From 878cd16973307ff164289c8c6762efbb23b519a6 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 10 Aug 2015 12:33:28 -0400 Subject: fixing issues 2 and 4 --- src/man/firejail-login.txt | 2 +- src/man/firejail-profile.txt | 24 +++++++++++++++++++----- src/man/firejail.txt | 2 +- src/man/firemon.txt | 2 +- 4 files changed, 22 insertions(+), 8 deletions(-) (limited to 'src/man') diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt index 6613dc044..768896872 100644 --- a/src/man/firejail-login.txt +++ b/src/man/firejail-login.txt @@ -1,4 +1,4 @@ -.TH man 5 "MONTH YEAR" "VERSION" "firejail login.users man page" +.TH FIREJAIL-LOGIN 5 "MONTH YEAR" "VERSION" "firejail login.users man page" .SH NAME login.users \- Login file syntax for Firejail diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 46da19ecd..f85e10171 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -1,4 +1,4 @@ -.TH man 5 "MONTH YEAR" "VERSION" "firejail profiles man page" +.TH FIREJAIL-PROFILE 5 "MONTH YEAR" "VERSION" "firejail profiles man page" .SH NAME profile \- Profile file syntax for Firejail @@ -15,8 +15,19 @@ directory and ~/.config/firejail directory. Include and comment support: .TP -\f\include other.profile -Include other.profile file. +\f\include other.profile exclude-token +Include other.profile file. exclued-token disables blacklist commands in other.profile +if exclude-token word is found in the name section of blacklist command. +exclude-tyoken is optional. + +Example: "include /etc/firejail/disable-common.inc .filezilla" +loads disable-common.inc file disables "blacklist ${HOME}/.filezilla" command in this file. + +other.profile file name can be prefixed with ${HOME}. This will force Firejail to look for the +file in user home directory. + +Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. + .TP # this is a comment @@ -81,14 +92,17 @@ Enable default Linux capabilities filter. caps.drop all Blacklist all Linux capabilities. .TP -caps.drop capability,capability,capability +caps.keep capability,capability,capability Blacklist Linux capabilities filter. .TP caps.drop capability,capability,capability Whitelist Linux capabilities filter. .TP \f\seccomp -Enable default seccomp filter. +Enable default seccomp filter. The default list is as follows: +mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module, +iopl, ioperm, swapon, swapoff, mknode, syslog, process_vm_readv and process_vm_writev, +sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp. .TP \f\seccomp syscall,syscall,syscall Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 51f21975e..4e8d96d31 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1,4 +1,4 @@ -.TH man 1 "MONTH YEAR" "VERSION" "firejail man page" +.TH FIREJAIL 1 "MONTH YEAR" "VERSION" "firejail man page" .SH NAME Firejail \- Linux namespaces sandbox program .SH SYNOPSIS diff --git a/src/man/firemon.txt b/src/man/firemon.txt index b6010f46e..293547a3b 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt @@ -1,4 +1,4 @@ -.TH man 1 "MONTH YEAR" "VERSION" "firemon man page" +.TH FIREMON 1 "MONTH YEAR" "VERSION" "firemon man page" .SH NAME Firemon \- Monitoring program for processes started in a Firejail sandbox. .SH SYNOPSIS -- cgit v1.2.3-70-g09d2