diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/man/firejail.txt | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e5020e37e..2e08b12f3 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2127,22 +2127,34 @@ cdrom cdrw dri dvd dvdrw full log null ptmx pts random shm snd sr0 | |||
2127 | .br | 2127 | .br |
2128 | $ | 2128 | $ |
2129 | .TP | 2129 | .TP |
2130 | \fB\-\-private-etc | ||
2131 | .TP | ||
2130 | \fB\-\-private-etc=file,directory | 2132 | \fB\-\-private-etc=file,directory |
2131 | Build a new /etc in a temporary | 2133 | The files installed by \-\-private-etc are copies of the original system files from /etc directory. |
2132 | filesystem, and copy the files and directories in the list. | 2134 | By default, the command brings in a skeleton of files and directories used by most console tools: |
2133 | The files and directories in the list must be expressed as relative to | ||
2134 | the /etc directory (e.g., /etc/foo must be expressed as foo). | ||
2135 | If no listed file is found, /etc directory will be empty. | ||
2136 | All modifications are discarded when the sandbox is closed. | ||
2137 | Multiple private-etc commands are allowed and they accumulate. | ||
2138 | .br | ||
2139 | 2135 | ||
2140 | .br | 2136 | $ firejail --private-etc dig debian.org |
2141 | Example: | 2137 | |
2142 | .br | 2138 | For X11/GTK/QT/Gnome/KDE programs add GUI group as a parameter. Example: |
2143 | $ firejail --private-etc=group,hostname,localtime, \\ | 2139 | |
2144 | .br | 2140 | $ firejail --private-etc=GUI,python* gimp |
2145 | nsswitch.conf,passwd,resolv.conf | 2141 | |
2142 | /etc/python* directories are not part of the generic GUI group. | ||
2143 | These directories are reuqired by Gimp plugin system. File globbing is supported. | ||
2144 | |||
2145 | For games, add GAMES group: | ||
2146 | |||
2147 | $ firejail --private-etc=GUI,GAMES warzone2100 | ||
2148 | |||
2149 | Sound and networking files are included automatically, unless \-\-nosound or \-\-net=none are specified. | ||
2150 | Files for encrypted TLS/SSL protocol are in TLS-CA group. | ||
2151 | |||
2152 | $ firejail --private-etc=TLS-CA,wgetrc wget https://debian.org | ||
2153 | |||
2154 | |||
2155 | Note: The easiest way to extract the list of /etc files accessed by your program is using strace utility: | ||
2156 | |||
2157 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc | ||
2146 | #ifdef HAVE_PRIVATE_HOME | 2158 | #ifdef HAVE_PRIVATE_HOME |
2147 | .TP | 2159 | .TP |
2148 | \fB\-\-private-home=file,directory | 2160 | \fB\-\-private-home=file,directory |