программа-песочница для пространств имен Linux (Linux namespaces sandbox program)
FILE GLOBBING
Globbing is the operation that expands a wildcard pattern into
the
list of pathnames matching the pattern. This pattern is
matched at firejail start, and is NOT UPDATED at runtime.
Files matching a blacklist, but created after firejail
start will be accessible within the jail. Matching is
defined by:
- '?' matches any character
- '*' matches any string
- '[' denotes a range of characters
The globbing feature is implemented using glibc glob command. For
more information on the wildcard syntax see man 7 glob.
The following command line options are supported: --blacklist,
--private-bin, --noexec, --read-only, --read-write,
--tmpfs, and --whitelist.
Examples:
$ firejail --private-bin=sh,bash,python*
$ firejail --blacklist=~/dir[1234]
$ firejail --read-only=~/dir[1-4]
