1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
.TH FIRECFG 1 "MONTH YEAR" "VERSION" "firecfg man page"
.SH NAME
Firecfg \- Desktop integration utility for Firejail software.
.SH SYNOPSIS
firecfg [OPTIONS]
.SH DESCRIPTION
Firecfg is the desktop integration utility for Firejail sandbox.
It allows the user to sandbox applications automatically by
clicking on desktop manager icons and menus.
The integration covers:
.br
.PP
.RS
- programs started in a terminal - typing "firefox" would be enough to start a sandboxed Firefox browser
.br
.br
- programs started by clicking on desktop manager menus - all major desktop managers are supported
.br
.br
- programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE
desktop managers are supported in this moment
.RE
.PP
Note: The examples use \fBsudo\fR, but \fBdoas\fR is also supported.
.PP
To set it up, run "sudo firecfg" after installing Firejail software.
The same command should also be run after
installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin
will be created.
.PP
To configure the list of programs used by firecfg when creating symlinks, see
\fBFILES\fR and \fBSYNTAX\fR.
.PP
For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in
\fBman 1 firejail\fR.
.SH DEFAULT ACTIONS
The following actions are implemented by default by running sudo firecfg:
.RS
- set or update the symbolic links for desktop integration;
.br
.br
- add the current user to Firejail user access database (firecfg --add-users);
.br
.br
- fix desktop files in $HOME/.local/share/applications/ (firecfg --fix).
.br
#ifdef HAVE_APPARMOR
.br
- automatically loads and forces the AppArmor profile "firejail-default".
#endif
.RE
.SH OPTIONS
.TP
\fB\-\-add-users user [user]
Add the list of users to Firejail user access database.
Example:
.br
$ sudo firecfg --add-users dustin lucas mike eleven
.TP
\fB\-\-bindir=directory
Create and search symbolic links in directory instead of the default location /usr/local/bin.
Directory should precede /usr/bin and /bin in the PATH environment variable.
.TP
\fB\-\-clean
Remove all firejail symbolic links.
.TP
\fB\-\-fix
Fix .desktop files. Some .desktop files use full path to executable. Firecfg will check .desktop files in
/usr/share/applications/, replace full path by name if it is in PATH, and write result to $HOME/.local/share/applications/.
This action is done by default when running "sudo firecfg". We have it as a separate option for regular users.
.TP
\fB\-\-fix-sound
Create a proper ~/.config/pulse/client.conf file without shm support. On some PulseAudio versions,
shared memory support (shm) breaks the process ID namespace. PulseAudio software was designed
a long time ago, and the introduction of PID namespace in Linux kernel breaks their design. This was
reportedly fixed in PulseAudio version 9. If you have sound problems on your system, run
"firecfg --fix-sound" command in a terminal, followed by logout/login in order to apply the changes.
.TP
\fB\-\-guide
Guided configuration for new users.
.br
.br
Example:
.br
$ sudo firecfg --guide
.br
.TP
\fB\-\-debug
Print debug messages.
.TP
\fB\-?\fR, \fB\-\-help\fR
Print options end exit.
.TP
\fB\-\-list
List all firejail symbolic links
.TP
\fB\-\-version
Print program version and exit.
.PP
Example:
.br
.br
$ sudo firecfg
.br
/usr/local/bin/firefox created
.br
/usr/local/bin/vlc created
.br
[...]
.br
$ firecfg --list
.br
/usr/local/bin/firefox
.br
/usr/local/bin/vlc
.br
[...]
.br
$ sudo firecfg --clean
.br
/usr/local/bin/firefox removed
.br
/usr/local/bin/vlc removed
.br
[...]
.SH FILES
.PP
Configuration files are searched for and parsed in the following paths:
.PP
.RS
1. /etc/firejail/firecfg.d/*.conf (in alphabetical order)
.br
2. /etc/firejail/firecfg.config
.RE
.PP
The programs that are supported by default are listed in
/etc/firejail/firecfg.config.
It is recommended to leave it as is and put all customizations inside
/etc/firejail/firecfg.d/.
.PP
Profile files are also searched in the user configuration directory:
.PP
.RS
3. ~/.config/firejail/*.profile
.RE
.PP
For every \fBPROGRAM.profile\fR file found, firecfg attempts to create a
symlink for "PROGRAM", as if "PROGRAM" was listed in a configuration file.
.SH SYNTAX
Configuration file syntax:
.PP
A line that starts with \fB#\fR is considered a comment.
.br
A line that starts with \fB!PROGRAM\fR means to ignore "PROGRAM" when creating
symlinks and fixing .desktop files.
.br
A line that starts with anything else is considered to be the name of an
executable and firecfg will attempt to create a symlink for it.
.PP
For example, to prevent firecfg from creating symlinks for "firefox" and
"patch" while attempting to create a symlink for "myprog", the following lines
could be added to /etc/firejail/firecfg.d/10-my.conf:
.PP
.RS
!firefox
.br
!patch
.br
.br
myprog
.RE
.SH LICENSE
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
.PP
Homepage: https://firejail.wordpress.com
.SH SEE ALSO
.BR firejail (1),
.BR firemon (1),
.BR firejail-profile (5),
.BR firejail-login (5),
.BR firejail-users (5),
.BR jailcheck (1)
.\" vim: set filetype=groff :
|
