diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-08-29 11:25:34 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-09-05 01:07:41 -0300 |
commit | 97874c3bf923798b0e3ab119d169aaa9b1314221 (patch) | |
tree | 469c6f3ecc707becb9472432396910e9874f7b6a /src/man/firejail-profile.txt | |
parent | Revert "compile fix" (diff) | |
download | firejail-97874c3bf923798b0e3ab119d169aaa9b1314221.tar.gz firejail-97874c3bf923798b0e3ab119d169aaa9b1314221.tar.zst firejail-97874c3bf923798b0e3ab119d169aaa9b1314221.zip |
Revert "Merge pull request #5315 from ChrysoliteAzalea/landlock"
This reverts commit 54cb3e741e972c754e595d56de0bca0792299f83, reversing
changes made to 97b1e02d5f4dca4261dc9928f8a5ebf8966682d7.
There were many issues and requests for changes raised in the pull
request (both code-wise and design-wise) and most of them are still
unresolved[1].
[1] https://github.com/netblue30/firejail/pull/5315
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 1f543980e..138aae8af 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -497,35 +497,6 @@ Blacklist all Linux capabilities. | |||
497 | .TP | 497 | .TP |
498 | \fBcaps.keep capability,capability,capability | 498 | \fBcaps.keep capability,capability,capability |
499 | Whitelist given Linux capabilities. | 499 | Whitelist given Linux capabilities. |
500 | #ifdef HAVE_LANDLOCK | ||
501 | .TP | ||
502 | \fBlandlock | ||
503 | Create a Landlock ruleset (if it doesn't already exist) and add basic access rules to it. | ||
504 | .br | ||
505 | .TP | ||
506 | \fBlandlock.proc no|ro|rw | ||
507 | Add an access rule for /proc directory (read-only if set to \fBro\fR and read-write if set to \fBrw\fR). The access rule for /proc is added after this directory is set up in the sandbox. Access rules for /proc set up with other Landlock-related profile options have no effect. | ||
508 | .br | ||
509 | .TP | ||
510 | \fBlandlock.read path | ||
511 | Create a Landlock ruleset (if it doesn't already exist) and add a read access rule for path. | ||
512 | .br | ||
513 | |||
514 | .TP | ||
515 | \fBlandlock.write path | ||
516 | Create a Landlock ruleset (if it doesn't already exist) and add a write access rule for path. | ||
517 | .br | ||
518 | |||
519 | .TP | ||
520 | \fBlandlock.special path | ||
521 | Create a Landlock ruleset (if it doesn't already exist) and add an access rule for creation of FIFO pipes, Unix-domain sockets and block devices beneath given path. | ||
522 | .br | ||
523 | |||
524 | .TP | ||
525 | \fBlandlock.execute path | ||
526 | Create a Landlock ruleset (if it doesn't already exist) and add an execution permission rule for path. | ||
527 | .br | ||
528 | #endif | ||
529 | .TP | 500 | .TP |
530 | \fBmemory-deny-write-execute | 501 | \fBmemory-deny-write-execute |
531 | Install a seccomp filter to block attempts to create memory mappings | 502 | Install a seccomp filter to block attempts to create memory mappings |