From 0718b75ad3198ff25e8e3f0c19142a7316acb5c2 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Thu, 20 Feb 2025 07:55:41 -0300 Subject: [PATCH 1/2] docs: format --build on firejail.1 --- src/man/firejail.1.in | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 423f0b008e..ea4cb235d2 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in @@ -219,7 +219,11 @@ $ firejail \-\-blacklist="/home/username/My Virtual Machines" $ firejail \-\-blacklist=/home/username/My\\ Virtual\\ Machines .TP \fB\-\-build -The command builds a whitelisted profile. The profile is printed on the screen. The program is run in a very relaxed sandbox, with only \-\-caps.drop=all and \-\-seccomp=!chroot. Programs that raise user privileges are not supported. +The command builds a whitelisted profile. +The profile is printed on the screen. +The program is run in a very relaxed sandbox, with only \-\-caps.drop=all and +\-\-seccomp=!chroot. +Programs that raise user privileges are not supported. .br .br @@ -230,8 +234,10 @@ $ firejail \-\-build vlc ~/Videos/test.mp4 $ firejail \-\-build \-\-appimage ~/Downloads/Subsurface.AppImage .TP \fB\-\-build=profile-file -The command builds a whitelisted profile, and saves it in profile-file. The program is run in a very relaxed sandbox, -with only \-\-caps.drop=all and \-\-seccomp=!chroot. Programs that raise user privileges are not supported. +The command builds a whitelisted profile, and saves it in profile-file. +The program is run in a very relaxed sandbox, with only \-\-caps.drop=all and +\-\-seccomp=!chroot. +Programs that raise user privileges are not supported. .br .br From 468e1d26b05bf505c3facc37fa10f60ba1b03fcc Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Thu, 20 Feb 2025 08:10:43 -0300 Subject: [PATCH 2/2] docs: note that --build may generate a non-functional profile Users might expect `--build` to generate a complete and working profile (see #6651), so clarify that this is not really the case. --- src/man/firejail.1.in | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index ea4cb235d2..2f8266883e 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in @@ -226,6 +226,13 @@ The program is run in a very relaxed sandbox, with only \-\-caps.drop=all and Programs that raise user privileges are not supported. .br +.br +Note: This option is intended for profile debugging and development. +The profile that is generated may be incomplete, non-functional and lacking in +security. +If you want to try to create a new profile, see CONTRIBUTING.md. +.br + .br Example: .br @@ -240,6 +247,13 @@ The program is run in a very relaxed sandbox, with only \-\-caps.drop=all and Programs that raise user privileges are not supported. .br +.br +Note: This option is intended for profile debugging and development. +The profile that is generated may be incomplete, non-functional and lacking in +security. +If you want to try to create a new profile, see CONTRIBUTING.md. +.br + .br Example: .br