Skip to content

docs: clarify --noprofile and mention --profile=noprofile #6670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kmk3 wants to merge 1 commit into from
Closed

docs: clarify --noprofile and mention --profile=noprofile #6670

kmk3 wants to merge 1 commit into from

Conversation

@kmk3
Copy link
Collaborator

@kmk3 kmk3 commented Feb 28, 2025
edited
Loading

Note that certain restrictions are applied even with --noprofile and
that some of them can be lifted by using --profile=noprofile.

Additionally, add a few cross-references for related commands.

@kmk3 kmk3 added the documentation Issues and pull requests related to the documentation label Feb 28, 2025
@kmk3 kmk3 requested a review from rusty-snake February 28, 2025 11:40
@github-project-automation github-project-automation bot moved this to In progress in Release 0.9.74 Feb 28, 2025
rusty-snake
rusty-snake reviewed Feb 28, 2025
View reviewed changes
src/man/firejail.1.in Outdated
.TP
\fB\-\-noprofile
Do not use a security profile.
Do not load any security profile at all.
Copy link
Collaborator

@rusty-snake rusty-snake Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vs. "Do load an empty security profile."?

Copy link
Collaborator Author

@kmk3 kmk3 Mar 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vs. "Do load an empty security profile."?

Not sure what you mean, so I just reverted it.

Also added a note about profile debugging.

Copy link
Collaborator

@rusty-snake rusty-snake Mar 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No profile is equivalent to an empty profile. I'm not sure what is more clear to users.

src/man/firejail.1.in Outdated
.br
Example:
Note that certain restrictions are specified in the source code rather than in
profiles.
Copy link
Collaborator

@rusty-snake rusty-snake Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe clarify that some restrictions are enabled by default and can be lifted with keep-*, writable-*, noblacklist, allow-*, ... and some are enabled unconditionally.

Copy link
Collaborator Author

@kmk3 kmk3 Mar 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe clarify that some restrictions are enabled by default and can be lifted
with keep-*, writable-*, noblacklist, allow-*, ...

For the sake of maintenance, I think it would be better in general to avoid
mirroring all the commands from noprofile.profile (other than in
profile.template).

Likewise, if there is to be a list of all other "allow" commands, I think it
would make more sense to put that in its own section rather than inside
the description of --noprofile.

But I added a note about the more generic ones ones: --noblacklist,
--nowhitelist and --ignore.

and some are enabled unconditionally.

Added a part about this.

@kmk3
docs: clarify --noprofile and mention --profile=noprofile
022efd9 
Note that certain restrictions are applied even with `--noprofile` and
that some of them can be lifted by using `--profile=noprofile`.

Additionally, add a few cross-references for related commands.
@kmk3 kmk3 force-pushed the docs-clarify-noprofile branch from 32983f6 to 022efd9 Compare March 1, 2025 17:41
@kmk3 kmk3 marked this pull request as draft March 14, 2025 06:13
@kmk3 kmk3 moved this from In progress to 0.9.76 in Release 0.9.74 Mar 30, 2025
@kmk3 kmk3 removed this from Release 0.9.74 Apr 9, 2025
@kmk3 kmk3 moved this to Todo in Release 0.9.76 Apr 9, 2025
@kmk3
Copy link
Collaborator Author

kmk3 commented Dec 5, 2025

Closing to clarify that the PR is not intended for merging in this state.

@kmk3 kmk3 closed this Dec 5, 2025
@kmk3 kmk3 deleted the docs-clarify-noprofile branch December 5, 2025 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rusty-snake rusty-snake rusty-snake left review comments

Assignees

No one assigned

Labels

documentation Issues and pull requests related to the documentation

Projects

Release 0.9.76
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kmk3 @rusty-snake