diff options
author | Reiner Herrmann <reiner@reiner-h.de> | 2021-06-21 23:10:09 +0200 |
---|---|---|
committer | Reiner Herrmann <reiner@reiner-h.de> | 2021-06-21 23:10:09 +0200 |
commit | 0f0325459e211ff31895ed7cbbbaae6c2c6ae9a2 (patch) | |
tree | 0875693a6ceef54818511972601d587a09a1aab4 /src/man/firejail-profile.txt | |
parent | style: grammer and codestyle improvements (diff) | |
parent | creating alpine.profile (#4350) (diff) | |
download | firejail-0f0325459e211ff31895ed7cbbbaae6c2c6ae9a2.tar.gz firejail-0f0325459e211ff31895ed7cbbbaae6c2c6ae9a2.tar.zst firejail-0f0325459e211ff31895ed7cbbbaae6c2c6ae9a2.zip |
Merge branch 'master' into kuesji/master
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 12e841af5..db58e0910 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -420,7 +420,7 @@ Make directory or file read-only. | |||
420 | Make directory or file read-write. | 420 | Make directory or file read-write. |
421 | .TP | 421 | .TP |
422 | \fBtmpfs directory | 422 | \fBtmpfs directory |
423 | Mount an empty tmpfs filesystem on top of directory. This option is available only when running the sandbox as root. | 423 | Mount an empty tmpfs filesystem on top of directory. Directories outside user home or not owned by the user are not allowed. Sandboxes running as root are exempt from these restrictions. |
424 | .TP | 424 | .TP |
425 | \fBtracelog | 425 | \fBtracelog |
426 | Blacklist violations logged to syslog. | 426 | Blacklist violations logged to syslog. |
@@ -428,8 +428,9 @@ Blacklist violations logged to syslog. | |||
428 | \fBwhitelist file_or_directory | 428 | \fBwhitelist file_or_directory |
429 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the | 429 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the |
430 | whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, | 430 | whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, |
431 | everything else is discarded when the sandbox is closed. The top directory could be | 431 | everything else is discarded when the sandbox is closed. The top directory can be |
432 | user home, /dev, /etc, /media, /mnt, /opt, /srv, /sys/module, /usr/share, /var, and /tmp. | 432 | all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and |
433 | all directories in /usr. | ||
433 | .br | 434 | .br |
434 | 435 | ||
435 | .br | 436 | .br |