diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-05-25 09:47:35 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-05-25 09:47:35 -0400 |
| commit | 8ddba33900df5cc7e816dde2f2b4c453f37b32e6 (patch) | |
| tree | 4e947965d0eebf221d2ed6ed699cfdaaabeb4f14 /src/firejail/usage.c | |
| parent | Merge pull request #534 from ValdikSS/extra-profiles (diff) | |
| parent | Add force-nonewprivs setting (diff) | |
| download | firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.tar.gz firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.tar.zst firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.zip | |
Merge pull request #536 from KellerFuchs/no_new_privs
Enable using the NO_NEW_PRIVS prctl(2) flag
Diffstat (limited to 'src/firejail/usage.c')
| -rw-r--r-- | src/firejail/usage.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index ef02c0d72..45bf2e3b1 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
| @@ -157,6 +157,9 @@ void usage(void) { | |||
| 157 | printf("\tuser. root user does not exist in the new namespace. This option\n"); | 157 | printf("\tuser. root user does not exist in the new namespace. This option\n"); |
| 158 | printf("\tis not supported for --chroot and --overlay configurations.\n\n"); | 158 | printf("\tis not supported for --chroot and --overlay configurations.\n\n"); |
| 159 | #endif | 159 | #endif |
| 160 | printf(" --nonewprivs - sets the NO_NEW_PRIVS prctl - the child processes\n"); | ||
| 161 | printf("\tcannot gain privileges using execve(2); in particular, this prevents\n"); | ||
| 162 | printf("\tgaining privileges by calling a suid binary\n\n"); | ||
| 160 | printf(" --nosound - disable sound system.\n\n"); | 163 | printf(" --nosound - disable sound system.\n\n"); |
| 161 | 164 | ||
| 162 | printf(" --output=logfile - stdout logging and log rotation. Copy stdout and stderr\n"); | 165 | printf(" --output=logfile - stdout logging and log rotation. Copy stdout and stderr\n"); |