diff options
author | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-05-25 14:59:30 +0200 |
---|---|---|
committer | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-05-25 15:01:13 +0200 |
commit | 1c0428dba28299b66380c8c05770d6619383d758 (patch) | |
tree | 9930a2e13d8b9b7c51228af50db9337b31e456a2 /README.md | |
parent | Document nonewprivs (diff) | |
download | firejail-1c0428dba28299b66380c8c05770d6619383d758.tar.gz firejail-1c0428dba28299b66380c8c05770d6619383d758.tar.zst firejail-1c0428dba28299b66380c8c05770d6619383d758.zip |
Add force-nonewprivs setting
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -207,6 +207,13 @@ The following features can be enabled or disabled: | |||
207 | 207 | ||
208 | x11 Enable or disable X11 sandboxing support, default enabled. | 208 | x11 Enable or disable X11 sandboxing support, default enabled. |
209 | 209 | ||
210 | force-nonewprivs | ||
211 | Force use of theh NO_NEW_PRIVS prctl(2) flag. | ||
212 | This mitigates the possibility of a user abusing firejail's | ||
213 | features to trick a privileged (suid or file capabilities) | ||
214 | process into loading code or configuration that is partially | ||
215 | under their control. Default disabled | ||
216 | |||
210 | xephyr-screen | 217 | xephyr-screen |
211 | Screen size for --x11=xephyr, default 800x600. Run | 218 | Screen size for --x11=xephyr, default 800x600. Run |
212 | /usr/bin/xrandr for a full list of resolutions available on your | 219 | /usr/bin/xrandr for a full list of resolutions available on your |