aboutsummaryrefslogtreecommitdiffstats
path: root/src/man/firejail.txt
Commit message (Collapse)AuthorAge
* build: simplify code related to man pagesLibravatar Kelvin M. Klann2023-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | Simplify the main targets and use wildcards instead of repeating the filenames manually. Also, restore the `man` target and building only when `HAVE_MAN` is enabled. Note: Make automatically removes intermediate files (.1 and .5), so in general only the .gz files have to be cleaned. Commands used to rename the man pages: cd src/man git mv firecfg.txt firecfg.1.in git mv firejail-login.txt firejail-login.5.in git mv firejail-profile.txt firejail-profile.5.in git mv firejail-users.txt firejail-users.5.in git mv firejail.txt firejail.1.in git mv firemon.txt firemon.1.in git mv jailcheck.txt jailcheck.1.in This is kind of a follow-up to commit 9e206b7f2 ("rework src/man Makefile", 2023-07-07).
* docs: document NAME VALIDATION in firejail.txtLibravatar Kelvin M. Klann2023-06-13
|
* firejail.txt: remove extraneous endifLibravatar Kelvin M. Klann2023-03-10
| | | | | | | Added on commit b689b69f6 ("make --private-lib a compile time option, disabled by default", 2023-03-09). Relates to #5727.
* make --private-lib a compile time option, disabled by defaultLibravatar netblue302023-03-09
|
* feature: add 'keep-shell-rc' flag and optionLibravatar Antoine Catton2023-02-03
| | | | | | | | This fixes #1127. This allow a user to provide their own zshrc/bashrc inside the jail. This is very useful when using firejail to develop and prevent bad pip packages to access your system.
* Merge pull request #5578 from layderv/masterLibravatar netblue302023-01-30
|\ | | | | modif: Prevent sandbox name from containing only digits
| * Prevent sandbox name from containing only digitsLibravatar layderv2023-01-24
| | | | | | | | | | Names should not contain only numbers, as they are used in other commands as PIDs.
* | private-etc: moved group names to @group syntax; GUI group renamed as @x11 ↵Libravatar netblue302023-01-30
| | | | | | | | group; added nvidia and X11 directories to @x11 group.
* | private-etc: fix man pageLibravatar netblue302023-01-25
| |
* | private-etc rework: new man pageLibravatar netblue302023-01-25
| |
* | bringing back whitelisting /devLibravatar netblue302023-01-14
| |
* | rel 0.9.72 testing: disable whitelisting /dev directoryLibravatar netblue302023-01-12
|/
* docs: clarify that --appimage should appear before --profileLibravatar Kelvin M. Klann2022-11-04
| | | | | | | | | | | | | | | | | | | | | | And fix the argument order in the examples to reflect that. Background: The order in which these options appeared in the documentation was inconsistent. src/man/firejail.txt used --appimage before --profile and src/man/firejail-profile.txt used --profile before --appimage. Then commit 44fefcac0 ("Make appimage examples consistent with --appimage option short description", 2022-10-05) / PR #5402 was made, which standardized on --profile before --appimage in both places. But as mentioned by @rusty-snake[1], --appimage has be specified before --profile in order for any `?HAS_APPIMAGE` conditionals inside of the profile to evaluate to true. So change the documentation to use and recommend the latter form. Also, add --quiet to one example to make it clear that --appimage does not have to be the first option (nor the last option before --profile). [1] https://github.com/netblue30/firejail/pull/5402#issuecomment-1274889618
* --icmptraceLibravatar netblue302022-10-24
|
* remove deprecated --shell from man pageLibravatar netblue302022-10-23
|
* dnstrace and snitraceLibravatar netblue302022-10-23
|
* Merge pull request #5402 from slowpeek/masterLibravatar netblue302022-10-11
|\ | | | | docs: Make appimage examples consistent with --appimage option short description
| * Make appimage examples consistent with --appimage option short descriptionLibravatar slowpeek2022-10-05
| |
* | nettrace-dns and nettrace-sniLibravatar netblue302022-10-11
|/
* docs: man: Note that some commands can be disabled in firejail.config (#5366)Libravatar glitsj162022-09-14
| | | | | | | | | | | | | | | | | * [man firejail] Make it explicit that some options are disabled by default in firejail.config * Reword firejail.config notes * Only add relevant firejail.config option in notes * move firejail.config notes to the end of each section * fix tracelog note * fix erroneous line break * really fix erroneous line break Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
* docs: change /foo to /bar in symlink handling exampleLibravatar Kelvin M. Klann2022-09-06
| | | | | | | | | As suggested by @birdie-github[1]. This amends commit c78c2b4ec ("docs: note that blacklist/whitelist follow symlinks", 2022-08-28) / PR #5344. [1] https://github.com/netblue30/firejail/pull/5344#issuecomment-1229903967
* Revert "Merge pull request #5315 from ChrysoliteAzalea/landlock"Libravatar Kelvin M. Klann2022-09-05
| | | | | | | | | | | This reverts commit 54cb3e741e972c754e595d56de0bca0792299f83, reversing changes made to 97b1e02d5f4dca4261dc9928f8a5ebf8966682d7. There were many issues and requests for changes raised in the pull request (both code-wise and design-wise) and most of them are still unresolved[1]. [1] https://github.com/netblue30/firejail/pull/5315
* Merge pull request #5315 from ChrysoliteAzalea/landlockLibravatar netblue302022-08-29
|\ | | | | Add Landlock support to Firejail
| * Proposed fixes.Libravatar Азалия Смарагдова2022-08-16
| |
| * Landlock support has been added.Libravatar Азалия Смарагдова2022-08-15
| |
* | docs: note that blacklist/whitelist follow symlinksLibravatar Kelvin M. Klann2022-08-28
| | | | | | | | | | | | Make it more explicit that they do and add an example for each command. Relates to #5338.
