From ef6cfb8a22b6b788298a0601e837856b51c60e76 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Thu, 29 Jun 2023 19:54:21 -0300 Subject: firecfg: add ignore command and docs Add ignore command (`!PROGRAM`), as suggested by @WhyNotHugo[1]. It prevents firecfg from creating a symlink for the given program. Also, document the paths used and the config file syntax. Note that `/etc/firejail/firecfg.d/*.conf` files are parsed before /etc/firejail/firecfg.config, so the former can ignore/override any item in the latter. Closes #2097. [1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459 --- src/man/firecfg.1.in | 57 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 53 insertions(+), 4 deletions(-) (limited to 'src/man') diff --git a/src/man/firecfg.1.in b/src/man/firecfg.1.in index a85fbc5da..e43a573de 100644 --- a/src/man/firecfg.1.in +++ b/src/man/firecfg.1.in @@ -29,9 +29,13 @@ Note: The examples use \fBsudo\fR, but \fBdoas\fR is also supported. To set it up, run "sudo firecfg" after installing Firejail software. The same command should also be run after installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin -will be created. For a full list of programs supported by default run "cat /etc/firejail/firecfg.config". - -For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR. +will be created. +.PP +To configure the list of programs used by firecfg when creating symlinks, see +\fBFILES\fR and \fBSYNTAX\fR. +.PP +For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in +\fBman 1 firejail\fR. .SH DEFAULT ACTIONS The following actions are implemented by default by running sudo firecfg: @@ -135,8 +139,53 @@ $ sudo firecfg --clean /usr/local/bin/vlc removed .br [...] +.SH FILES +.PP +Configuration files are searched for and parsed in the following paths: +.PP +.RS +1. /etc/firejail/firecfg.d/*.conf (in alphabetical order) +.br +2. /etc/firejail/firecfg.config +.RE +.PP +The programs that are supported by default are listed in +/etc/firejail/firecfg.config. +It is recommended to leave it as is and put all customizations inside +/etc/firejail/firecfg.d/. +.PP +Profile files are also searched in the user configuration directory: +.PP +.RS +3. ~/.config/firejail/*.profile +.RE +.PP +For every \fBPROGRAM.profile\fR file found, firecfg attempts to create a +symlink for "PROGRAM", as if "PROGRAM" was listed in a configuration file. +.SH SYNTAX +Configuration file syntax: +.PP +A line that starts with \fB#\fR is considered a comment. +.br +A line that starts with \fB!PROGRAM\fR means to ignore "PROGRAM" when creating +symlinks. +.br +A line that starts with anything else is considered to be the name of an +executable and firecfg will attempt to create a symlink for it. +.PP +For example, to prevent firecfg from creating symlinks for "firefox" and +"patch" while attempting to create a symlink for "myprog", the following lines +could be added to /etc/firejail/firecfg.d/10-my.conf: +.PP +.RS +!firefox +.br +!patch +.br - +.br +myprog +.RE .SH LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. .PP -- cgit v1.2.3-54-g00ecf