diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/usage.c | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index c8866da3a..c7e5ba47b 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -33,15 +33,12 @@ static char *usage_str = | |||
33 | " --apparmor - enable AppArmor confinement.\n" | 33 | " --apparmor - enable AppArmor confinement.\n" |
34 | " --apparmor.print=name|pid - print apparmor status.\n" | 34 | " --apparmor.print=name|pid - print apparmor status.\n" |
35 | " --appimage - sandbox an AppImage application.\n" | 35 | " --appimage - sandbox an AppImage application.\n" |
36 | " --audit[=test-program] - audit the sandbox.\n" | ||
37 | #ifdef HAVE_NETWORK | 36 | #ifdef HAVE_NETWORK |
38 | " --bandwidth=name|pid - set bandwidth limits.\n" | 37 | " --bandwidth=name|pid - set bandwidth limits.\n" |
39 | #endif | 38 | #endif |
40 | " --bind=dirname1,dirname2 - mount-bind dirname1 on top of dirname2.\n" | 39 | " --bind=dirname1,dirname2 - mount-bind dirname1 on top of dirname2.\n" |
41 | " --bind=filename1,filename2 - mount-bind filename1 on top of filename2.\n" | 40 | " --bind=filename1,filename2 - mount-bind filename1 on top of filename2.\n" |
42 | " --blacklist=filename - blacklist directory or file.\n" | 41 | " --blacklist=filename - blacklist directory or file.\n" |
43 | " --build - build a whitelisted profile for the application.\n" | ||
44 | " --build=filename - build a whitelisted profile for the application.\n" | ||
45 | " -c - execute command and exit.\n" | 42 | " -c - execute command and exit.\n" |
46 | " --caps - enable default Linux capabilities filter.\n" | 43 | " --caps - enable default Linux capabilities filter.\n" |
47 | " --caps.drop=all - drop all capabilities.\n" | 44 | " --caps.drop=all - drop all capabilities.\n" |
@@ -49,9 +46,6 @@ static char *usage_str = | |||
49 | " --caps.keep=capability,capability - whitelist capabilities filter.\n" | 46 | " --caps.keep=capability,capability - whitelist capabilities filter.\n" |
50 | " --caps.print=name|pid - print the caps filter.\n" | 47 | " --caps.print=name|pid - print the caps filter.\n" |
51 | " --cgroup=tasks-file - place the sandbox in the specified control group.\n" | 48 | " --cgroup=tasks-file - place the sandbox in the specified control group.\n" |
52 | #ifdef HAVE_CHROOT | ||
53 | " --chroot=dirname - chroot into directory.\n" | ||
54 | #endif | ||
55 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" | 49 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" |
56 | " --cpu.print=name|pid - print the cpus in use.\n" | 50 | " --cpu.print=name|pid - print the cpus in use.\n" |
57 | " --debug - print sandbox debug messages.\n" | 51 | " --debug - print sandbox debug messages.\n" |
@@ -71,9 +65,6 @@ static char *usage_str = | |||
71 | " --dns.print=name|pid - print DNS configuration.\n" | 65 | " --dns.print=name|pid - print DNS configuration.\n" |
72 | " --env=name=value - set environment variable.\n" | 66 | " --env=name=value - set environment variable.\n" |
73 | " --fs.print=name|pid - print the filesystem log.\n" | 67 | " --fs.print=name|pid - print the filesystem log.\n" |
74 | #ifdef HAVE_FILE_TRANSFER | ||
75 | " --get=name|pid filename - get a file from sandbox container.\n" | ||
76 | #endif | ||
77 | " --help, -? - this help screen.\n" | 68 | " --help, -? - this help screen.\n" |
78 | " --hostname=name - set sandbox hostname.\n" | 69 | " --hostname=name - set sandbox hostname.\n" |
79 | " --hosts-file=file - use file as /etc/hosts.\n" | 70 | " --hosts-file=file - use file as /etc/hosts.\n" |
@@ -141,52 +132,22 @@ static char *usage_str = | |||
141 | " --novideo - disable video devices.\n" | 132 | " --novideo - disable video devices.\n" |
142 | " --nou2f - disable U2F devices.\n" | 133 | " --nou2f - disable U2F devices.\n" |
143 | " --nowhitelist=filename - disable whitelist for file or directory .\n" | 134 | " --nowhitelist=filename - disable whitelist for file or directory .\n" |
144 | " --output=logfile - stdout logging and log rotation.\n" | ||
145 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" | ||
146 | " --overlay - mount a filesystem overlay on top of the current filesystem.\n" | ||
147 | " --overlay-named=name - mount a filesystem overlay on top of the current\n" | ||
148 | "\tfilesystem, and store it in name directory.\n" | ||
149 | " --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n" | ||
150 | "\tcurrent filesystem.\n" | ||
151 | " --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n" | ||
152 | " --private - temporary home directory.\n" | 135 | " --private - temporary home directory.\n" |
153 | " --private=directory - use directory as user home.\n" | 136 | " --private=directory - use directory as user home.\n" |
154 | " --private-cache - temporary ~/.cache directory.\n" | 137 | " --private-cache - temporary ~/.cache directory.\n" |
155 | " --private-home=file,directory - build a new user home in a temporary\n" | ||
156 | "\tfilesystem, and copy the files and directories in the list in\n" | ||
157 | "\tthe new home.\n" | ||
158 | " --private-bin=file,file - build a new /bin in a temporary filesystem,\n" | ||
159 | "\tand copy the programs in the list.\n" | ||
