From 9774ab8a35f79be0b3bb1fd6313bac2bdbfaf6c0 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 25 Jan 2023 11:56:08 -0500 Subject: private-etc rework: new man page --- README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'README.md') diff --git a/README.md b/README.md index 8a55d2433..7365303ca 100644 --- a/README.md +++ b/README.md @@ -182,6 +182,44 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe ## Current development version: 0.9.73 +### private-etc rework +````` + --private-etc + + --private-etc=file,directory + The files installed by --private-etc are copies of the original + system files from /etc directory. By default, the command + brings in a skeleton of files and directories used by most con‐ + sole tools: + + $ firejail --private-etc dig debian.org + + For X11/GTK/QT/Gnome/KDE programs add GUI group as a parameter. + Example: + + $ firejail --private-etc=GUI,python* gimp + + /etc/python* directories are not part of the generic GUI group. + These directories are reuqired by Gimp plugin system. File glob‐ + bing is supported. + + For games, add GAMES group: + + $ firejail --private-etc=GUI,GAMES warzone2100 + + Sound and networking files are included automatically, unless + --nosound or --net=none are specified. Files for encrypted + TLS/SSL protocol are in TLS-CA group. + + $ firejail --private-etc=TLS-CA,wgetrc wget https://debian.org + + Note: The easiest way to extract the list of /etc files accessed + by your program is using strace utility: + + $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc + +````` +We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) ### Profile Statistics -- cgit v1.2.3-70-g09d2