diff options
author | netblue30 <netblue30@yahoo.com> | 2015-09-26 10:54:28 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-09-26 10:54:28 -0400 |
commit | 7c254e3251aa002972af3b379f71b6b49b7f5119 (patch) | |
tree | 94e5888f5ee4abaa47de5da87b08a66c13bfe47e | |
parent | seccomp testing (diff) | |
download | firejail-7c254e3251aa002972af3b379f71b6b49b7f5119.tar.gz firejail-7c254e3251aa002972af3b379f71b6b49b7f5119.tar.zst firejail-7c254e3251aa002972af3b379f71b6b49b7f5119.zip |
seccomp.errno manpage example
-rw-r--r-- | src/man/firejail.txt | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 3f22a1d2a..899005434 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -850,9 +850,22 @@ Enable seccomp filter, and return errno for the syscalls specified by the comman | |||
850 | .br | 850 | .br |
851 | 851 | ||
852 | .br | 852 | .br |
853 | Example: | 853 | Example: a Bash shell where deleting files is disabled |
854 | .br | ||
855 | |||
856 | .br | ||
857 | $ firejail --seccomp.eperm=unlinkat | ||
858 | .br | ||
859 | Parent pid 10662, child pid 10663 | ||
854 | .br | 860 | .br |
855 | $ firejail \-\-shell=none \-\-seccomp.einval=kill kill 1 | 861 | Child process initialized |
862 | .br | ||
863 | $ touch testfile | ||
864 | .br | ||
865 | $ rm testfile | ||
866 | .br | ||
867 | rm: cannot remove `testfile': Operation not permitted | ||
868 | |||
856 | .TP | 869 | .TP |
857 | \fB\-\-seccomp.print=name | 870 | \fB\-\-seccomp.print=name |
858 | Print the seccomp filter for the sandbox started using \-\-name option. | 871 | Print the seccomp filter for the sandbox started using \-\-name option. |