From 649bcd4bfbd7b24ec95873e97e3b5270d84ec374 Mon Sep 17 00:00:00 2001 From: Kristóf Marussy Date: Mon, 27 Jan 2020 21:41:46 +0100 Subject: Documentation for DHCP support --- src/firejail/usage.c | 2 ++ src/man/firejail-profile.txt | 53 ++++++++++++++++++++++++++++++++++++++++++++ src/man/firejail.txt | 49 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+) (limited to 'src') diff --git a/src/firejail/usage.c b/src/firejail/usage.c index c8dc39a04..52d4f7c03 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -82,7 +82,9 @@ static char *usage_str = " --interface=name - move interface in sandbox.\n" " --ip=address - set interface IP address.\n" " --ip=none - no IP address and no default gateway are configured.\n" + " --ip=dhcp - acquire IP address by running dhclient.\n" " --ip6=address - set interface IPv6 address.\n" + " --ip6=dhcp - acquire IPv6 address by running dhclient.\n" " --iprange=address,address - configure an IP address in this range.\n" #endif " --ipc-namespace - enable a new IPC namespace.\n" diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 719a80c2c..84aed41a4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -581,6 +581,33 @@ net eth0 .br ip none +.TP +\fBip dhcp +Acquire an IP address and default gateway for the last interface defined by a +net command, as well as set the DNS servers according to the DHCP response. +This command requires the ISC dhclient DHCP client to be installed and will start +it automatically inside the sandbox. +.br + +.br +Example: +.br +net br0 +.br +ip dhcp +.br + +.br +This command should not be used in conjunction with the dns command if the +DHCP server is set to configure DNS servers for the clients, because the +manually specified DNS servers will be overwritten. + +.br +The DHCP client will NOT release the DHCP lease when the sandbox terminates. +If your DHCP server requires leases to be explicitly released, consider running +a DHCP client and releasing the lease manually in conjunction with the +net none command. + .TP \fBip6 address Assign IPv6 addresses to the last network interface defined by a net command. @@ -593,6 +620,32 @@ net eth0 .br ip6 2001:0db8:0:f101::1/64 +.TP +\fBip6 dhcp +Acquire an IPv6 address and default gateway for the last interface defined by a +net command, as well as set the DNS servers according to the DHCP response. +This command requires the ISC dhclient DHCP client to be installed and will start +it automatically inside the sandbox. +.br + +.br +Example: +.br +net br0 +.br +ip6 dhcp +.br + +.br +This command should not be used in conjunction with the dns command if the +DHCP server is set to configure DNS servers for the clients, because the +manually specified DNS servers will be overwritten. + +.br +The DHCP client will NOT release the DHCP lease when the sandbox terminates. +If your DHCP server requires leases to be explicitly released, consider running +a DHCP client and releasing the lease manually. + .TP \fBiprange address,address Assign an IP address in the provided range to the last network diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e5abcdcf5..4b1134686 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -566,6 +566,31 @@ $ firejail \-\-net=eth0 \-\-\ip=none If the corresponding interface doesn't have an IP address configured, this option is enabled by default. +.TP +\fB\-\-ip=dhcp +Acquire an IP address and default gateway for the last interface defined by a +\-\-net option, as well as set the DNS servers according to the DHCP response. +This option requires the ISC dhclient DHCP client to be installed and will start +it automatically inside the sandbox. +.br + +.br +Example: +.br +$ firejail \-\-net=br0 \-\-ip=dhcp +.br + +.br +This option should not be used in conjunction with the \-\-dns option if the +DHCP server is set to configure DNS servers for the clients, because the +manually specified DNS servers will be overwritten. + +.br +The DHCP client will NOT release the DHCP lease when the sandbox terminates. +If your DHCP server requires leases to be explicitly released, consider running +a DHCP client and releasing the lease manually in conjunction with the +\-\-net=none option. + .TP \fB\-\-ip6=address Assign IPv6 addresses to the last network interface defined by a \-\-net option. @@ -578,6 +603,30 @@ $ firejail \-\-net=eth0 \-\-ip6=2001:0db8:0:f101::1/64 firefox Note: you don't need this option if you obtain your ip6 address from router via SLAAC (your ip6 address and default route will be configured by kernel automatically). +.TP +\fB\-\-ip6=dhcp +Acquire an IPv6 address and default gateway for the last interface defined by a +\-\-net option, as well as set the DNS servers according to the DHCP response. +This option requires the ISC dhclient DHCP client to be installed and will start +it automatically inside the sandbox. +.br + +.br +Example: +.br +$ firejail \-\-net=br0 \-\-ip6=dhcp +.br + +.br +This option should not be used in conjunction with the \-\-dns option if the +DHCP server is set to configure DNS servers for the clients, because the +manually specified DNS servers will be overwritten. + +.br +The DHCP client will NOT release the DHCP lease when the sandbox terminates. +If your DHCP server requires leases to be explicitly released, consider running +a DHCP client and releasing the lease manually. + .TP \fB\-\-iprange=address,address Assign an IP address in the provided range to the last network interface defined by a \-\-net option. A -- cgit v1.2.3-70-g09d2