diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-03-31 10:03:06 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-04-11 05:54:40 -0300 |
commit | d79547ca979c6b63bd9ccb78a6c31136658a31a6 (patch) | |
tree | 4990f36a51910d1f6d7ee38af0989e55e7a3b01c /src/man/firejail-profile.5.in | |
parent | RELNOTES: add profile items (diff) | |
download | firejail-d79547ca979c6b63bd9ccb78a6c31136658a31a6.tar.gz firejail-d79547ca979c6b63bd9ccb78a6c31136658a31a6.tar.zst firejail-d79547ca979c6b63bd9ccb78a6c31136658a31a6.zip |
docs: warn about limitations of landlock
And mark it as experimental.
Relates to #6078.
Diffstat (limited to 'src/man/firejail-profile.5.in')
-rw-r--r-- | src/man/firejail-profile.5.in | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/man/firejail-profile.5.in b/src/man/firejail-profile.5.in index e274a91d1..8c039eb46 100644 --- a/src/man/firejail-profile.5.in +++ b/src/man/firejail-profile.5.in | |||
@@ -509,30 +509,30 @@ Blacklist all Linux capabilities. | |||
509 | Whitelist given Linux capabilities. | 509 | Whitelist given Linux capabilities. |
510 | #ifdef HAVE_LANDLOCK | 510 | #ifdef HAVE_LANDLOCK |
511 | .TP | 511 | .TP |
512 | \fBlandlock.enforce | 512 | \fBlandlock.enforce (experimental) |
513 | Enforce the Landlock ruleset. | 513 | Enforce the Landlock ruleset. |
514 | .PP | 514 | .PP |
515 | Without it, the other Landlock commands have no effect. | 515 | Without it, the other Landlock commands have no effect. |
516 | .TP | 516 | .TP |
517 | \fBlandlock.fs.read path | 517 | \fBlandlock.fs.read path (experimental) |
518 | Create a Landlock ruleset (if it doesn't already exist) and add a read access | 518 | Create a Landlock ruleset (if it doesn't already exist) and add a read access |
519 | rule for path. | 519 | rule for path. |
520 | .TP | 520 | .TP |
521 | \fBlandlock.fs.write path | 521 | \fBlandlock.fs.write path (experimental) |
522 | Create a Landlock ruleset (if it doesn't already exist) and add a write access | 522 | Create a Landlock ruleset (if it doesn't already exist) and add a write access |
523 | rule for path. | 523 | rule for path. |
524 | .TP | 524 | .TP |
525 | \fBlandlock.fs.makeipc path | 525 | \fBlandlock.fs.makeipc path (experimental) |
526 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that | 526 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that |
527 | allows the creation of named pipes (FIFOs) and Unix domain sockets beneath | 527 | allows the creation of named pipes (FIFOs) and Unix domain sockets beneath |
528 | the given path. | 528 | the given path. |
529 | .TP | 529 | .TP |
530 | \fBlandlock.fs.makedev path | 530 | \fBlandlock.fs.makedev path (experimental) |
531 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that | 531 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that |
532 | allows the creation of block devices and character devices beneath the given | 532 | allows the creation of block devices and character devices beneath the given |
533 | path. | 533 | path. |
534 | .TP | 534 | .TP |
535 | \fBlandlock.fs.execute path | 535 | \fBlandlock.fs.execute path (experimental) |
536 | Create a Landlock ruleset (if it doesn't already exist) and add an execution | 536 | Create a Landlock ruleset (if it doesn't already exist) and add an execution |
537 | permission rule for path. | 537 | permission rule for path. |
538 | #endif | 538 | #endif |