diff options
author | 2023-01-14 10:41:08 -0500 | |
---|---|---|
committer | 2023-01-14 10:41:08 -0500 | |
commit | ecb408418fcc0ceeacce76e86f6200fd0fdd149c (patch) | |
tree | ca5a464131a5fcf8c5acccd13e4b56e955f795cb | |
parent | RELNOTES: add bugfix for --profile-path in --help (diff) | |
download | firejail-ecb408418fcc0ceeacce76e86f6200fd0fdd149c.tar.gz firejail-ecb408418fcc0ceeacce76e86f6200fd0fdd149c.tar.zst firejail-ecb408418fcc0ceeacce76e86f6200fd0fdd149c.zip |
bringing back whitelisting /dev
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
2 files changed, 2 insertions, 3 deletions
@@ -25,7 +25,6 @@ firejail (0.9.72) baseline; urgency=low | |||
25 | * modif: disabled tracelog by default in /etc/firejail/firejail.config | 25 | * modif: disabled tracelog by default in /etc/firejail/firejail.config |
26 | (#5190) | 26 | (#5190) |
27 | * modif: removed grsecurity support | 27 | * modif: removed grsecurity support |
28 | * modif: disabled whitelisting for /dev directory | ||
29 | * bugfix: Flood of seccomp audit log entries (#5207) | 28 | * bugfix: Flood of seccomp audit log entries (#5207) |
30 | * bugfix: --netlock does not work (Error: no valid sandbox) (#5312) | 29 | * bugfix: --netlock does not work (Error: no valid sandbox) (#5312) |
31 | * bugfix: Remove invalid --profile-path from --help (#5585 #5586) | 30 | * bugfix: Remove invalid --profile-path from --help (#5585 #5586) |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 4320ae4fc..e5020e37e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -3040,7 +3040,7 @@ $ firejail \-\-net=br0 --veth-name=if0 | |||
3040 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the | 3040 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the |
3041 | whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, | 3041 | whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, |
3042 | everything else is discarded when the sandbox is closed. The top directory can be | 3042 | everything else is discarded when the sandbox is closed. The top directory can be |
3043 | all directories in / (except /dev, /proc and /sys), /sys/module, /run/user/$UID, $HOME and | 3043 | all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and |
3044 | all directories in /usr. | 3044 | all directories in /usr. |
3045 | .br | 3045 | .br |
3046 | 3046 | ||
@@ -3064,7 +3064,7 @@ Example: | |||
3064 | .br | 3064 | .br |
3065 | $ firejail \-\-noprofile \-\-whitelist=~/.mozilla | 3065 | $ firejail \-\-noprofile \-\-whitelist=~/.mozilla |
3066 | .br | 3066 | .br |
3067 | $ firejail \-\-whitelist=/tmp/.X11-unix | 3067 | $ firejail \-\-whitelist=/tmp/.X11-unix \-\-whitelist=/dev/null |
3068 | .br | 3068 | .br |
3069 | $ firejail "\-\-whitelist=/home/username/My Virtual Machines" | 3069 | $ firejail "\-\-whitelist=/home/username/My Virtual Machines" |
3070 | .br | 3070 | .br |