diff options
author | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2018-07-09 09:06:06 -0400 |
---|---|---|
committer | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2018-07-09 09:06:06 -0400 |
commit | ea9e77b7ac6059dd4cb63f88133b889897d2b1a3 (patch) | |
tree | 1a7d52133709540014f94622ea8386a53c0b79cf | |
parent | Add personality to allow-debuggers (see #2021) (diff) | |
download | firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.tar.gz firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.tar.zst firejail-ea9e77b7ac6059dd4cb63f88133b889897d2b1a3.zip |
Add documentation for keep-dev-shm option
-rw-r--r-- | src/firejail/usage.c | 3 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 3 | ||||
-rw-r--r-- | src/man/firejail.txt | 10 |
3 files changed, 15 insertions, 1 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index d9ce96f10..804bfb179 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -94,6 +94,7 @@ static char *usage_str = | |||
94 | " --join-network=name|pid - join the network namespace.\n" | 94 | " --join-network=name|pid - join the network namespace.\n" |
95 | #endif | 95 | #endif |
96 | " --join-or-start=name|pid - join the sandbox or start a new one.\n" | 96 | " --join-or-start=name|pid - join the sandbox or start a new one.\n" |
97 | " --keep-dev-shm - /dev/shm directory is untouched (even with --private-dev).\n" | ||
97 | " --keep-var-tmp - /var/tmp directory is untouched.\n" | 98 | " --keep-var-tmp - /var/tmp directory is untouched.\n" |
98 | " --list - list all sandboxes.\n" | 99 | " --list - list all sandboxes.\n" |
99 | #ifdef HAVE_FILE_TRANSFER | 100 | #ifdef HAVE_FILE_TRANSFER |
@@ -212,7 +213,7 @@ static char *usage_str = | |||
212 | " --top - monitor the most CPU-intensive sandboxes.\n" | 213 | " --top - monitor the most CPU-intensive sandboxes.\n" |
213 | " --trace - trace open, access and connect system calls.\n" | 214 | " --trace - trace open, access and connect system calls.\n" |
214 | " --tracelog - add a syslog message for every access to files or\n" | 215 | " --tracelog - add a syslog message for every access to files or\n" |
215 | "\tdirectoires blacklisted by the security profile.\n" | 216 | "\tdirectories blacklisted by the security profile.\n" |
216 | " --tree - print a tree of all sandboxed processes.\n" | 217 | " --tree - print a tree of all sandboxed processes.\n" |
217 | " --version - print program version and exit.\n" | 218 | " --version - print program version and exit.\n" |
218 | #ifdef HAVE_NETWORK | 219 | #ifdef HAVE_NETWORK |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 50455b038..767cf89f4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -233,6 +233,9 @@ The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin. | |||
233 | Create a new /dev directory. Only disc, dri, null, full, zero, tty, pts, ptmx, | 233 | Create a new /dev directory. Only disc, dri, null, full, zero, tty, pts, ptmx, |
234 | random, snd, urandom, video, log and shm devices are available. | 234 | random, snd, urandom, video, log and shm devices are available. |
235 | .TP | 235 | .TP |
236 | \fBkeep-dev-shm | ||
237 | /dev/shm directory is untouched (even with private-dev). | ||
238 | .TP | ||
236 | \fBprivate-etc file,directory | 239 | \fBprivate-etc file,directory |
237 | Build a new /etc in a temporary | 240 | Build a new /etc in a temporary |
238 | filesystem, and copy the files and directories in the list. | 241 | filesystem, and copy the files and directories in the list. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 24d4bbd8c..74a9a9da9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -678,6 +678,16 @@ Same as "firejail --join=name" if sandbox with specified name exists, otherwise | |||
678 | Note that in contrary to other join options there is respective profile option. | 678 | Note that in contrary to other join options there is respective profile option. |
679 | 679 | ||
680 | .TP | 680 | .TP |
681 | \fB\-\-keep-dev-shm | ||
682 | /dev/shm directory is untouched (even with --private-dev) | ||
683 | .br | ||
684 | |||
685 | .br | ||
686 | Example: | ||
687 | .br | ||
688 | $ firejail --keep-dev-shm --private-dev | ||
689 | |||
690 | .TP | ||
681 | \fB\-\-keep-var-tmp | 691 | \fB\-\-keep-var-tmp |
682 | /var/tmp directory is untouched. | 692 | /var/tmp directory is untouched. |
683 | .br | 693 | .br |