diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/x11.c | 7 | ||||
-rw-r--r-- | src/man/firejail.txt | 14 |
2 files changed, 14 insertions, 7 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 8c781c67a..a7bd9fd29 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -127,6 +127,13 @@ void x11_start(int argc, char **argv) { | |||
127 | pid_t client = 0; | 127 | pid_t client = 0; |
128 | pid_t server = 0; | 128 | pid_t server = 0; |
129 | 129 | ||
130 | |||
131 | // unfortunately, xpra does a number of wired things when started by root user!!! | ||
132 | if (getuid() == 0) { | ||
133 | fprintf(stderr, "Error: this feature is not available when running as root\n"); | ||
134 | exit(1); | ||
135 | } | ||
136 | |||
130 | // check xpra | 137 | // check xpra |
131 | if (x11_check_xpra() == 0) { | 138 | if (x11_check_xpra() == 0) { |
132 | fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n"); | 139 | fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index fead4eaf5..b72296387 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1516,7 +1516,7 @@ $ firejail "\-\-whitelist=/home/username/My Virtual Machines" | |||
1516 | Start a new X11 server using Xpra (http://xpra.org) and attach the sandbox to this server. | 1516 | Start a new X11 server using Xpra (http://xpra.org) and attach the sandbox to this server. |
1517 | Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens. | 1517 | Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens. |
1518 | The regular X11 server (display 0) is not visible in the sandbox. This prevents screenshot and keylogger | 1518 | The regular X11 server (display 0) is not visible in the sandbox. This prevents screenshot and keylogger |
1519 | applications started in the sandbox from accessing display 0. | 1519 | applications started in the sandbox from accessing display 0. This feature is not available when running as root. |
1520 | .br | 1520 | .br |
1521 | 1521 | ||
1522 | .br | 1522 | .br |
@@ -1535,29 +1535,29 @@ Example: | |||
1535 | $ firejail \-\-zsh | 1535 | $ firejail \-\-zsh |
1536 | 1536 | ||
1537 | .SH FILE TRANSFER | 1537 | .SH FILE TRANSFER |
1538 | These features allow the user to inspect the file system container of an existing sandbox | 1538 | These features allow the user to inspect the filesystem container of an existing sandbox |
1539 | and transfer files from the container to the host file system. | 1539 | and transfer files from the container to the host filesystem. |
1540 | 1540 | ||
1541 | .TP | 1541 | .TP |
1542 | \fB\-\-get=name filename | 1542 | \fB\-\-get=name filename |
1543 | Retrieve the container file and store it on the host in the current working directory. | 1543 | Retrieve the container file and store it on the host in the current working directory. |
1544 | The container is spececified by name (\-\-name option). Full path is needed for filename. | 1544 | The container is specified by name (\-\-name option). Full path is needed for filename. |
1545 | 1545 | ||
1546 | .TP | 1546 | .TP |
1547 | \fB\-\-get=pid filename | 1547 | \fB\-\-get=pid filename |
1548 | Retrieve the container file and store it on the host in the current working directory. | 1548 | Retrieve the container file and store it on the host in the current working directory. |
1549 | The container is spececified by process ID. Full path is needed for filename. | 1549 | The container is specified by process ID. Full path is needed for filename. |
1550 | 1550 | ||
1551 | .TP | 1551 | .TP |
1552 | \fB\-\-ls=name dir_or_filename | 1552 | \fB\-\-ls=name dir_or_filename |
1553 | List container files. | 1553 | List container files. |
1554 | The container is spececified by name (\-\-name option). | 1554 | The container is specified by name (\-\-name option). |
1555 | Full path is needed for dir_or_filename. | 1555 | Full path is needed for dir_or_filename. |
1556 | 1556 | ||
1557 | .TP | 1557 | .TP |
1558 | \fB\-\-ls=pid dir_or_filename | 1558 | \fB\-\-ls=pid dir_or_filename |
1559 | List container files. | 1559 | List container files. |
1560 | The container is spececified by process ID. | 1560 | The container is specified by process ID. |
1561 | Full path is needed for dir_or_filename. | 1561 | Full path is needed for dir_or_filename. |
1562 | 1562 | ||
1563 | .TP | 1563 | .TP |