diff options
| author |  netblue30 <netblue30@protonmail.com> | 2024-04-11 09:39:44 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2024-04-11 09:39:44 -0400 |
| commit | 27cd032bed923d01edd859bcebe79b33c3ee18fd (patch) | |
| tree | a8de89a8a96e34cdd05f11b364b9839da45b0da5 /src/man/firejail-profile.5.in | |
| parent | Merge pull request #6305 from kmk3/landlock-amend-empty (diff) | |
| parent | docs: warn about limitations of landlock (diff) | |
| download | firejail-27cd032bed923d01edd859bcebe79b33c3ee18fd.tar.gz firejail-27cd032bed923d01edd859bcebe79b33c3ee18fd.tar.zst firejail-27cd032bed923d01edd859bcebe79b33c3ee18fd.zip | |
Merge pull request #6302 from kmk3/docs-warn-landlock
docs: warn about limitations of landlock
Diffstat (limited to 'src/man/firejail-profile.5.in')
| -rw-r--r-- | src/man/firejail-profile.5.in | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/man/firejail-profile.5.in b/src/man/firejail-profile.5.in index e274a91d1..8c039eb46 100644 --- a/src/man/firejail-profile.5.in +++ b/src/man/firejail-profile.5.in | |||
| @@ -509,30 +509,30 @@ Blacklist all Linux capabilities. | |||
| 509 | Whitelist given Linux capabilities. | 509 | Whitelist given Linux capabilities. |
| 510 | #ifdef HAVE_LANDLOCK | 510 | #ifdef HAVE_LANDLOCK |
| 511 | .TP | 511 | .TP |
| 512 | \fBlandlock.enforce | 512 | \fBlandlock.enforce (experimental) |
| 513 | Enforce the Landlock ruleset. | 513 | Enforce the Landlock ruleset. |
| 514 | .PP | 514 | .PP |
| 515 | Without it, the other Landlock commands have no effect. | 515 | Without it, the other Landlock commands have no effect. |
| 516 | .TP | 516 | .TP |
| 517 | \fBlandlock.fs.read path | 517 | \fBlandlock.fs.read path (experimental) |
| 518 | Create a Landlock ruleset (if it doesn't already exist) and add a read access | 518 | Create a Landlock ruleset (if it doesn't already exist) and add a read access |
| 519 | rule for path. | 519 | rule for path. |
| 520 | .TP | 520 | .TP |
| 521 | \fBlandlock.fs.write path | 521 | \fBlandlock.fs.write path (experimental) |
| 522 | Create a Landlock ruleset (if it doesn't already exist) and add a write access | 522 | Create a Landlock ruleset (if it doesn't already exist) and add a write access |
| 523 | rule for path. | 523 | rule for path. |
| 524 | .TP | 524 | .TP |
| 525 | \fBlandlock.fs.makeipc path | 525 | \fBlandlock.fs.makeipc path (experimental) |
| 526 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that | 526 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that |
| 527 | allows the creation of named pipes (FIFOs) and Unix domain sockets beneath | 527 | allows the creation of named pipes (FIFOs) and Unix domain sockets beneath |
| 528 | the given path. | 528 | the given path. |
| 529 | .TP | 529 | .TP |
| 530 | \fBlandlock.fs.makedev path | 530 | \fBlandlock.fs.makedev path (experimental) |
| 531 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that | 531 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that |
| 532 | allows the creation of block devices and character devices beneath the given | 532 | allows the creation of block devices and character devices beneath the given |
| 533 | path. | 533 | path. |
| 534 | .TP | 534 | .TP |
| 535 | \fBlandlock.fs.execute path | 535 | \fBlandlock.fs.execute path (experimental) |
| 536 | Create a Landlock ruleset (if it doesn't already exist) and add an execution | 536 | Create a Landlock ruleset (if it doesn't already exist) and add an execution |
| 537 | permission rule for path. | 537 | permission rule for path. |
| 538 | #endif | 538 | #endif |