diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/util.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 24 |
2 files changed, 24 insertions, 2 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index 6c79c050e..555486916 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -1476,6 +1476,8 @@ int ascii_isxdigit(unsigned char c) { | |||
1476 | return ret; | 1476 | return ret; |
1477 | } | 1477 | } |
1478 | 1478 | ||
1479 | // Note: Keep this in sync with NAME VALIDATION in src/man/firejail.txt. | ||
1480 | // | ||
1479 | // Allow only ASCII letters, digits and a few special characters; names with | 1481 | // Allow only ASCII letters, digits and a few special characters; names with |
1480 | // only numbers are rejected; spaces and control characters are rejected. | 1482 | // only numbers are rejected; spaces and control characters are rejected. |
1481 | int invalid_name(const char *name) { | 1483 | int invalid_name(const char *name) { |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 586ef9852..19fc94ebd 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -876,6 +876,8 @@ Print options end exit. | |||
876 | \fB\-\-hostname=name | 876 | \fB\-\-hostname=name |
877 | Set sandbox hostname. | 877 | Set sandbox hostname. |
878 | .br | 878 | .br |
879 | For valid names, see the \fBNAME VALIDATION\fR section. | ||
880 | .br | ||
879 | 881 | ||
880 | .br | 882 | .br |
881 | Example: | 883 | Example: |
@@ -1180,7 +1182,9 @@ Switching to pid 1932, the first child process inside the sandbox | |||
1180 | .TP | 1182 | .TP |
1181 | \fB\-\-join-or-start=name | 1183 | \fB\-\-join-or-start=name |
1182 | Join the sandbox identified by name or start a new one. | 1184 | Join the sandbox identified by name or start a new one. |
1183 | Same as "firejail --join=name" if sandbox with specified name exists, otherwise same as "firejail --name=name ..." | 1185 | Same as "firejail --join=name" if sandbox with specified name exists, otherwise |
1186 | same as "firejail --name=name ...". | ||
1187 | See \fB\-\-name\fR for details. | ||
1184 | .br | 1188 | .br |
1185 | Note that in contrary to other join options there is respective profile option. | 1189 | Note that in contrary to other join options there is respective profile option. |
1186 | 1190 | ||
@@ -1340,8 +1344,13 @@ $ firejail \-\-net=eth0 \-\-mtu=1492 | |||
1340 | \fB\-\-name=name | 1344 | \fB\-\-name=name |
1341 | Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use | 1345 | Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use |
1342 | this name to identify a sandbox. | 1346 | this name to identify a sandbox. |
1343 | The name cannot contain only digits, as that is treated as a PID in the other options, such as in \-\-join. | 1347 | The name cannot contain only digits, as that is treated as a PID in the other |
1348 | options, such as in \-\-join. | ||
1349 | .br | ||
1350 | For valid names, see the \fBNAME VALIDATION\fR section. | ||
1351 | .br | ||
1344 | 1352 | ||
1353 | .br | ||
1345 | In case the name supplied by the user is already in use by another sandbox, Firejail will assign a | 1354 | In case the name supplied by the user is already in use by another sandbox, Firejail will assign a |
1346 | new name as "name-PID", where PID is the process ID of the sandbox. This functionality | 1355 | new name as "name-PID", where PID is the process ID of the sandbox. This functionality |
1347 | can be disabled at run time in /etc/firejail/firejail.config file, by setting "name-change" flag to "no". | 1356 | can be disabled at run time in /etc/firejail/firejail.config file, by setting "name-change" flag to "no". |
@@ -3296,6 +3305,17 @@ Example: | |||
3296 | $ firejail --net=eth0 --x11=xephyr --xephyr-screen=640x480 firefox | 3305 | $ firejail --net=eth0 --x11=xephyr --xephyr-screen=640x480 firefox |
3297 | .br | 3306 | .br |
3298 | #endif | 3307 | #endif |
3308 | .\" Note: Keep this in sync with invalid_name() in src/firejail/util.c. | ||
3309 | .SH NAME VALIDATION | ||
3310 | For simplicity, the same name validation is used for multiple options. | ||
3311 | Rules: | ||
3312 | .PP | ||
3313 | The name must be 1-253 characters long. | ||
3314 | The name can only contain ASCII letters, digits and the special characters | ||
3315 | "-._" (that is, the name cannot contain spaces or control characters). | ||
3316 | The name cannot contain only digits. | ||
3317 | The first and last characters must be an ASCII letter or digit and the name | ||
3318 | may contain special characters in the middle. | ||
3299 | #ifdef HAVE_APPARMOR | 3319 | #ifdef HAVE_APPARMOR |
3300 | .SH APPARMOR | 3320 | .SH APPARMOR |
3301 | .TP | 3321 | .TP |