man firejail-config

FIREJAIL-CONFIG(5)         firejail.config man page         FIREJAIL-CONFIG(5)



NAME
       firejail.config - Firejail run time configuration file


DESCRIPTION
       /etc/firejail/firejail.config is the system-wide configuration file for
       Firejail.  It allows the system administrator to enable  or  disable  a
       number of features and Linux kernel security technologies used by Fire‐
       jail sandbox.  The file contains keyword-argument pairs, one per  line.
       Use 'yes' or 'no' as configuration values.

       Note  that  some  of  these features can also be enabled or disabled at
       compile time. Most features are enabled by default both at compile time
       and at run time.


       bind   Enable or disable bind support, default enabled.


       chroot Enable or disable chroot support, default enabled.


       file-transfer
              Enable or disable file transfer support, default enabled.


       force-nonewprivs
              Force  use  of  nonewprivs.  This mitigates the possibility of a
              user abusing firejail's features to trick a privileged (suid  or
              file  capabilities)  process  into loading code or configuration
              that is partially under their control.  Default disabled.


       network
              Enable or disable networking features, default enabled.


       restricted-network
              Enable or disable restricted network support, default  disabled.
              If  enabled, networking features should also be enabled (network
              yes).   Restricted  networking  grants  access  to  --interface,
              --net=ethXXX  and  --netfilter  only to root user. Regular users
              are only allowed --net=none.


       secomp Enable or disable seccomp support, default enabled.


       userns Enable or disable user namespace support, default enabled.


       whitelist
              Enable or disable whitelisting support, default enabled.


       x11    Enable or disable X11 sandboxing support, default enabled.


       xephyr-screen
              Screen   size   for   --x11=xephyr,   default    800x600.    Run
              /usr/bin/xrandr for a full list of resolutions available on your
              specific setup. Examples:

              xephyr-screen 640x480
              xephyr-screen 800x600
              xephyr-screen 1024x768
              xephyr-screen 1280x1024


       xephyr-window-title
              Firejail window title in Xephyr, default enabled.


       xephyr-extra-params
              Xephyr command extra parameters. None by default, and the decla‐
              ration is commented out. Examples:

              xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev
              xephyr-extra-params -grayscale


COMPILE TIME CONFIGURATION
       Most  of  the features described in this file can also be configured at
       compile time, please run ./configure --help for more details.


FILES
       /etc/firejail/firejail.config


LICENSE
       Firejail is free software; you can redistribute  it  and/or  modify  it
       under  the  terms of the GNU General Public License as published by the
       Free Software Foundation; either version 2 of the License, or (at  your
       option) any later version.

       Homepage: https://firejail.wordpress.com

SEE ALSO
       firejail(1),   firemon(1),  firecfg(1),  firejail-profile(5)  firejail-
       login(5)






0.9.42                             Sep 2016                 FIREJAIL-CONFIG(5)