From a578bd5d2a03232ee9f94677df25d12a2759003b Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 21 Nov 2015 09:08:26 -0500 Subject: man pages and --help --- src/firejail/usage.c | 8 ++++---- src/man/firejail.txt | 49 +++++++++++++++++++++++++++++++++++-------------- todo | 1 - 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 5dde0bdbd..d8f6d6849 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -200,6 +200,10 @@ void usage(void) { printf("\t--protocol=protocol,protocol,protocol - enable protocol filter.\n"); printf("\t\tProtocol values: unix, inet, inet6, netlink, packet.\n\n"); + printf("\t--protocol.print=name - print the protocol filter for the sandbox\n"); + printf("\t\tidentified by name.\n\n"); + printf("\t--protocol.print=pid - print the protocol filter for the sandbox\n"); + printf("\t\tidentified by PID.\n\n"); printf("\t--quiet - turn off Firejail's output.\n\n"); printf("\t--read-only=dirname_or_filename - set directory or file read-only.\n\n"); @@ -343,10 +347,6 @@ void usage(void) { printf(" start a regular /bin/bash session in sandbox\n"); printf(" $ firejail firefox\n"); printf(" start Mozilla Firefox\n"); - printf(" $ firejail --seccomp firefox\n"); - printf(" start Mozilla Firefox in a seccomp sandbox\n"); - printf(" $ firejail --caps firefox\n"); - printf(" start Mozilla Firefox in a Linux capabilities sandbox\n"); printf(" $ firejail --debug firefox\n"); printf(" debug Firefox sandbox\n"); printf(" $ firejail --private\n"); diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00abc13db..d144fac10 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -61,11 +61,7 @@ $ firejail [OPTIONS] # starting a /bin/bash shell .PP $ firejail [OPTIONS] firefox # starting Mozilla Firefox .PP -Multiple commands can be run in sandbox using regular bash logic operators: -.PP -# sudo firejail [OPTIONS] "/etc/init.d/nginx start && sleep inf" -.PP -In the previous example, "sleep inf" command is required in order to keep the session open for the daemon program. +# sudo firejail [OPTIONS] /etc/init.d/nginx start .SH OPTIONS .TP @@ -906,6 +902,37 @@ Example: .br $ firejail \-\-protocol=unix,inet,inet6 firefox .TP +\fB\-\-protocol.print=name +Print the protocol filter for the sandbox identified by name. +.br + +.br +Example: +.br +$ firejail \-\-name=mybrowser firefox & +.br +[...] +.br +$ firejail \-\-print.print=mybrowser +.br +unix,inet,inet6,netlink + +.TP +\fB\-\-protocol.print=pid +Print the protocol filter for a sandbox identified by PID. +.br + +.br +Example: +.br +$ firejail \-\-list +.br +3272:netblue:firejail \-\-private firefox +.br +$ firejail \-\-protocol.print=3272 +.br +unix,inet,inet6,netlink +.TP \fB\-\-quiet Turn off Firejail's output. .TP @@ -1411,10 +1438,10 @@ Reading profile /home/netblue/.config/firejail/icecat.profile [...] .RE -3. Use a default.profile file if the sandbox -is started by a regular user, or a server.profile file if the sandbox +3. Use default.profile file if the sandbox +is started by a regular user, or server.profile file if the sandbox is started by root. Firejail looks for these files in ~/.config/firejail directory, followed by /etc/firejail directory. -To disable default profile loading, use --noroot command option. Example: +To disable default profile loading, use --noprofile command option. Example: .PP .RS $ firejail @@ -1457,12 +1484,6 @@ Start a regular /bin/bash session in sandbox. \f\firejail firefox Start Mozilla Firefox. .TP -\f\firejail \-\-seccomp firefox -Start Mozilla Firefox in a seccomp sandbox. -.TP -\f\firejail \-\-caps firefox -Start Mozilla Firefox in a Linux capabilities sandbox. -.TP \f\firejail \-\-debug firefox Debug Firefox sandbox. .TP diff --git a/todo b/todo index edf8f0854..dad8b3e10 100644 --- a/todo +++ b/todo @@ -73,5 +73,4 @@ socat ABSTRACT-LISTEN:/tmp/dbus-awBoQTCc,fork UNIX-CONNECT:/tmp/mysock ./configure --enable-fatal-warnings --disable-chroot --prefix=/usr ./configure --enable-fatal-warnings --disable-bind --prefix=/usr -12. help and man for all protocol commands -- cgit v1.2.3-54-g00ecf