--noexec

author: netblue30 <netblue30@yahoo.com> 2016-07-10 10:08:53 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-07-10 10:08:53 -0400
commit: a344c555ff282c23a8274d10ad0f75eb4fae6836 (patch)
tree: b86fde69dc1cb71a476745c974196735d694952a /README.md
parent: noexec inside /var directory (diff)
download: firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.gz
firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.zst
firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.zip
1 files changed, 21 insertions, 2 deletions
diff --git a/README.md b/README.md
index c16a32e62..a60c8dd7f 100644
--- a/README.md
+++ b/README.md
@@ -90,9 +90,28 @@ AUDIT
       Limitations: audit feature is not implemented for --x11 commands.
 `````
-## --private-dev enhancements - work in progress!
+## --noexec
+`````
+       --noexec=dirname_or_filename
+              Remount directory or file noexec, nodev and nosuid.
+              Example:
+              $ firejail --noexec=/tmp
+              /etc and /var are noexec by default. If there are more than one
+              mount operation on the path of the file  or  directory,  noexec
+              should  be  applied to the last one. Always check if the change
+              took effect inside the sandbox.
+`````
-The following devices are added to --private-dev list.
+## --rmenv
+`````
+      --rmenv=name
+              Remove environment variable in the new sandbox.
+              Example:
+              $ firejail --rmenv=DBUS_SESSION_BUS_ADDRESS
+`````
 ## Converting profiles to private-bin - work in progress!
author	netblue30 <netblue30@yahoo.com>	2016-07-10 10:08:53 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-07-10 10:08:53 -0400
commit	a344c555ff282c23a8274d10ad0f75eb4fae6836 (patch)
tree	b86fde69dc1cb71a476745c974196735d694952a /README.md
parent	noexec inside /var directory (diff)
download	firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.gz firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.zst firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.zip

diff --git a/README.md b/README.md index c16a32e62..a60c8dd7f 100644 --- a/README.md +++ b/README.md
@@ -90,9 +90,28 @@ AUDIT
90	Limitations: audit feature is not implemented for --x11 commands.	90	Limitations: audit feature is not implemented for --x11 commands.
91	`````	91	`````
92		92
93	## --private-dev enhancements - work in progress!	93	## --noexec
		94	`````
		95	--noexec=dirname_or_filename
		96	Remount directory or file noexec, nodev and nosuid.
		97
		98	Example:
		99	$ firejail --noexec=/tmp
		100
		101	/etc and /var are noexec by default. If there are more than one
		102	mount operation on the path of the file or directory, noexec
		103	should be applied to the last one. Always check if the change
		104	took effect inside the sandbox.
		105	`````
94		106
95	The following devices are added to --private-dev list.	107	## --rmenv
		108	`````
		109	--rmenv=name
		110	Remove environment variable in the new sandbox.
		111
		112	Example:
		113	$ firejail --rmenv=DBUS_SESSION_BUS_ADDRESS
		114	`````
96		115
97	## Converting profiles to private-bin - work in progress!	116	## Converting profiles to private-bin - work in progress!
98		117