From 4171127fae2350b889d50c72fee1fa28fb34c220 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Thu, 9 Oct 2025 01:34:04 -0300 Subject: [PATCH 1/2] docs: man: format/sync ipc-namespace descriptions Relates to #6928. --- src/man/firejail-profile.5.in | 3 ++- src/man/firejail.1.in | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/man/firejail-profile.5.in b/src/man/firejail-profile.5.in index 1b993b2d2..15646a864 100644 --- a/src/man/firejail-profile.5.in +++ b/src/man/firejail-profile.5.in @@ -836,7 +836,8 @@ env CFLAGS="-W -Wall -Werror" .TP \fBipc-namespace -Enable IPC namespace. +Enable a new IPC namespace if the sandbox was started as a regular user. +IPC namespace is enabled by default for sandboxes started as root. .TP \fBkeep-fd diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 4e27c5c54..a671e117f 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in @@ -1117,8 +1117,8 @@ $ firejail \-\-net=eth0 \-\-iprange=192.168.1.100,192.168.1.150 .TP \fB\-\-ipc-namespace -Enable a new IPC namespace if the sandbox was started as a regular user. IPC namespace is enabled by default -for sandboxes started as root. +Enable a new IPC namespace if the sandbox was started as a regular user. +IPC namespace is enabled by default for sandboxes started as root. .br .br From 2e23c32cc76971b52c9af4db360940bd34a96796 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Thu, 9 Oct 2025 01:37:00 -0300 Subject: [PATCH 2/2] docs: man: clarify what ipc-namespace affects Clarify that even though Unix sockets are an IPC mechanism, IPC namespaces do not affect them (see ipc_namespaces(7)). Relates to #6928. Reported-by: @tupo2 --- src/man/firejail-profile.5.in | 7 +++++++ src/man/firejail.1.in | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/src/man/firejail-profile.5.in b/src/man/firejail-profile.5.in index 15646a864..8c39e4206 100644 --- a/src/man/firejail-profile.5.in +++ b/src/man/firejail-profile.5.in @@ -838,6 +838,13 @@ env CFLAGS="-W -Wall -Werror" \fBipc-namespace Enable a new IPC namespace if the sandbox was started as a regular user. IPC namespace is enabled by default for sandboxes started as root. +.br + +.br +Note: This only affects the IPC resources that are mentioned in +\fBipc_namespaces\fR(7). +It does not affect other IPC resources, such as Unix sockets (see +\fBunix\fR(7)). .TP \fBkeep-fd diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index a671e117f..28c789495 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in @@ -1121,6 +1121,13 @@ Enable a new IPC namespace if the sandbox was started as a regular user. IPC namespace is enabled by default for sandboxes started as root. .br +.br +Note: This only affects the IPC resources that are mentioned in +\fBipc_namespaces\fR(7). +It does not affect other IPC resources, such as Unix sockets (see +\fBunix\fR(7)). +.br + .br Example: .br