From eb42779f95a51aa00ffef62510a00dc5e7716b0d Mon Sep 17 00:00:00 2001 From: Glenn Washburn Date: Wed, 10 Oct 2018 01:08:43 -0500 Subject: Update man pages and usage to reflect --profile enhancement. --- src/firejail/usage.c | 2 +- src/man/firejail-profile.txt | 13 ++++++++++++- src/man/firejail.txt | 13 +++++++++++-- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/firejail/usage.c b/src/firejail/usage.c index f54e6f744..b8f8b4f2f 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -164,7 +164,7 @@ static char *usage_str = " --private-tmp - mount a tmpfs on top of /tmp directory.\n" " --private-opt=file,directory - build a new /opt in a temporary filesystem.\n" " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" - " --profile=filename - use a custom profile.\n" + " --profile=filename|profile_name - use a custom profile.\n" " --profile.print=name|pid - print the name of profile file.\n" " --profile-path=directory - use this directory to look for profile files.\n" " --protocol=protocol,protocol,protocol - enable protocol filter.\n" diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 17562c503..5daca8abd 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -5,12 +5,14 @@ profile \- Security profile file syntax for Firejail .SH USAGE .TP firejail \-\-profile=filename.profile +.RE +firejail \-\-profile=profile_name .SH DESCRIPTION Several command line options can be passed to the program using profile files. Firejail chooses the profile file as follows: -\fB1.\fR If a profile file is provided by the user with \-\-profile option, the profile file is loaded. +\fB1.\fR If a profile file is provided by the user with \-\-profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. Example: .PP .RS @@ -21,6 +23,15 @@ Reading profile /home/netblue/icecat.profile [...] .RE +.PP +.RS +$ firejail --profile=icecat icecat-wrapper.sh +.br +Reading profile /home/netblue/icecat.profile +.br +[...] +.RE + \fB2.\fR If a profile file with the same name as the application is present in ~/.config/firejail directory or in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: .PP diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7427b1009..5a374ac55 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1531,7 +1531,7 @@ drwxrwxrwt 2 nobody nogroup 4096 Apr 30 10:52 .X11-unix .TP -\fB\-\-profile=filename +\fB\-\-profile=filename_or_profilename Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path. For more information, see \fBSECURITY PROFILES\fR section below. .br @@ -2701,7 +2701,7 @@ The owner of the sandbox. Several command line options can be passed to the program using profile files. Firejail chooses the profile file as follows: -1. If a profile file is provided by the user with --profile option, the profile file is loaded. +1. If a profile file is provided by the user with --profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. Example: .PP .RS @@ -2712,6 +2712,15 @@ Reading profile /home/netblue/icecat.profile [...] .RE +.PP +.RS +$ firejail --profile=icecat icecat-wrapper.sh +.br +Reading profile /home/netblue/icecat.profile +.br +[...] +.RE + 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: .PP -- cgit v1.2.3-54-g00ecf