aboutsummaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAge
* docs: man: Note that some commands can be disabled in firejail.config (#5366)Libravatar glitsj162022-09-14
| | | | | | | | | | | | | | | | | * [man firejail] Make it explicit that some options are disabled by default in firejail.config * Reword firejail.config notes * Only add relevant firejail.config option in notes * move firejail.config notes to the end of each section * fix tracelog note * fix erroneous line break * really fix erroneous line break Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
* docs: change /foo to /bar in symlink handling exampleLibravatar Kelvin M. Klann2022-09-06
| | | | | | | | | As suggested by @birdie-github[1]. This amends commit c78c2b4ec ("docs: note that blacklist/whitelist follow symlinks", 2022-08-28) / PR #5344. [1] https://github.com/netblue30/firejail/pull/5344#issuecomment-1229903967
* Revert "Merge pull request #5315 from ChrysoliteAzalea/landlock"Libravatar Kelvin M. Klann2022-09-05
| | | | | | | | | | | This reverts commit 54cb3e741e972c754e595d56de0bca0792299f83, reversing changes made to 97b1e02d5f4dca4261dc9928f8a5ebf8966682d7. There were many issues and requests for changes raised in the pull request (both code-wise and design-wise) and most of them are still unresolved[1]. [1] https://github.com/netblue30/firejail/pull/5315
* Merge pull request #5315 from ChrysoliteAzalea/landlockLibravatar netblue302022-08-29
|\ | | | | Add Landlock support to Firejail
| * Proposed fixes.Libravatar Азалия Смарагдова2022-08-16
| |
| * Landlock support has been added.Libravatar Азалия Смарагдова2022-08-15
| |
* | docs: note that blacklist/whitelist follow symlinksLibravatar Kelvin M. Klann2022-08-28
| | | | | | | | | | | | Make it more explicit that they do and add an example for each command. Relates to #5338.
* | docs: clarify symlink handling description in --whitelistLibravatar Kelvin M. Klann2022-08-28
| | | | | | | | Format it and improve the grammar and explanation.
* | docs: set vim filetype on the other man pagesLibravatar Kelvin M. Klann2022-08-20
|/ | | | | | | Some man pages are missing it. This amends commit aacd2e7d8 ("docs: set vim filetype on man pages for syntax highlighting", 2022-08-04) / PR #5296.
* Merge pull request #5296 from kmk3/docs-man-vim-ftLibravatar netblue302022-08-14
|\ | | | | docs: set vim filetype on man pages for syntax highlighting
| * docs: set vim filetype on man pages for syntax highlightingLibravatar Kelvin M. Klann2022-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the man pages in src/man use a ".txt" file extension (rather than ".1" or ".5"), their filetype is detected by (neo)vim as "text". So at the bottom of every man page, add a vim modeline in a comment and set the filetype to "groff", to enable syntax highlighting. Note: All of the generated ".man", ".1" and ".5" files are currently being detected as "nroff". Note2: Set the filetype to "groff" rather than "nroff" because at least .UR and .UE are groff extensions. These macros look the same with either filetype, but there may be more extensions being used and the nroff.vim syntax file (which is included by groff.vim) does things differently based on which filetype is used. Based on the following example from (neo)vim's filetype.txt: or add this modeline to the file: /* vim: set filetype=idl : */ See `:help groff.vim` and `:help filetype.txt` in (neo)vim. See also groff_man(7) for the man page macros (including extensions). Environment: neovim 0.7.2-3 on Artix Linux. Misc: I noticed this on #5290.
* | Merge pull request #5290 from kmk3/docs-suid-firejail-usersLibravatar netblue302022-08-14
|\ \ | | | | | | docs: mention risk of SUID binaries and also firejail-users(5)
| * | docs: mention risk of SUID binaries and also firejail-users(5)Libravatar Kelvin M. Klann2022-08-05
| |/ | | | | | | | | | | | | | | | | | | | | | | | | On the introduction of firejail(1), mention the main risk of SUID binaries and that by default, only trusted users should be allowed to run firejail (and how to accomplish that). Note: The added comment line is completely discarded (so there is no extraneous blank line); see groff_man(7) for details. Suggested by @emerajid on #5288. Relates to #4601.
