail.txt | 18 |
3 files changed, 24 insertions, 22 deletions
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index ad5e8585d..83f140d80 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -77,15 +77,15 @@ char *fs_etc_build(char *str) { | |||
77 | char* ptr = strtok(str, ","); | 77 | char* ptr = strtok(str, ","); |
78 | while (ptr) { | 78 | while (ptr) { |
79 | // look for standard groups | 79 | // look for standard groups |
80 | if (strcmp(ptr, "TLS-CA") == 0) | 80 | if (strcmp(ptr, "@tls-ca") == 0) |
81 | etc_copy_group(&etc_group_tls_ca[0]); | 81 | etc_copy_group(&etc_group_tls_ca[0]); |
82 | if (strcmp(ptr, "GUI") == 0) | 82 | if (strcmp(ptr, "@x11") == 0) |
83 | etc_copy_group(&etc_group_gui[0]); | 83 | etc_copy_group(&etc_group_x11[0]); |
84 | if (strcmp(ptr, "SOUND") == 0) | 84 | if (strcmp(ptr, "@sound") == 0) |
85 | etc_copy_group(&etc_group_sound[0]); | 85 | etc_copy_group(&etc_group_sound[0]); |
86 | if (strcmp(ptr, "NETWORK") == 0) | 86 | if (strcmp(ptr, "@network") == 0) |
87 | etc_copy_group(&etc_group_network[0]); | 87 | etc_copy_group(&etc_group_network[0]); |
88 | if (strcmp(ptr, "GAMES") == 0) | 88 | if (strcmp(ptr, "@games") == 0) |
89 | etc_copy_group(&etc_group_games[0]); | 89 | etc_copy_group(&etc_group_games[0]); |
90 | else | 90 | else |
91 | etc_add(ptr); | 91 | etc_add(ptr); |
diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h index 421837fbb..fcb824778 100644 --- a/src/include/etc_groups.h +++ b/src/include/etc_groups.h | |||
@@ -23,7 +23,7 @@ | |||
23 | 23 | ||
24 | #define ETC_MAX 256 | 24 | #define ETC_MAX 256 |
25 | 25 | ||
26 | // DEFAULT | 26 | // @default |
27 | static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer | 27 | static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer |
28 | "alternatives", | 28 | "alternatives", |
29 | "fonts", | 29 | "fonts", |
@@ -42,7 +42,7 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer | |||
42 | NULL | 42 | NULL |
43 | }; | 43 | }; |
44 | 44 | ||
45 | // SOUND | 45 | // @sound |
46 | static char *etc_group_sound[] = { | 46 | static char *etc_group_sound[] = { |
47 | "alsa", | 47 | "alsa", |
48 | "asound.conf", | 48 | "asound.conf", |
@@ -51,7 +51,7 @@ static char *etc_group_sound[] = { | |||
51 | NULL | 51 | NULL |
52 | }; | 52 | }; |
53 | 53 | ||
54 | // NETWORK | 54 | // @network |
55 | static char*etc_group_network[] = { | 55 | static char*etc_group_network[] = { |
56 | "hostname", | 56 | "hostname", |
57 | "hosts", | 57 | "hosts", |
@@ -60,7 +60,7 @@ static char*etc_group_network[] = { | |||
60 | NULL | 60 | NULL |
61 | }; | 61 | }; |
62 | 62 | ||
63 | // TLS-CA | 63 | // @tls-ca |
64 | static char *etc_group_tls_ca[] = { | 64 | static char *etc_group_tls_ca[] = { |
65 | "ca-certificates", | 65 | "ca-certificates", |
66 | "crypto-policies", | 66 | "crypto-policies", |
@@ -70,8 +70,8 @@ static char *etc_group_tls_ca[] = { | |||
70 | NULL | 70 | NULL |
71 | }; | 71 | }; |
72 | 72 | ||
73 | // GUI | 73 | // @x11 |
74 | static char *etc_group_gui[] = { | 74 | static char *etc_group_x11[] = { |
75 | "xdg", | 75 | "xdg", |
76 | "drirc", | 76 | "drirc", |
77 | "dconf", | 77 | "dconf", |
@@ -80,10 +80,12 @@ static char *etc_group_gui[] = { | |||
80 | "kde4rc", | 80 | "kde4rc", |
81 | "kde5rc", | 81 | "kde5rc", |
82 | "pango", // text rendering/internationalization | 82 | "pango", // text rendering/internationalization |
83 | "nvidia", | ||
84 | "X11", | ||
83 | NULL | 85 | NULL |
84 | }; | 86 | }; |
85 | 87 | ||
86 | // GAMES | 88 | // @games |
87 | static char *etc_group_games[] = { | 89 | static char *etc_group_games[] = { |
88 | "timidity", // MIDI | 90 | "timidity", // MIDI |
89 | "timidity.cfg", | 91 | "timidity.cfg", |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e60c139a5..a088d971a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2127,27 +2127,27 @@ cdrom cdrw dri dvd dvdrw full log null ptmx pts random shm snd sr0 | |||
2127 | .br | 2127 | .br |
2128 | $ | 2128 | $ |
2129 | .TP | 2129 | .TP |
2130 | \fB\-\-private-etc, \-\-private-etc=file,directory | 2130 | \fB\-\-private-etc, \-\-private-etc=file,directory,@group |
2131 | The files installed by \-\-private-etc are copies of the original system files from /etc directory. | 2131 | The files installed by \-\-private-etc are copies of the original system files from /etc directory. |
2132 | By default, the command brings in a skeleton of files and directories used by most console tools: | 2132 | By default, the command brings in a skeleton of files and directories used by most console tools: |
2133 | 2133 | ||
2134 | $ firejail --private-etc dig debian.org | 2134 | $ firejail --private-etc dig debian.org |
2135 | 2135 | ||
2136 | For X11/GTK/QT/Gnome/KDE programs add GUI group as a parameter. Example: | 2136 | For X11/GTK/QT/Gnome/KDE programs add @x11 group as a parameter. Example: |
2137 | 2137 | ||
2138 | $ firejail --private-etc=GUI,python* gimp | 2138 | $ firejail --private-etc=@x11,gcrypt,python* gimp |
2139 | 2139 | ||
2140 | /etc/python* directories are not part of the generic GUI group. | 2140 | gcrypt and /etc/python* directories are not part of the generic @x11 group. |
2141 | These directories are reuqired by Gimp plugin system. File globbing is supported. | 2141 | File globbing is supported. |
2142 | 2142 | ||
2143 | For games, add GAMES group: | 2143 | For games, add @games group: |
2144 | 2144 | ||
2145 | $ firejail --private-etc=GUI,GAMES warzone2100 | 2145 | $ firejail --private-etc=@games,@x11 warzone2100 |
2146 | 2146 | ||
2147 | Sound and networking files are included automatically, unless \-\-nosound or \-\-net=none are specified. | 2147 | Sound and networking files are included automatically, unless \-\-nosound or \-\-net=none are specified. |
2148 | Files for encrypted TLS/SSL protocol are in TLS-CA group. | 2148 | Files for encrypted TLS/SSL protocol are in @tls-ca group. |
2149 | 2149 | ||
2150 | $ firejail --private-etc=TLS-CA,wgetrc wget https://debian.org | 2150 | $ firejail --private-etc=@tls-ca,wgetrc wget https://debian.org |
2151 | 2151 | ||
2152 | 2152 | ||
2153 | Note: The easiest way to extract the list of /etc files accessed by your program is using strace utility: | 2153 | Note: The easiest way to extract the list of /etc files accessed by your program is using strace utility: |