Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

man: minor clarifications to man pages #3445

Merged
merged 1 commit into from
Jun 4, 2020
Merged

man: minor clarifications to man pages #3445

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion src/man/firejail-profile.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,8 @@ Use directory as user home.
.TP
\fBprivate-bin file,file
Build a new /bin in a temporary filesystem, and copy the programs in the list.
The files in the list must be expressed as relative to the /bin,
/sbin, /usr/bin, /usr/sbin, or /usr/local/bin directories.
The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin.
.TP
\fBprivate-cache
Expand All @@ -289,26 +291,37 @@ Use the options no3d, nodvd, nosound, notv, nou2f and novideo for additional res
\fBprivate-etc file,directory
Build a new /etc in a temporary
filesystem, and copy the files and directories in the list.
The files and directories in the list must be expressed as relative to
the /etc directory.
All modifications are discarded when the sandbox is closed.
.TP
\fBprivate-home file,directory
Build a new user home in a temporary
filesystem, and copy the files and directories in the list in the
new home. All modifications are discarded when the sandbox is
new home.
The files and directories in the list must be expressed as relative to
the current user's home directory.
All modifications are discarded when the sandbox is
closed.
.TP
\fBprivate-lib file,directory
Build a new /lib directory and bring in the libraries required by the application to run.
The files and directories in the list must be expressed as relative to
the /lib directory.
This feature is still under development, see \fBman 1 firejail\fR for some examples.
.TP
\fBprivate-opt file,directory
Build a new /opt in a temporary
filesystem, and copy the files and directories in the list.
The files and directories in the list must be expressed as relative to
the /opt directory.
All modifications are discarded when the sandbox is closed.
.TP
\fBprivate-srv file,directory
Build a new /srv in a temporary
filesystem, and copy the files and directories in the list.
The files and directories in the list must be expressed as relative to
the /srv directory.
All modifications are discarded when the sandbox is closed.
.TP
\fBprivate-tmp
Expand Down
19 changes: 16 additions & 3 deletions src/man/firejail.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1696,7 +1696,9 @@ $ firejail \-\-private=/home/netblue/firefox-home firefox
.TP
\fB\-\-private-bin=file,file
Build a new /bin in a temporary filesystem, and copy the programs in the list.
If no listed file is found, /bin directory will be empty.
The files in the list must be expressed as relative to the /bin,
/sbin, /usr/bin, /usr/sbin, or /usr/local/bin directories.
If no listed files are found, /bin directory will be empty.
The same directory is also bind-mounted over /sbin, /usr/bin, /usr/sbin and /usr/local/bin.
All modifications are discarded when the sandbox is closed. File globbing is supported,
see \fBFILE GLOBBING\fR section for more details.
Expand Down Expand Up @@ -1792,6 +1794,8 @@ $
\fB\-\-private-etc=file,directory
Build a new /etc in a temporary
filesystem, and copy the files and directories in the list.
The files and directories in the list must be expressed as relative to
the /etc directory.
If no listed file is found, /etc directory will be empty.
All modifications are discarded when the sandbox is closed.
.br
Expand All @@ -1801,13 +1805,16 @@ Example:
.br
$ firejail --private-etc=group,hostname,localtime, \\
.br
nsswitch.conf,passwd,resolv.conf
nsswitch.conf,passwd,resolv.conf,default/motd-news

.TP
\fB\-\-private-home=file,directory
Build a new user home in a temporary
filesystem, and copy the files and directories in the list in the
new home. All modifications are discarded when the sandbox is
new home.
The files and directories in the list must be expressed as relative to
the current user's home directory.
All modifications are discarded when the sandbox is
closed.
.br

Expand All @@ -1819,6 +1826,8 @@ $ firejail \-\-private-home=.mozilla firefox
.TP
\fB\-\-private-lib=file,directory
This feature is currently under heavy development. Only amd64 platforms are supported at this moment.
The files and directories in the list must be expressed as relative to
the /lib directory.
The idea is to build a new /lib in a temporary filesystem,
with only the library files necessary to run the application.
It could be as simple as:
Expand Down Expand Up @@ -1870,6 +1879,8 @@ $
\fB\-\-private-opt=file,directory
Build a new /opt in a temporary
filesystem, and copy the files and directories in the list.
The files and directories in the list must be expressed as relative to
the /opt directory.
If no listed file is found, /opt directory will be empty.
All modifications are discarded when the sandbox is closed.
.br
Expand All @@ -1883,6 +1894,8 @@ $ firejail --private-opt=firefox /opt/firefox/firefox
\fB\-\-private-srv=file,directory
Build a new /srv in a temporary
filesystem, and copy the files and directories in the list.
The files and directories in the list must be expressed as relative to
the /srv directory.
If no listed file is found, /srv directory will be empty.
All modifications are discarded when the sandbox is closed.
.br
Expand Down