diff options
author | netblue30 <netblue30@yahoo.com> | 2015-09-10 08:15:42 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-09-10 08:15:42 -0400 |
commit | 79db355e0ac8ef96ba499488a4beb9ad7ff9a67c (patch) | |
tree | c98205359224bb1a0b6f2723755ec906f210d15c /src/man/firejail-profile.txt | |
parent | implemented --whitelist option (diff) | |
download | firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.tar.gz firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.tar.zst firejail-79db355e0ac8ef96ba499488a4beb9ad7ff9a67c.zip |
0.9.30-rc10.9.30-rc1
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 1473c5889..470cade7e 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -10,7 +10,7 @@ firejail \-\-profile=filename.profile | |||
10 | Several command line options can be passed to the program using | 10 | Several command line options can be passed to the program using |
11 | profile files. Firejail chooses the profile file as follows: | 11 | profile files. Firejail chooses the profile file as follows: |
12 | 12 | ||
13 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. | 13 | 1. If a profile file is provided by the user with \-\-profile option, the profile file is loaded. |
14 | Example: | 14 | Example: |
15 | .PP | 15 | .PP |
16 | .RS | 16 | .RS |
@@ -120,7 +120,7 @@ Remove ifconfig command from the regular path directories. | |||
120 | \f\blacklist ${HOME}/.ssh | 120 | \f\blacklist ${HOME}/.ssh |
121 | Remove .ssh directory from user home directory. | 121 | Remove .ssh directory from user home directory. |
122 | .TP | 122 | .TP |
123 | \f\ noblacklist ${HOME}/config/evince | 123 | \f\noblacklist ${HOME}/config/evince |
124 | Prevent any new blacklist commands from blacklisting | 124 | Prevent any new blacklist commands from blacklisting |
125 | config/evince in the user home directory. Useful for defining | 125 | config/evince in the user home directory. Useful for defining |
126 | exceptions before including a large blacklist from a file. Note | 126 | exceptions before including a large blacklist from a file. Note |
@@ -149,6 +149,11 @@ Create a new /dev directory. Only null, full, zero, tty, pts, ptmx, random, uran | |||
149 | Build a new /etc in a temporary | 149 | Build a new /etc in a temporary |
150 | filesystem, and copy the files and directories in the list. | 150 | filesystem, and copy the files and directories in the list. |
151 | All modifications are discarded when the sandbox is closed. | 151 | All modifications are discarded when the sandbox is closed. |
152 | .TP | ||
153 | \f\whitelist file_or_directory | ||
154 | Build a new user home in a temporary filesystem, and mount-bind file_or_directory. | ||
155 | The modifications to file_or_directory are persistent, everything else is discarded | ||
156 | when the sandbox is closed. | ||
152 | 157 | ||
153 | .SH Filters | 158 | .SH Filters |
154 | \fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples: | 159 | \fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples: |