From dfa079604c7a404f2f580885e2b993cc8eee9c03 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Mon, 10 Jan 2022 13:29:44 +0100 Subject: [PATCH] manpages: Document the new details of --nofilesystem behaviour. (cherry picked from commit da3e12b319094158c2afa3df380bc45a7626928c) --- doc/flatpak-build-finish.xml | 7 +++++++ doc/flatpak-build.xml | 7 +++++++ doc/flatpak-override.xml | 7 +++++++ doc/flatpak-run.xml | 8 ++++++++ 4 files changed, 29 insertions(+) diff --git a/doc/flatpak-build-finish.xml b/doc/flatpak-build-finish.xml index b2b138f1..c96ecd87 100644 --- a/doc/flatpak-build-finish.xml +++ b/doc/flatpak-build-finish.xml @@ -258,6 +258,13 @@ xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a homedir-relative path like ~/dir. This option can be used multiple times. + + In general, "--nofilesystem=PATH" will remove access to a specific path if exactly that path + was previously granted. However, as a special case, "--nofilesystem=home" will remove access to all + previously granted locations inside the homedir as well, such as "home/some-dir", or "xdg-download", + and "--nofilesystem=host" will remove access to all previously granted locations. + Note: absolute paths that happen to be inside the current users home directory are not considered for + this special case. diff --git a/doc/flatpak-build.xml b/doc/flatpak-build.xml index a48e2acd..2cc0cc6d 100644 --- a/doc/flatpak-build.xml +++ b/doc/flatpak-build.xml @@ -247,6 +247,13 @@ xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a homedir-relative path like ~/dir. This option can be used multiple times. + + In general, "--nofilesystem=PATH" will remove access to a specific path if exactly that path + was previously granted. However, as a special case, "--nofilesystem=home" will remove access to all + previously granted locations inside the homedir as well, such as "home/some-dir", or "xdg-download", + and "--nofilesystem=host" will remove access to all previously granted locations. + Note: absolute paths that happen to be inside the current users home directory are not considered for + this special case. diff --git a/doc/flatpak-override.xml b/doc/flatpak-override.xml index e2768a42..0695b32f 100644 --- a/doc/flatpak-override.xml +++ b/doc/flatpak-override.xml @@ -230,6 +230,13 @@ xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a homedir-relative path like ~/dir. This option can be used multiple times. + + In general, "--nofilesystem=PATH" will remove access to a specific path if exactly that path + was previously granted. However, as a special case, "--nofilesystem=home" will remove access to all + previously granted locations inside the homedir as well, such as "home/some-dir", or "xdg-download", + and "--nofilesystem=host" will remove access to all previously granted locations. + Note: absolute paths that happen to be inside the current users home directory are not considered for + this special case. diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml index a9c2c947..77b41c39 100644 --- a/doc/flatpak-run.xml +++ b/doc/flatpak-run.xml @@ -373,7 +373,15 @@ xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, an absolute path, or a homedir-relative path like ~/dir. This option can be used multiple times. + + In general, "--nofilesystem=PATH" will remove access to a specific path if exactly that path + was previously granted. However, as a special case, "--nofilesystem=home" will remove access to all + previously granted locations inside the homedir as well, such as "home/some-dir", or "xdg-download", + and "--nofilesystem=host" will remove access to all previously granted locations. + Note: absolute paths that happen to be inside the current users home directory are not considered for + this special case. +