From 001320226ccb4f2ad913ee3af9932be807d80818 Mon Sep 17 00:00:00 2001
From: qdii <victor.lavaud@gmail.com>
Date: Tue, 9 Jul 2024 03:43:55 +0200
Subject: feature: add notpm command & keep tpm devices in private-dev (#6390)

An ssh private key may be stored in a Trusted Platform Module (TPM)
device and `private-dev` in ssh.profile currently breaks this use-case,
as it does not keep tpm devices (see #6379).

So add a new `notpm` command and keep tpm devices in /dev by default
with `private-dev` unless `notpm` is used.
---
 src/man/firejail.1.in | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'src/man/firejail.1.in')

diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in
index 76f0e29ab..f14eb6ec0 100644
--- a/src/man/firejail.1.in
+++ b/src/man/firejail.1.in
@@ -1918,6 +1918,16 @@ Example:
 .br
 $ firejail \-\-nosound firefox
 
+.TP
+\fB\-\-notpm
+Disable Trusted Platform Module (TPM) devices.
+.br
+
+.br
+Example:
+.br
+$ firejail \-\-notpm
+
 .TP
 \fB\-\-notv
 Disable DVB (Digital Video Broadcasting) TV devices.
@@ -2173,10 +2183,10 @@ $ pwd
 .TP
 \fB\-\-private-dev
 Create a new /dev directory.
-Only disc, dri, dvb, full, hidraw, log, null, ptmx, pts, random, shm, snd, tty,
-urandom, usb, video and zero devices are available.
-Use the options \-\-no3d, \-\-nodvd, \-\-nosound, \-\-notv, \-\-nou2f and
-\-\-novideo for additional restrictions.
+Only disc, dri, dvb, full, hidraw, log, null, ptmx, pts, random, shm, snd, tpm,
+tty, urandom, usb, video and zero devices are available.
+Use the options \-\-no3d, \-\-nodvd, \-\-nosound, \-\-notpm, \-\-notv,
+\-\-nou2f and \-\-novideo for additional restrictions.
 .br
 
 .br
-- 
cgit v1.2.3-70-g09d2