.TH FIREJAIL-CONFIG 5 "MONTH YEAR" "VERSION" "firejail.config man page" .SH NAME firejail.config \- Firejail run time configuration file .SH DESCRIPTION /etc/firejail/firejail.config is the system-wide configuration file for Firejail. It allows the system administrator to enable or disable a number of features and Linux kernel security technologies used by Firejail sandbox. The file contains keyword-argument pairs, one per line. Use 'yes' or 'no' as configuration values. Note that some of these features can also be enabled or disabled at compile time. Most features are enabled by default both at compile time and at run time. .TP \fBbind Enable or disable bind support, default enabled. .TP \fBchroot Enable or disable chroot support, default enabled. .TP \fBfile-transfer Enable or disable file transfer support, default enabled. .TP \fBforce-nonewprivs Force use of nonewprivs. This mitigates the possibility of a user abusing firejail's features to trick a privileged (suid or file capabilities) process into loading code or configuration that is partially under their control. Default disabled. .TP \fBnetwork Enable or disable networking features, default enabled. .TP \fBrestricted-network Enable or disable restricted network support, default disabled. If enabled, networking features should also be enabled (network yes). Restricted networking grants access to --interface, --net=ethXXX and \-\-netfilter only to root user. Regular users are only allowed --net=none. .TP \fBsecomp Enable or disable seccomp support, default enabled. .TP \fBuserns Enable or disable user namespace support, default enabled. .TP \fBwhitelist Enable or disable whitelisting support, default enabled. .TP \fBx11 Enable or disable X11 sandboxing support, default enabled. .TP \fBxephyr-screen Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for a full list of resolutions available on your specific setup. Examples: .br .br xephyr-screen 640x480 .br xephyr-screen 800x600 .br xephyr-screen 1024x768 .br xephyr-screen 1280x1024 .TP \fBxephyr-window-title Firejail window title in Xephyr, default enabled. .TP \fBxephyr-extra-params Xephyr command extra parameters. None by default, and the declaration is commented out. Examples: .br .br xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev .br xephyr-extra-params -grayscale .SH COMPILE TIME CONFIGURATION Most of the features described in this file can also be configured at compile time, please run \fB./configure --help\fR for more details. .SH FILES /etc/firejail/firejail.config .SH LICENSE Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. .PP Homepage: http://firejail.wordpress.com .SH SEE ALSO \&\flfirejail\fR\|(1), \&\flfiremon\fR\|(1), \&\flfirecfg\fR\|(1), \&\flfirejail-profile\fR\|(5) \&\flfirejail-login\fR\|(5)