Add documentation for keep-dev-shm option

author: ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> 2018-07-09 09:06:06 -0400
committer: ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> 2018-07-09 09:06:06 -0400
commit: ea9e77b7ac6059dd4cb63f88133b889897d2b1a3 (patch)
tree: 1a7d52133709540014f94622ea8386a53c0b79cf
parent: Add personality to allow-debuggers (see #2021) (diff)
download: firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.tar.gz
firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.tar.zst
firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.zip
3 files changed, 15 insertions, 1 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index d9ce96f10..804bfb179 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -94,6 +94,7 @@ static char *usage_str =
        "    --join-network=name|pid - join the network namespace.\n"
 #endif
        "    --join-or-start=name|pid - join the sandbox or start a new one.\n"
+        "    --keep-dev-shm - /dev/shm directory is untouched (even with --private-dev).\n"
        "    --keep-var-tmp - /var/tmp directory is untouched.\n"
        "    --list - list all sandboxes.\n"
 #ifdef HAVE_FILE_TRANSFER
@@ -212,7 +213,7 @@ static char *usage_str =
        "    --top - monitor the most CPU-intensive sandboxes.\n"
        "    --trace - trace open, access and connect system calls.\n"
        "    --tracelog - add a syslog message for every access to files or\n"
-        "\tdirectoires blacklisted by the security profile.\n"
+        "\tdirectories blacklisted by the security profile.\n"
        "    --tree - print a tree of all sandboxed processes.\n"
        "    --version - print program version and exit.\n"
 #ifdef HAVE_NETWORK
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 50455b038..767cf89f4 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -233,6 +233,9 @@ The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin.
 Create a new /dev directory. Only disc, dri, null, full, zero, tty, pts, ptmx,
 random, snd, urandom, video, log and shm devices are available.
 .TP
+\fBkeep-dev-shm
+/dev/shm directory is untouched (even with private-dev).
+.TP
 \fBprivate-etc file,directory
 Build a new /etc in a temporary
 filesystem, and copy the files and directories in the list.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 24d4bbd8c..74a9a9da9 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -678,6 +678,16 @@ Same as "firejail --join=name" if sandbox with specified name exists, otherwise
 Note that in contrary to other join options there is respective profile option.
 .TP
+\fB\-\-keep-dev-shm
+/dev/shm directory is untouched (even with --private-dev)
+.br
+.br
+Example:
+.br
+$ firejail --keep-dev-shm --private-dev
+.TP
 \fB\-\-keep-var-tmp
 /var/tmp directory is untouched.
 .br
author	ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com>	2018-07-09 09:06:06 -0400
committer	ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com>	2018-07-09 09:06:06 -0400
commit	ea9e77b7ac6059dd4cb63f88133b889897d2b1a3 (patch)
tree	1a7d52133709540014f94622ea8386a53c0b79cf
parent	Add personality to allow-debuggers (see #2021) (diff)
download	firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.tar.gz firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.tar.zst firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.zip