* / Add support for custom AppArmor profiles (--apparmor=)Libravatar Азалия Смарагдова2022-08-05
|/
* introduce new option restrict-namespacesLibravatar smitsohu2022-07-23
|
* makefiles: add generated files as dependenciesLibravatar Kelvin M. Klann2022-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the previous commit ("makefiles: stop failing when config.mk does not exist", 2022-06-23), make will not immediately fail when trying to build a target without having the proper compile-time flags (which are defined on common.mk). For example, when running the command below: make distclean && make It will throw an error only after (mis-)compiling multiple objects. So add a dependency on config.mk on every target that uses output variables (such as @NAME@ / $(NAME)) on its recipe. And add a dependency on config.sh on targets that call shell scripts that use output variables (such as @NAME@ / $NAME). Also, add a recipe for config.mk / config.sh telling to run ./configure, to make it a bit more obvious just in case. With this commit, make will abort earlier, by detecting that the config.mk / config.sh dependency does not exist. This happens before trying to execute the recipe. This also makes the dependencies more accurate, since if config.mk (which defines some CFLAGS) is changed, the CFLAGS may also have changed, so a target that uses CFLAGS should probably be considered out of date in this case anyway. Relates to #5140.
* makefiles: stop failing when config.mk does not existLibravatar Kelvin M. Klann2022-06-30
| | | | | | | | | | | | | | | | | | | This allows running `make clean` and `make distclean` (and possibly others) without having to run ./configure beforehand. Note that some packaging-related targets still depend on the existence of generated files. For example: * dist: config.mk * deb: config.sh Commands used to search and replace: $ git grep -Elz 'include *([^ ]*/)?config.mk' | xargs -0 -I '{}' \ sh -c "printf '%s\n' \ \"\$(sed -E 's|^include *(([^ ]*/)?config.mk)|-include \1|' '{}')\" >'{}'" Relates to #5140.
* build: reduce autoconf input files from 32 to 2Libravatar Kelvin M. Klann2022-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Configure summary: autoconf essentially only parses configure.ac and generates the configure script (that is, the "./configure" shell script). The latter is what actually checks what is available on the system and internally sets the value of the output variables. It then, for every filename foo in AC_CONFIG_FILES (and for every output variable name BAR in AC_SUBST), reads foo.in, replaces every occurrence of `@BAR@` with the value of the shell variable `$BAR` and generates the file foo from the result. After this, configure is finished and `make` could be executed to start the build. Now that (as of #5140) all output variables are only defined on config.mk.in and on config.sh.in, there is no need to generate any makefile nor any other mkfile or shell script at configure time. So rename every "Makefile.in" to "Makefile", mkdeb.sh.in to mkdeb.sh, src/common.mk.in to src/common.mk and leave just config.mk and config.sh as the files to be generated at configure time. This allows editing and committing all makefiles directly, without potentially having to run ./configure in between. Commands used to rename the makefiles: $ git ls-files -z -- '*Makefile.in' | xargs -0 -I '{}' sh -c \ "git mv '{}' \"\$(dirname '{}')/Makefile\"" Additionally, from my (rudimentary) testing, this commit reduces the time it takes to run ./configure by about 20~25% compared to commit 72ece92ea ("Transmission fixes: drop private-lib (#5213)", 2022-06-22). Environment: dash 0.5.11.5-1, gcc 12.1.0-2, Artix Linux, ext4 on an HDD. Commands used for benchmarking each commit: $ : >time_configure && ./configure && make distclean && for i in $(seq 1 10); do { time -p ./configure; } 2>>time_configure; done $ grep real time_configure | awk '{ total += $2 } END { print total/NR }'
* more on disable cgroupsLibravatar netblue302022-06-13
|
* makefiles: include config.mk instead of common.mk where possibleLibravatar Kelvin M. Klann2022-06-12
| | | | | | | | | | | common.mk contains definitions for building programs and it includes config.mk. Some makefiles that include common.mk do not contain any targets for building programs. They depend only on configure-time variable definitions (which are defined on config.mk) rather than anything specific to common.mk. So change their includes of common.mk to config.mk.
* makefiles: define root dir and include relative to itLibravatar Kelvin M. Klann2022-06-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A non-absolute path on an include command is always treated as being relative to the directory in which "make" was started in, rather than being relative to the makefile that contains the command. For example, given the following project structure and file contents: * Makefile: include src/foo.mk * src/foo.mk: include bar.mk * src/bar.mk: Running "make" on the root project directory (that is, where "Makefile" is) yields the following: src/foo.mk:1: bar.mk: No such file or directory As "bar.mk" in "include bar.mk" is relative to the current (process) directory (that is, "./bar.mk") and not to where foo.mk is located in ("./src/bar.mk"). So on every makefile that contains an include command, define the root project directory in the ROOT variable and always include relative to it, to later enable any included mkfiles to include other mkfiles without having to worry about the correct path. Commands used to search and replace: $ git grep -Flz 'include ../common.mk' -- src | xargs -0 -I '{}' sh -c \ "printf '%s\n' \"\`sed 's|include ../common.mk|ROOT = ../..\ninclude \$(ROOT)/src/common.mk|' '{}'\`\" >'{}'" Environment: GNU make 4.3-3.1 on Artix Linux
* removed enforcement of nonewprivs for --noprofileLibravatar netblue302022-06-03
|
* --nettrace only available when running the sandbox as rootLibravatar netblue302022-06-03
|
* enforce nonewprivs for --noprofile optionLibravatar netblue302022-06-03
|
* Removed IDS feature from the default build. To enable it, use --enable-ids ↵Libravatar netblue302022-05-25
| | | | at compile time.
