diff options
author | Азалия Смарагдова <charming.flurry@yandex.ru> | 2022-08-16 12:03:50 +0500 |
---|---|---|
committer | Азалия Смарагдова <charming.flurry@yandex.ru> | 2022-08-16 12:03:50 +0500 |
commit | 460fa7a6f98cc1e7aec2953e6523f32677d546c7 (patch) | |
tree | eaebba9e4ed52d6ea22b428e98fef42854fc3efb /src/man/firejail-profile.txt | |
parent | Update quotation marks in src/zsh_completion/_firejail.in (diff) | |
download | firejail-460fa7a6f98cc1e7aec2953e6523f32677d546c7.tar.gz firejail-460fa7a6f98cc1e7aec2953e6523f32677d546c7.tar.zst firejail-460fa7a6f98cc1e7aec2953e6523f32677d546c7.zip |
Proposed fixes.
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 6e75aceed..1f543980e 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -499,23 +499,31 @@ Blacklist all Linux capabilities. | |||
499 | Whitelist given Linux capabilities. | 499 | Whitelist given Linux capabilities. |
500 | #ifdef HAVE_LANDLOCK | 500 | #ifdef HAVE_LANDLOCK |
501 | .TP | 501 | .TP |
502 | \fBlandlock-read path | 502 | \fBlandlock |
503 | Create a Landlock ruleset (if it doesn't already exist) and add a read access rule for path. Note: if a process doesn't have CAP_SYS_ADMIN and the "No New Privileges" restriction is not enabled, the Landlock self-restriction will fail and Firejail will exit with an error. | 503 | Create a Landlock ruleset (if it doesn't already exist) and add basic access rules to it. |
504 | .br | ||
505 | .TP | ||
506 | \fBlandlock.proc no|ro|rw | ||
507 | Add an access rule for /proc directory (read-only if set to \fBro\fR and read-write if set to \fBrw\fR). The access rule for /proc is added after this directory is set up in the sandbox. Access rules for /proc set up with other Landlock-related profile options have no effect. | ||
508 | .br | ||
509 | .TP | ||
510 | \fBlandlock.read path | ||
511 | Create a Landlock ruleset (if it doesn't already exist) and add a read access rule for path. | ||
504 | .br | 512 | .br |
505 | 513 | ||
506 | .TP | 514 | .TP |
507 | \fBlandlock-write path | 515 | \fBlandlock.write path |
508 | Create a Landlock ruleset (if it doesn't already exist) and add a write access rule for path. Note: if a process doesn't have CAP_SYS_ADMIN and the "No New Privileges" restriction is not enabled, the Landlock self-restriction will fail and Firejail will exit with an error. | 516 | Create a Landlock ruleset (if it doesn't already exist) and add a write access rule for path. |
509 | .br | 517 | .br |
510 | 518 | ||
511 | .TP | 519 | .TP |
512 | \fBlandlock-restricted-write path | 520 | \fBlandlock.special path |
513 | Create a Landlock ruleset (if it doesn't already exist) and add a write access rule for path. This type of write access doesn't include the permission to create Unix domain sockets, FIFO pipes and block devices. Note: if a process doesn't have CAP_SYS_ADMIN and the "No New Privileges" restriction is not enabled, the Landlock self-restriction will fail and Firejail will exit with an error. | 521 | Create a Landlock ruleset (if it doesn't already exist) and add an access rule for creation of FIFO pipes, Unix-domain sockets and block devices beneath given path. |
514 | .br | 522 | .br |
515 | 523 | ||
516 | .TP | 524 | .TP |
517 | \fBlandlock-execute path | 525 | \fBlandlock.execute path |
518 | Create a Landlock ruleset (if it doesn't already exist) and add an execution permission rule for path. Note: if a process doesn't have CAP_SYS_ADMIN and the "No New Privileges" restriction is not enabled, the Landlock self-restriction will fail and Firejail will exit with an error. | 526 | Create a Landlock ruleset (if it doesn't already exist) and add an execution permission rule for path. |
519 | .br | 527 | .br |
520 | #endif | 528 | #endif |
521 | .TP | 529 | .TP |