github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 22:01:13 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

docs: document NAME VALIDATION in firejail.txt

Browse source
This commit is contained in:
Kelvin M. Klann 2023-06-13 21:16:17 -03:00
parent a51968336d
commit 6489138a56
2 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/firejail/util.c
View file

@ -1476,6 +1476,8 @@ int ascii_isxdigit(unsigned char c) {
return ret;
}
// Note: Keep this in sync with NAME VALIDATION in src/man/firejail.txt.
//
// Allow only ASCII letters, digits and a few special characters; names with
// only numbers are rejected; spaces and control characters are rejected.
int invalid_name(const char *name) {

24
src/man/firejail.txt
View file

@ -876,6 +876,8 @@ Print options end exit.
\fB\-\-hostname=name
Set sandbox hostname.
.br
For valid names, see the \fBNAME VALIDATION\fR section.
.br
.br
Example:
@ -1180,7 +1182,9 @@ Switching to pid 1932, the first child process inside the sandbox
.TP
\fB\-\-join-or-start=name
Join the sandbox identified by name or start a new one.
Same as "firejail --join=name" if sandbox with specified name exists, otherwise same as "firejail --name=name ..."
Same as "firejail --join=name" if sandbox with specified name exists, otherwise
same as "firejail --name=name ...".
See \fB\-\-name\fR for details.
.br
Note that in contrary to other join options there is respective profile option.
@ -1340,8 +1344,13 @@ $ firejail \-\-net=eth0 \-\-mtu=1492
\fB\-\-name=name
Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use
this name to identify a sandbox.
The name cannot contain only digits, as that is treated as a PID in the other options, such as in \-\-join.
The name cannot contain only digits, as that is treated as a PID in the other
options, such as in \-\-join.
.br
For valid names, see the \fBNAME VALIDATION\fR section.
.br
.br
In case the name supplied by the user is already in use by another sandbox, Firejail will assign a
new name as "name-PID", where PID is the process ID of the sandbox. This functionality
can be disabled at run time in /etc/firejail/firejail.config file, by setting "name-change" flag to "no".
@ -3296,6 +3305,17 @@ Example:
$ firejail --net=eth0 --x11=xephyr --xephyr-screen=640x480 firefox
.br
#endif
.\" Note: Keep this in sync with invalid_name() in src/firejail/util.c.
.SH NAME VALIDATION
For simplicity, the same name validation is used for multiple options.
Rules:
.PP
The name must be 1-253 characters long.
The name can only contain ASCII letters, digits and the special characters
"-._" (that is, the name cannot contain spaces or control characters).
The name cannot contain only digits.
The first and last characters must be an ASCII letter or digit and the name
may contain special characters in the middle.
#ifdef HAVE_APPARMOR
.SH APPARMOR
.TP