docs: man: Note that some commands can be disabled in firejail.config #5366
Conversation
…ault in firejail.config
There was a problem hiding this comment.
LGTM
IMHO we can expand the firejail.config docu in the manpage even more.
- There's no central firejail.config section where it is explaind, what it does, where it is, ... just random notes like "can be configured in firejail.config".
- We could add a harden firejail with firejail.config by setting ...
- We could add notes about allow-tray, browser-allow-drm, ...
- We could add a note about restricted-network being yes on Debian.
- ...
kmk3
added
the
documentation
|
What about the firejail-profile manpage? Should this also get mentioned there, or is it sufficient in the firejail manpage? |
There was a problem hiding this comment.
I don't know if this PR is intended to be comprehensive, but note that there
are many more options in firejail.config that might affect existing commands.
Examples, including the options that are already in this PR (and formatted as
"firejail.config option: commands"):
- apparmor: --apparmor
- bind: --bind
- chroot: --chroot
- dbus: --dbus-user, --dbus-system
- disable-mnt: --disable-mnt
- file-transfer: --ls, --get, --put, --cat (maybe note it only once in "FILE
TRANSFER"?) - join: --join, --join-filesystem, --join-network, --join-or-start
- name-change: --name (already on man page, but in a different format)
- overlayfs: --overlay
- private-bin: --private-bin
- private-cache: --private-cache
- private-etc: --private-etc
- private-home: --private-home
- private-lib: --private-lib
- private-opt: --private-opt
- private-srv: --private-srv
- tracelog: --tracelog
There are also the following options, which I'm less sure about all the
commands that they might or might not affect:
- network
- restricted-network
- seccomp
- userns
- x11
kmk3
changed the title
kmk3
changed the title
|
FTR
disable-mnt in firejail.config is an enforcment setting (like force-nonewprivs) and does not affect disable-mnt.
maps to |
No description provided.