docs and comment updates

adds sorting to syscall list in firejail man page
author: smitsohu <smitsohu@gmail.com> 2018-04-20 20:32:43 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-04-20 20:41:13 +0200
commit: 5395e525f68f2fcf78e933f731b1da0009f64149 (patch)
tree: d482748f7b8eaf3d41db03ea435dee2a52c8d98b /etc/firejail-default
parent: merges (diff)
download: firejail-5395e525f68f2fcf78e933f731b1da0009f64149.tar.gz
firejail-5395e525f68f2fcf78e933f731b1da0009f64149.tar.zst
firejail-5395e525f68f2fcf78e933f731b1da0009f64149.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/firejail-default b/etc/firejail-default
index 2e48439f5..5cfb1b5ea 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -21,10 +21,10 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) {
 #dbus,
 ##########
-# Allows to attach to a running program and modify the process memory.
+# With ptrace it is possible to inspect and hijack running programs. Usually this
-# May be needed by chromium crash handler. Uncomment if you need it.
+# is needed only for debugging. To allow ptrace, uncomment the following line
 ##########
-#ptrace (trace tracedby),
+#ptrace,
 ##########
 # Line starting with /run/firejail/mnt/oroot deal with --overlay sandboxes
@@ -133,8 +133,8 @@ network raw,
 signal,
 ##########
-# We let Firejail deal with capabilities,
+# We let Firejail deal with capabilities, but ensure that
-# but mac_admin should be dropped in any case.
+# some AppArmor related capabilities will not be available.
 ##########
 capability chown,
 capability dac_override,
author	smitsohu <smitsohu@gmail.com>	2018-04-20 20:32:43 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-04-20 20:41:13 +0200
commit	5395e525f68f2fcf78e933f731b1da0009f64149 (patch)
tree	d482748f7b8eaf3d41db03ea435dee2a52c8d98b /etc/firejail-default
parent	merges (diff)
download	firejail-5395e525f68f2fcf78e933f731b1da0009f64149.tar.gz firejail-5395e525f68f2fcf78e933f731b1da0009f64149.tar.zst firejail-5395e525f68f2fcf78e933f731b1da0009f64149.zip

diff --git a/etc/firejail-default b/etc/firejail-default index 2e48439f5..5cfb1b5ea 100644 --- a/etc/firejail-default +++ b/etc/firejail-default
@@ -21,10 +21,10 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) {
21	#dbus,	21	#dbus,
22		22
23	##########	23	##########
24	# Allows to attach to a running program and modify the process memory.	24	# With ptrace it is possible to inspect and hijack running programs. Usually this
25	# May be needed by chromium crash handler. Uncomment if you need it.	25	# is needed only for debugging. To allow ptrace, uncomment the following line
26	##########	26	##########
27	#ptrace (trace tracedby),	27	#ptrace,
28		28
29	##########	29	##########
30	# Line starting with /run/firejail/mnt/oroot deal with --overlay sandboxes	30	# Line starting with /run/firejail/mnt/oroot deal with --overlay sandboxes
@@ -133,8 +133,8 @@ network raw,
133	signal,	133	signal,
134		134
135	##########	135	##########
136	# We let Firejail deal with capabilities,	136	# We let Firejail deal with capabilities, but ensure that
137	# but mac_admin should be dropped in any case.	137	# some AppArmor related capabilities will not be available.
138	##########	138	##########
139	capability chown,	139	capability chown,
140	capability dac_override,	140	capability dac_override,