diff options
author | netblue30 <netblue30@yahoo.com> | 2016-05-25 09:47:35 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-05-25 09:47:35 -0400 |
commit | 8ddba33900df5cc7e816dde2f2b4c453f37b32e6 (patch) | |
tree | 4e947965d0eebf221d2ed6ed699cfdaaabeb4f14 /README.md | |
parent | Merge pull request #534 from ValdikSS/extra-profiles (diff) | |
parent | Add force-nonewprivs setting (diff) | |
download | firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.tar.gz firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.tar.zst firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.zip |
Merge pull request #536 from KellerFuchs/no_new_privs
Enable using the NO_NEW_PRIVS prctl(2) flag
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -207,6 +207,13 @@ The following features can be enabled or disabled: | |||
207 | 207 | ||
208 | x11 Enable or disable X11 sandboxing support, default enabled. | 208 | x11 Enable or disable X11 sandboxing support, default enabled. |
209 | 209 | ||
210 | force-nonewprivs | ||
211 | Force use of theh NO_NEW_PRIVS prctl(2) flag. | ||
212 | This mitigates the possibility of a user abusing firejail's | ||
213 | features to trick a privileged (suid or file capabilities) | ||
214 | process into loading code or configuration that is partially | ||
215 | under their control. Default disabled | ||
216 | |||
210 | xephyr-screen | 217 | xephyr-screen |
211 | Screen size for --x11=xephyr, default 800x600. Run | 218 | Screen size for --x11=xephyr, default 800x600. Run |
212 | /usr/bin/xrandr for a full list of resolutions available on your | 219 | /usr/bin/xrandr for a full list of resolutions available on your |