* | docs: clarify symlink handling description in --whitelistLibravatar Kelvin M. Klann2022-08-28
|/ | | | Format it and improve the grammar and explanation.
* Merge pull request #5296 from kmk3/docs-man-vim-ftLibravatar netblue302022-08-14
|\ | | | | docs: set vim filetype on man pages for syntax highlighting
| * docs: set vim filetype on man pages for syntax highlightingLibravatar Kelvin M. Klann2022-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the man pages in src/man use a ".txt" file extension (rather than ".1" or ".5"), their filetype is detected by (neo)vim as "text". So at the bottom of every man page, add a vim modeline in a comment and set the filetype to "groff", to enable syntax highlighting. Note: All of the generated ".man", ".1" and ".5" files are currently being detected as "nroff". Note2: Set the filetype to "groff" rather than "nroff" because at least .UR and .UE are groff extensions. These macros look the same with either filetype, but there may be more extensions being used and the nroff.vim syntax file (which is included by groff.vim) does things differently based on which filetype is used. Based on the following example from (neo)vim's filetype.txt: or add this modeline to the file: /* vim: set filetype=idl : */ See `:help groff.vim` and `:help filetype.txt` in (neo)vim. See also groff_man(7) for the man page macros (including extensions). Environment: neovim 0.7.2-3 on Artix Linux. Misc: I noticed this on #5290.
* | Merge pull request #5290 from kmk3/docs-suid-firejail-usersLibravatar netblue302022-08-14
|\ \ | | | | | | docs: mention risk of SUID binaries and also firejail-users(5)
| * | docs: mention risk of SUID binaries and also firejail-users(5)Libravatar Kelvin M. Klann2022-08-05
| |/ | | | | | | | | | | | | | | | | | | | | | | | | On the introduction of firejail(1), mention the main risk of SUID binaries and that by default, only trusted users should be allowed to run firejail (and how to accomplish that). Note: The added comment line is completely discarded (so there is no extraneous blank line); see groff_man(7) for details. Suggested by @emerajid on #5288. Relates to #4601.
* / Add support for custom AppArmor profiles (--apparmor=)Libravatar Азалия Смарагдова2022-08-05
|/
* introduce new option restrict-namespacesLibravatar smitsohu2022-07-23
|
* more on disable cgroupsLibravatar netblue302022-06-13
|
* removed enforcement of nonewprivs for --noprofileLibravatar netblue302022-06-03
|
* --nettrace only available when running the sandbox as rootLibravatar netblue302022-06-03
|
* enforce nonewprivs for --noprofile optionLibravatar netblue302022-06-03
|
* Removed IDS feature from the default build. To enable it, use --enable-ids ↵Libravatar netblue302022-05-25
| | | | at compile time.
* --oom (#5122)Libravatar netblue302022-05-20
|
* man: typo fixes (#5084)Libravatar glitsj162022-03-31
|
* docs: mention capabilities(7) on --capsLibravatar Kelvin M. Klann2022-03-27
| | | | | | As hinted by @rusty-snake[1]. [1] https://github.com/netblue30/firejail/discussions/5064#discussioncomment-2417395
* Merge pull request #5052 from kmk3/docs-private-bugLibravatar netblue302022-03-24
|\ | | | | docs: mention inconsistent homedir bug involving --private=dir
| * docs: mention inconsistent homedir bug involving --private=dirLibravatar Kelvin M. Klann2022-03-14
| | | | | | | | | | | | | | | | | | And the workaround suggested by @smitsohu[1] and @rusty-snake[2]. Relates to #903 #5048. [1] https://github.com/netblue30/firejail/issues/903#issuecomment-946673346 [2] https://github.com/netblue30/firejail/discussions/5048#discussioncomment-2360034
* | Merge pull request #5043 from kmk3/docs-protocol-accLibravatar netblue302022-03-24
|\ \ | |/ |/| man: mention that the protocol command accumulates
| * man: mention that the protocol command accumulatesLibravatar Kelvin M. Klann2022-03-13
| | | | | | | | | | | | | | | | | | | | | | | | As mentioned by @rusty-snake[1]. This amends commit 39654d016 ("adding netlink to --protocol list (#4605)", 2022-01-21). See also commit 75073e0e4 ("man: mention that private-bin and private-etc are cumulative", 2022-01-22) and issue #4078. [1] https://github.com/netblue30/firejail/pull/5042/files#r825477891
* | fbuilder: update man pageLibravatar smitsohu2022-03-13
|/
* build option: support chromium/electron apps most of the timeLibravatar smitsohu2022-03-09
|
* more on --tabLibravatar netblue302022-02-20
|
* --tab: enable shell tab completionLibravatar netblue302022-02-20
|
* netlocker fixesLibravatar netblue302022-02-02
|