diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-29 08:35:00 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-29 08:35:00 -0400 |
commit | 66e526598e5334add87c1ce5d880ed7151adaa35 (patch) | |
tree | 181be30d4ba657fccce2fef211f30feb865738b0 | |
parent | readme.md (diff) | |
download | firejail-66e526598e5334add87c1ce5d880ed7151adaa35.tar.gz firejail-66e526598e5334add87c1ce5d880ed7151adaa35.tar.zst firejail-66e526598e5334add87c1ce5d880ed7151adaa35.zip |
readme.md
-rw-r--r-- | README.md | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -80,16 +80,16 @@ Enable protocol filter. It is based on seccomp and it filters the first argument | |||
80 | If the value is not recognized, seccomp will kill the process. | 80 | If the value is not recognized, seccomp will kill the process. |
81 | Valid values: unix, inet, inet6, netlink and packet. | 81 | Valid values: unix, inet, inet6, netlink and packet. |
82 | 82 | ||
83 | "unix" describes the regular Unix socket connections, | ||
84 | and "inet" and "inet6" describe the regular IPv4 and IPv6 traffic. Most GUI applications need "unix,inet,inet6". "netlink" is the protocol | ||
85 | used to talk to Linux kernel. You'll only need this for applications such as [iproute2](http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2) for | ||
86 | system administration, and "packet" is used by sniffers to talk directly with the Ethernet layer. | ||
87 | |||
88 | Example: | 83 | Example: |
89 | ````` | 84 | ````` |
90 | $ firejail --protocol=unix,inet,inet6 | 85 | $ firejail --protocol=unix,inet,inet6 |
91 | ````` | 86 | ````` |
92 | 87 | ||
88 | "unix" describes the regular Unix socket connections, | ||
89 | and "inet" and "inet6" describe the regular IPv4 and IPv6 traffic. Most GUI applications need "unix,inet,inet6". "netlink" is the protocol | ||
90 | used to talk to Linux kernel. You'll only need this for applications such as [iproute2](http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2) | ||
91 | used in system administration, and "packet" is used by sniffers to talk directly with the Ethernet layer. | ||
92 | |||
93 | Protocol filter is enabled in all default security profiles for GUI applications ("protocol unix,inet,inet6"). | 93 | Protocol filter is enabled in all default security profiles for GUI applications ("protocol unix,inet,inet6"). |
94 | 94 | ||
95 | ### Dual i386/amd64 seccomp filter | 95 | ### Dual i386/amd64 seccomp filter |