160 | " --private-dev - create a new /dev directory with a small number of\n" | 138 | " --private-dev - create a new /dev directory with a small number of\n" |
161 | "\tcommon device files.\n" | 139 | "\tcommon device files.\n" |
162 | " --private-etc=file,directory - build a new /etc in a temporary\n" | ||
163 | "\tfilesystem, and copy the files and directories in the list.\n" | ||
164 | " --private-tmp - mount a tmpfs on top of /tmp directory.\n" | 140 | " --private-tmp - mount a tmpfs on top of /tmp directory.\n" |
165 | " --private-opt=file,directory - build a new /opt in a temporary filesystem.\n" | ||
166 | " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" | ||
167 | " --profile=filename - use a custom profile.\n" | 141 | " --profile=filename - use a custom profile.\n" |
168 | " --profile.print=name|pid - print the name of profile file.\n" | 142 | " --profile.print=name|pid - print the name of profile file.\n" |
169 | " --profile-path=directory - use this directory to look for profile files.\n" | 143 | " --profile-path=directory - use this directory to look for profile files.\n" |
170 | " --protocol=protocol,protocol,protocol - enable protocol filter.\n" | 144 | " --protocol=protocol,protocol,protocol - enable protocol filter.\n" |
171 | " --protocol.print=name|pid - print the protocol filter.\n" | 145 | " --protocol.print=name|pid - print the protocol filter.\n" |
172 | #ifdef HAVE_FILE_TRANSFER | ||
173 | " --put=name|pid src-filename dest-filename - put a file in sandbox\n" | ||
174 | "\tcontainer.\n" | ||
175 | #endif | ||
176 | " --quiet - turn off Firejail's output.\n" | 146 | " --quiet - turn off Firejail's output.\n" |
177 | " --read-only=filename - set directory or file read-only..\n" | 147 | " --read-only=filename - set directory or file read-only..\n" |
178 | " --read-write=filename - set directory or file read-write.\n" | 148 | " --read-write=filename - set directory or file read-write.\n" |
179 | " --rlimit-as=number - set the maximum size of the process's virtual memory\n" | 149 | " --rlimit-as=number - set the maximum size of the process's virtual memory\n" |
180 | "\t(address space) in bytes.\n" | 150 | "\t(address space) in bytes.\n" |
181 | " --rlimit-cpu=number - set the maximum CPU time in seconds.\n" | ||
182 | " --rlimit-fsize=number - set the maximum file size that can be created\n" | ||
183 | "\tby a process.\n" | ||
184 | " --rlimit-nofile=number - set the maximum number of files that can be\n" | ||
185 | "\topened by a process.\n" | ||
186 | " --rlimit-nproc=number - set the maximum number of processes that can be\n" | ||
187 | "\tcreated for the real user ID of the calling process.\n" | ||
188 | " --rlimit-sigpending=number - set the maximum number of pending signals\n" | ||
189 | "\tfor a process.\n" | ||
190 | " --rmenv=name - remove environment variable in the new sandbox.\n" | 151 | " --rmenv=name - remove environment variable in the new sandbox.\n" |
191 | #ifdef HAVE_NETWORK | 152 | #ifdef HAVE_NETWORK |
192 | " --scan - ARP-scan all the networks from inside a network namespace.\n" | 153 | " --scan - ARP-scan all the networks from inside a network namespace.\n" |
@@ -210,9 +171,6 @@ static char *usage_str = | |||
210 | "\thas elapsed.\n" | 171 | "\thas elapsed.\n" |
211 | " --tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n" | 172 | " --tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n" |
212 | " --top - monitor the most CPU-intensive sandboxes.\n" | 173 | " --top - monitor the most CPU-intensive sandboxes.\n" |
213 | " --trace - trace open, access and connect system calls.\n" | ||
214 | " --tracelog - add a syslog message for every access to files or\n" | ||
215 | "\tdirectories blacklisted by the security profile.\n" | ||
216 | " --tree - print a tree of all sandboxed processes.\n" | 174 | " --tree - print a tree of all sandboxed processes.\n" |
217 | " --version - print program version and exit.\n" | 175 | " --version - print program version and exit.\n" |
218 | #ifdef HAVE_NETWORK | 176 | #ifdef HAVE_NETWORK |
@@ -226,17 +184,6 @@ static char *usage_str = | |||
226 | "\t/run/user/$UID/gnupg.\n" | 184 | "\t/run/user/$UID/gnupg.\n" |
227 | " --writable-var - /var directory is mounted read-write.\n" | 185 | " --writable-var - /var directory is mounted read-write.\n" |
228 | " --writable-var-log - use the real /var/log directory, not a clone.\n" | 186 | " --writable-var-log - use the real /var/log directory, not a clone.\n" |
229 | #ifdef HAVE_X11 | ||
230 | " --x11 - enable X11 sandboxing. The software checks first if Xpra is\n" | ||
231 | "\tinstalled, then it checks if Xephyr is installed. If all fails, it will\n" | ||
232 | "\tattempt to use X11 security extension.\n" | ||
233 | " --x11=none - disable access to X11 sockets.\n" | ||
234 | " --x11=xephyr - enable Xephyr X11 server. The window size is 800x600.\n" | ||
235 | " --x11=xorg - enable X11 security extension.\n" | ||
236 | " --x11=xpra - enable Xpra X11 server.\n" | ||
237 | " --x11=xvfb - enable Xvfb X11 server.\n" | ||
238 | " --xephyr-screen=WIDTHxHEIGHT - set screen size for --x11=xephyr.\n" | ||
239 | #endif | ||
240 | "\n" | 187 | "\n" |
241 | "Examples:\n" | 188 | "Examples:\n" |
242 | " $ firejail firefox\n" | 189 | " $ firejail firefox\n" |