Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   firejail-profile    ( 5 )

синтаксис файла профиля безопасности и информация о создании новых профилей приложений (Security profile file syntax, and information about building new application profiles.)

Имя (Name)

profile - Security profile file syntax, and information about building new application profiles.

Синопсис (Synopsis)

Using a specific profile:

firejail --profile=filename.profile

Example: $ firejail --profile=/etc/firejail/kdenlive.profile --appimage kdenlive.appimage

firejail --profile=profile_name

Example: $ firejail --profile=kdenlive --appimage kdenlive.appimage

Building a profile manually:

Start with the template in /usr/share/doc/firejail/profile.template and modify it in a text editor. To integrate the program in your desktop environment copy the profile file in ~/.config/firejail directory and run "sudo firecfg".

Aliases and redirections:

In some cases the same profile can be used for several applications. One such example is LibreOffice. Build a regular profile for the main application, and for the rest use /usr/share/doc/firejail/redirect_alias- profile.template.

Running the profile builder:

firejail --build=appname.profile appname

Example: $ firejail --build=blobby.profile blobby

Run the program in "firejail --build" and try to exercise as many program features as possible. The profile is extracted and saved in the current directory. Open it in a text editor and add or remove sandboxing options as necessary. Test again after modifying the profile. To integrate the program in your desktop environment copy the profile file in ~/.config/firejail directory and run "sudo firecfg".

Описание (Description)

Several command line options can be passed to the program using profile files. Firejail chooses the profile file as follows:

1. If a profile file is provided by the user with --profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix. Example:

$ firejail --profile=/home/netblue/icecat.profile icecat Reading profile /home/netblue/icecat.profile [...]

$ firejail --profile=icecat icecat-wrapper.sh Reading profile /etc/firejail/icecat.profile [...]

2. If a profile file with the same name as the application is present in ~/.config/firejail directory or in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example:

$ firejail icecat Command name #icecat# Found icecat profile in /home/netblue/.config/firejail directory Reading profile /home/netblue/.config/firejail/icecat.profile [...]

3. Use a default.profile file if the sandbox is started by a regular user, or a server.profile file if the sandbox is started by root. Firejail looks for these files in ~/.config/firejail directory, followed by /etc/firejail directory. To disable default profile loading, use --noprofile command option. Example:

$ firejail Reading profile /etc/firejail/default.profile Parent pid 8553, child pid 8554 Child process initialized [...]

$ firejail --noprofile Parent pid 8553, child pid 8554 Child process initialized [...]