diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-26 09:58:10 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-26 09:58:10 -0400 |
commit | 79e828eaa999a666c7c332e81ac56cb3211486d1 (patch) | |
tree | 0e26d6f0084d7f85dd93d24f8155c1e4f7388e89 /src/man/firejail-profile.txt | |
parent | support ignore command in profile files (diff) | |
download | firejail-79e828eaa999a666c7c332e81ac56cb3211486d1.tar.gz firejail-79e828eaa999a666c7c332e81ac56cb3211486d1.tar.zst firejail-79e828eaa999a666c7c332e81ac56cb3211486d1.zip |
support ignore command in profile files
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 1369fdc91..02a54e685 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -64,7 +64,10 @@ Child process initialized | |||
64 | .RE | 64 | .RE |
65 | 65 | ||
66 | .SH Scripting | 66 | .SH Scripting |
67 | Include and comment support: | 67 | Scripting commands: |
68 | |||
69 | .TP | ||
70 | # this is a comment | ||
68 | 71 | ||
69 | .TP | 72 | .TP |
70 | \f\include other.profile exclude-token | 73 | \f\include other.profile exclude-token |
@@ -83,13 +86,21 @@ Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" | |||
83 | Note: exclude-token is deprecated, use noblacklist command instead. | 86 | Note: exclude-token is deprecated, use noblacklist command instead. |
84 | 87 | ||
85 | .TP | 88 | .TP |
86 | # this is a comment | 89 | \f\noblacklist file_name |
90 | If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow. | ||
91 | |||
92 | Example: "noblacklist ${HOME}/.mozilla" | ||
93 | |||
94 | .TP | ||
95 | \f\ignore command | ||
96 | Ignore command. | ||
97 | |||
98 | Example: "ignore seccomp" | ||
87 | 99 | ||
88 | .SH Filesystem | 100 | .SH Filesystem |
89 | These profile entries define a chroot filesystem built on top of the existing | 101 | These profile entries define a chroot filesystem built on top of the existing |
90 | host filesystem. Each line describes a file element that is removed from | 102 | host filesystem. Each line describes a file element that is removed from |
91 | the filesystem (\fBblacklist\fR), a read-only file or directory (\fBread-only\fR), | 103 | the filesystem (\fBblacklist\fR), a read-only file or directory (\fBread-only\fR), |
92 | a filter for finer control of blacklisting (\fBnoblacklist\fR), | ||
93 | a tmpfs mounted on top of an existing directory (\fBtmpfs\fR), | 104 | a tmpfs mounted on top of an existing directory (\fBtmpfs\fR), |
94 | or mount-bind a directory or file on top of another directory or file (\fBbind\fR). | 105 | or mount-bind a directory or file on top of another directory or file (\fBbind\fR). |
95 | Use \fBprivate\fR to set private mode. | 106 | Use \fBprivate\fR to set private mode. |