From c78c2b4ec4557a210c78eaeaf6fc687fe3707eb2 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sun, 28 Aug 2022 19:07:03 -0300 Subject: docs: note that blacklist/whitelist follow symlinks Make it more explicit that they do and add an example for each command. Relates to #5338. --- src/man/firejail.txt | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00393c434..1dd5508b3 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -190,6 +190,13 @@ Example: Blacklist directory or file. File globbing is supported, see \fBFILE GLOBBING\fR section for more details. .br +.br +Symbolic link handling: Blacklisting a path that is a symbolic link will also +blacklist the path that it points to. +For example, if ~/foo is blacklisted and it points to /foo, then /foo will also +be blacklisted. +.br + .br Example: .br @@ -2922,8 +2929,12 @@ all directories in /usr. .br .br -Symbolic link handling: With the exception of the user home directory, both the -link and the real file should be in the same top directory. +Symbolic link handling: Whitelisting a path that is a symbolic link will also +whitelist the path that it points to. +For example, if ~/foo is whitelisted and it points to ~/bar, then ~/bar will +also be whitelisted. +Restrictions: With the exception of the user home directory, both the link and +the real file should be in the same top directory. For symbolic links in the user home directory, both the link and the real file should be owned by the user. .br -- cgit v1.2.3-70-g09d2