From 7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6 Mon Sep 17 00:00:00 2001 From: Азалия Смарагдова Date: Mon, 25 Jul 2022 17:16:53 +0500 Subject: Add support for custom AppArmor profiles (--apparmor=) --- src/man/firejail-profile.txt | 6 +++++- src/man/firejail.txt | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'src/man') diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index be1f55f0f..0b0c64ec6 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -478,7 +478,11 @@ Allow tools such as strace and gdb inside the sandbox by whitelisting system cal #ifdef HAVE_APPARMOR .TP \fBapparmor -Enable AppArmor confinement. +Enable AppArmor confinement with the "firejail-default" AppArmor profile. +.TP +\fBapparmor profile_name +Enable AppArmor confinement with a custom AppArmor profile. +Note that the profile in question must already be loaded into the kernel. #endif .TP \fBcaps diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 087d1c85a..b783795f2 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -122,7 +122,13 @@ $ firejail --allusers #ifdef HAVE_APPARMOR .TP \fB\-\-apparmor -Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. +Enable AppArmor confinement with the "firejail-default" AppArmor profile. +For more information, please see \fBAPPARMOR\fR section below. +.TP +\fB\-\-apparmor=profile_name +Enable AppArmor confinement with a custom AppArmor profile. +Note that profile in question must already be loaded into the kernel. +For more information, please see \fBAPPARMOR\fR section below. .TP \fB\-\-apparmor.print=name|pid Print the AppArmor confinement status for the sandbox identified by name or by PID. -- cgit v1.2.3-54-g00ecf