* config guide (firecfg --guide) man pageLibravatar netblue302022-05-23
|
* --oom (#5122)Libravatar netblue302022-05-20
|
* man: typo fixes (#5084)Libravatar glitsj162022-03-31
|
* docs: mention capabilities(7) on --capsLibravatar Kelvin M. Klann2022-03-27
| | | | | | As hinted by @rusty-snake[1]. [1] https://github.com/netblue30/firejail/discussions/5064#discussioncomment-2417395
* Merge pull request #5052 from kmk3/docs-private-bugLibravatar netblue302022-03-24
|\ | | | | docs: mention inconsistent homedir bug involving --private=dir
| * docs: mention inconsistent homedir bug involving --private=dirLibravatar Kelvin M. Klann2022-03-14
| | | | | | | | | | | | | | | | | | And the workaround suggested by @smitsohu[1] and @rusty-snake[2]. Relates to #903 #5048. [1] https://github.com/netblue30/firejail/issues/903#issuecomment-946673346 [2] https://github.com/netblue30/firejail/discussions/5048#discussioncomment-2360034
| * docs: add missing --private note to firejail-profile.txtLibravatar Kelvin M. Klann2022-03-14
| | | | | | | | | | | | It's currently only present on firejail.txt. This amends commit 340699fbd ("misc things", 2020-02-22).
* | Merge pull request #5043 from kmk3/docs-protocol-accLibravatar netblue302022-03-24
|\ \ | |/ |/| man: mention that the protocol command accumulates
| * man: mention that the protocol command accumulatesLibravatar Kelvin M. Klann2022-03-13
| | | | | | | | | | | | | | | | | | | | | | | | As mentioned by @rusty-snake[1]. This amends commit 39654d016 ("adding netlink to --protocol list (#4605)", 2022-01-21). See also commit 75073e0e4 ("man: mention that private-bin and private-etc are cumulative", 2022-01-22) and issue #4078. [1] https://github.com/netblue30/firejail/pull/5042/files#r825477891
* | fbuilder: update man pageLibravatar smitsohu2022-03-13
|/
* build option: support chromium/electron apps most of the timeLibravatar smitsohu2022-03-09
|
* more on --tabLibravatar netblue302022-02-20
|
* --tab: enable shell tab completionLibravatar netblue302022-02-20
|
* netlocker fixesLibravatar netblue302022-02-02
|
* more man page fixesLibravatar smitsohu2022-01-23
| | | | | | there are two build options, should clean up both follow-up to commit a6283fd7873a4f1dffb0730a968406d52545c73a
* Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2022-01-23
|\
| * netlink: revert man pagesLibravatar netblue302022-01-22
| |
* | build option: remove deprecated strace feature from manualLibravatar smitsohu2022-01-23
|/
* man: mention that private-bin and private-etc are cumulativeLibravatar Kelvin M. Klann2022-01-22
| | | | | | This amends commit ac6c8c038 ("fix #4078", 2022-01-21). Fixes #4078.
* adding netlink to --protocol list (#4605)Libravatar netblue2022-01-21
|
* fix #4078Libravatar netblue302022-01-21
|
* nettrace fixesLibravatar netblue302022-01-18
|
* keep-fd option (#4845)Libravatar smitsohu2022-01-14
|
* Merge pull request #4827 from kmk3/noprinters-add-missingLibravatar netblue302022-01-08
|\ | | | | noprinters: add missing items & add to profile.template
| * noprinters: add missing items from new command checklistLibravatar Kelvin M. Klann2022-01-05
| | | | | | | | | | | | | | | | | | | | | | | | See CONTRIBUTING.md. The changes are based on what was done on commit 5a612029b ("rename noautopulse to keep-config-pulse", 2021-05-13) / PR #4278. This amends commit bd15e763e ("--noprinter option", 2021-10-20) and commit d9403dcdc ("small fix", 2021-10-20). Relates to #4607.
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 23:23:09 +0000