diff options
author | smitsohu <smitsohu@gmail.com> | 2022-01-18 03:08:04 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-01-18 03:10:43 +0100 |
commit | d0c3b2bee90a2089a126ec2d530a11cbcf4d87cd (patch) | |
tree | 56855edebb04e00533bec789fd55a5a4b171241d /README.md | |
parent | following up 493a0ef306a8b610f3ed6a1b88a4dbea25e8498b (diff) | |
download | firejail-d0c3b2bee90a2089a126ec2d530a11cbcf4d87cd.tar.gz firejail-d0c3b2bee90a2089a126ec2d530a11cbcf4d87cd.tar.zst firejail-d0c3b2bee90a2089a126ec2d530a11cbcf4d87cd.zip |
relnotes
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 21 |
1 files changed, 20 insertions, 1 deletions
@@ -283,6 +283,25 @@ INTRUSION DETECTION SYSTEM (IDS) | |||
283 | 283 | ||
284 | ````` | 284 | ````` |
285 | 285 | ||
286 | ### File descriptors | ||
287 | ````` | ||
288 | --keep-fd=all | ||
289 | Inherit all open file descriptors to the sandbox. By default | ||
290 | only file descriptors 0, 1 and 2 are inherited to the sandbox, | ||
291 | and all other file descriptors are closed. | ||
292 | |||
293 | Example: | ||
294 | $ firejail --keep-fd=all | ||
295 | |||
296 | --keep-fd=file_descriptor | ||
297 | Don't close specified open file descriptors. By default only | ||
298 | file descriptors 0, 1 and 2 are inherited to the sandbox, and | ||
299 | all other file descriptors are closed. | ||
300 | |||
301 | Example: | ||
302 | $ firejail --keep-fd=3,4,5 | ||
303 | ````` | ||
304 | |||
286 | ### Deteministic Shutdown | 305 | ### Deteministic Shutdown |
287 | ````` | 306 | ````` |
288 | --deterministic-exit-code | 307 | --deterministic-exit-code |
@@ -298,7 +317,7 @@ INTRUSION DETECTION SYSTEM (IDS) | |||
298 | 317 | ||
299 | ### Network Monitor | 318 | ### Network Monitor |
300 | ````` | 319 | ````` |
301 | --nettrace=name|pid | 320 | --nettrace=name|pid |
302 | Monitor TCP and UDP traffic coming into the sandbox specified by | 321 | Monitor TCP and UDP traffic coming into the sandbox specified by |
303 | name or pid. Only networked sandboxes created with --net are | 322 | name or pid. Only networked sandboxes created with --net are |
304 | supported. | 323 | supported. |