diff options
author | netblue30 <netblue30@protonmail.com> | 2022-03-29 11:42:33 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-29 11:42:33 -0400 |
commit | 06c70b4b25f9505107ffc48d1f4b01cc54bcde11 (patch) | |
tree | 384a099fa3f24e41266ba103a72359e37e8fe1ca | |
parent | Merge pull request #5077 from kmk3/dc-add-pkcs11 (diff) | |
parent | docs: mention capabilities(7) on --caps (diff) | |
download | firejail-06c70b4b25f9505107ffc48d1f4b01cc54bcde11.tar.gz firejail-06c70b4b25f9505107ffc48d1f4b01cc54bcde11.tar.zst firejail-06c70b4b25f9505107ffc48d1f4b01cc54bcde11.zip |
Merge pull request #5078 from kmk3/docs-mention-caps-man
docs: mention capabilities(7) on --caps
-rw-r--r-- | src/man/firejail-profile.txt | 1 | ||||
-rw-r--r-- | src/man/firejail.txt | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 3dd339d94..0fe434fac 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -483,6 +483,7 @@ Enable AppArmor confinement. | |||
483 | .TP | 483 | .TP |
484 | \fBcaps | 484 | \fBcaps |
485 | Enable default Linux capabilities filter. | 485 | Enable default Linux capabilities filter. |
486 | See capabilities(7) for details. | ||
486 | .TP | 487 | .TP |
487 | \fBcaps.drop capability,capability,capability | 488 | \fBcaps.drop capability,capability,capability |
488 | Blacklist given Linux capabilities. | 489 | Blacklist given Linux capabilities. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 41171a4e7..7cb1c7e89 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -216,6 +216,7 @@ not change the execution of firejail. | |||
216 | Linux capabilities is a kernel feature designed to split up the root privilege into a set of distinct privileges. | 216 | Linux capabilities is a kernel feature designed to split up the root privilege into a set of distinct privileges. |
217 | These privileges can be enabled or disabled independently, thus restricting what a process running | 217 | These privileges can be enabled or disabled independently, thus restricting what a process running |
218 | as root can do in the system. | 218 | as root can do in the system. |
219 | See capabilities(7) for details. | ||
219 | 220 | ||
220 | By default root programs run with all capabilities enabled. \-\-caps option disables the following capabilities: | 221 | By default root programs run with all capabilities enabled. \-\-caps option disables the following capabilities: |
221 | CAP_SYS_MODULE, CAP_SYS_RAWIO, | 222 | CAP_SYS_MODULE, CAP_SYS_RAWIO, |