From d0a12f27d650ebed63f14102baa671f3655b50c8 Mon Sep 17 00:00:00 2001
From: Antoine Catton <devel@antoine.catton.fr>
Date: Mon, 30 Jan 2023 23:55:49 +0100
Subject: feature: add 'keep-shell-rc' flag and option

This fixes #1127.

This allow a user to provide their own zshrc/bashrc inside the jail.
This is very useful when using firejail to develop and prevent bad pip
packages to access your system.
---
 src/man/firejail-profile.txt | 3 +++
 src/man/firejail.txt         | 8 ++++++++
 2 files changed, 11 insertions(+)

(limited to 'src/man')

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 5b16179ac..3fa07d1ee 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -288,6 +288,9 @@ pulse servers or non-standard socket paths.
 \fBkeep-dev-shm
 /dev/shm directory is untouched (even with private-dev).
 .TP
+\fBkeep-shell-rc
+Do not copy shell rc files (such as ~/.bashrc and ~/.zshrc) from /etc/skel.
+.TP
 \fBkeep-var-tmp
 /var/tmp directory is untouched.
 .TP
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 1b051ab57..6068c9ff4 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1223,6 +1223,14 @@ Example:
 .br
 $ firejail --keep-fd=3,4,5
 
+.TP
+\fB\-\-keep-shell-rc
+By default, when using a private home directory, firejail copies files from the
+system's user home template (/etc/skel) into it, which overrides attempts to
+whitelist the original files (such as ~/.bashrc and ~/.zshrc).
+This option disables this feature, and enables the user to whitelist the
+original files.
+
 .TP
 \fB\-\-keep-var-tmp
 /var/tmp directory is untouched.
-- 
cgit v1.2.3-54-g00ecf