Document the restricted-network change

author: The Fox in the Shell <KellerFuchs@hashbang.sh> 2016-05-25 15:59:46 +0200
committer: The Fox in the Shell <KellerFuchs@hashbang.sh> 2016-05-25 15:59:46 +0200
commit: 10bf7d9418fb2d5aabaa5de6ffa8638e75bcbbdd (patch)
tree: 3484364bf5a830966be6c63f06812a9aaed04f63
parent: Make `restricted-network` prevent use of netfilter (diff)
download: firejail-10bf7d9418fb2d5aabaa5de6ffa8638e75bcbbdd.tar.gz
firejail-10bf7d9418fb2d5aabaa5de6ffa8638e75bcbbdd.tar.zst
firejail-10bf7d9418fb2d5aabaa5de6ffa8638e75bcbbdd.zip
3 files changed, 7 insertions, 7 deletions
diff --git a/README.md b/README.md
index 4fa79d9f2..ce4aa4073 100644
--- a/README.md
+++ b/README.md
@@ -197,9 +197,9 @@ The following features can be enabled or disabled:
       restricted-network
              Enable  or disable restricted network support, default disabled.
              If enabled, networking features should also be enabled  (network
-              yes).   Restricted  networking  grants access to --interface and
+              yes).  Restricted networking  grants access to --interface,
-              --net=ethXXX only to root user. Regular users are  only  allowed
+              --net=ethXXX and --netfilter only to root user.  Regular users
-              --net=none.
+                          are only allowed --net=none.  Default disabled
       secomp Enable or disable seccomp support, default enabled.
diff --git a/etc/firejail.config b/etc/firejail.config
index 41cd08e68..fc09f1a0a 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -17,8 +17,8 @@
 # Enable or disable restricted network support, default disabled. If enabled,
 # networking features should also be enabled (network yes).
-# Restricted networking grants access to --interface and --net=ethXXX
+# Restricted networking grants access to --interface, --net=ethXXX and
-# only to root user. Regular users are only allowed --net=none.
+# --netfilter only to root user. Regular users are only allowed --net=none.
 # restricted-network no
 # Enable or disable seccomp support, default enabled.
diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt
index fcf4109ee..de89ff3eb 100644
--- a/src/man/firejail-config.txt
+++ b/src/man/firejail-config.txt
@@ -33,8 +33,8 @@ Enable or disable networking features, default enabled.
 \fBrestricted-network
 Enable or disable restricted network support, default disabled. If enabled,
 networking features should also be enabled (network yes).
-Restricted networking grants access to --interface and --net=ethXXX
+Restricted networking grants access to --interface, --net=ethXXX and
-only to root user. Regular users are only allowed --net=none.
+\-\-netfilter only to root user. Regular users are only allowed --net=none.
 .TP
 \fBsecomp
author	The Fox in the Shell <KellerFuchs@hashbang.sh>	2016-05-25 15:59:46 +0200
committer	The Fox in the Shell <KellerFuchs@hashbang.sh>	2016-05-25 15:59:46 +0200
commit	10bf7d9418fb2d5aabaa5de6ffa8638e75bcbbdd (patch)
tree	3484364bf5a830966be6c63f06812a9aaed04f63
parent	Make `restricted-network` prevent use of netfilter (diff)
download	firejail-10bf7d9418fb2d5aabaa5de6ffa8638e75bcbbdd.tar.gz firejail-10bf7d9418fb2d5aabaa5de6ffa8638e75bcbbdd.tar.zst firejail-10bf7d9418fb2d5aabaa5de6ffa8638e75bcbbdd.zip

diff --git a/README.md b/README.md index 4fa79d9f2..ce4aa4073 100644 --- a/README.md +++ b/README.md
@@ -197,9 +197,9 @@ The following features can be enabled or disabled:
197	restricted-network	197	restricted-network
198	Enable or disable restricted network support, default disabled.	198	Enable or disable restricted network support, default disabled.
199	If enabled, networking features should also be enabled (network	199	If enabled, networking features should also be enabled (network
200	yes). Restricted networking grants access to --interface and	200	yes). Restricted networking grants access to --interface,
201	--net=ethXXX only to root user. Regular users are only allowed	201	--net=ethXXX and --netfilter only to root user. Regular users
202	--net=none.	202	are only allowed --net=none. Default disabled
203		203
204	secomp Enable or disable seccomp support, default enabled.	204	secomp Enable or disable seccomp support, default enabled.
205		205


diff --git a/etc/firejail.config b/etc/firejail.config index 41cd08e68..fc09f1a0a 100644 --- a/etc/firejail.config +++ b/etc/firejail.config
@@ -17,8 +17,8 @@
17		17
18	# Enable or disable restricted network support, default disabled. If enabled,	18	# Enable or disable restricted network support, default disabled. If enabled,
19	# networking features should also be enabled (network yes).	19	# networking features should also be enabled (network yes).
20	# Restricted networking grants access to --interface and --net=ethXXX	20	# Restricted networking grants access to --interface, --net=ethXXX and
21	# only to root user. Regular users are only allowed --net=none.	21	# --netfilter only to root user. Regular users are only allowed --net=none.
22	# restricted-network no	22	# restricted-network no
23		23
24	# Enable or disable seccomp support, default enabled.	24	# Enable or disable seccomp support, default enabled.


diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt index fcf4109ee..de89ff3eb 100644 --- a/src/man/firejail-config.txt +++ b/src/man/firejail-config.txt
@@ -33,8 +33,8 @@ Enable or disable networking features, default enabled.
33	\fBrestricted-network	33	\fBrestricted-network
34	Enable or disable restricted network support, default disabled. If enabled,	34	Enable or disable restricted network support, default disabled. If enabled,
35	networking features should also be enabled (network yes).	35	networking features should also be enabled (network yes).
36	Restricted networking grants access to --interface and --net=ethXXX	36	Restricted networking grants access to --interface, --net=ethXXX and
37	only to root user. Regular users are only allowed --net=none.	37	\-\-netfilter only to root user. Regular users are only allowed --net=none.
38		38
39	.TP	39	.TP
40	\fBsecomp	40	\fBsecomp