синтаксис файла профиля безопасности и информация о создании новых профилей приложений (Security profile file syntax, and information about building new application profiles.)
Описание (Description)
Several command line options can be passed to the program using
profile files. Firejail chooses the profile file as follows:
1. If a profile file is provided by the user with --profile
option, the profile file is loaded. If a profile name is given,
it is searched for first in the ~/.config/firejail directory and
if not found then in /etc/firejail directory. Profile names do
not include the .profile suffix. Example:
$ firejail --profile=/home/netblue/icecat.profile icecat
Reading profile /home/netblue/icecat.profile
[...]
$ firejail --profile=icecat icecat-wrapper.sh
Reading profile /etc/firejail/icecat.profile
[...]
2. If a profile file with the same name as the application is
present in ~/.config/firejail directory or in /etc/firejail, the
profile is loaded. ~/.config/firejail takes precedence over
/etc/firejail. Example:
$ firejail icecat
Command name #icecat#
Found icecat profile in /home/netblue/.config/firejail
directory
Reading profile
/home/netblue/.config/firejail/icecat.profile
[...]
3. Use a default.profile file if the sandbox is started by a
regular user, or a server.profile file if the sandbox is started
by root. Firejail looks for these files in ~/.config/firejail
directory, followed by /etc/firejail directory. To disable
default profile loading, use --noprofile command option. Example:
$ firejail
Reading profile /etc/firejail/default.profile
Parent pid 8553, child pid 8554
Child process initialized
[...]
$ firejail --noprofile
Parent pid 8553, child pid 8554
Child process initialized
[...]
