diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 23:22:38 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 23:33:11 +0300 |
commit | d01216de45884300c87e7d3ccb70e53ebb461449 (patch) | |
tree | 480519f5849df4c6048a7f62ec97f96e51174c3e /src/man/firejail-profile.txt | |
parent | Merge update after #1483 (diff) | |
download | firejail-d01216de45884300c87e7d3ccb70e53ebb461449.tar.gz firejail-d01216de45884300c87e7d3ccb70e53ebb461449.tar.zst firejail-d01216de45884300c87e7d3ccb70e53ebb461449.zip |
Feature: switch/config option to block secondary architectures
Add a feature for a new (opt-in) command line switch and config file
option to block secondary architectures entirely. Also block changing
Linux execution domain with personality() system call for the primary
architecture.
Closes #1479
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 2a7d926b9..050c3d7e5 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -310,6 +310,10 @@ Enable seccomp filter and blacklist the syscalls in the default list. See man 1 | |||
310 | \fBseccomp syscall,syscall,syscall | 310 | \fBseccomp syscall,syscall,syscall |
311 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. | 311 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. |
312 | .TP | 312 | .TP |
313 | \fBseccomp.block-secondary | ||
314 | Enable seccomp filter and filter system call architectures | ||
315 | so that only the native architecture is allowed. | ||
316 | .TP | ||
313 | \fBseccomp.drop syscall,syscall,syscall | 317 | \fBseccomp.drop syscall,syscall,syscall |
314 | Enable seccomp filter and blacklist the system calls in the list. | 318 | Enable seccomp filter and blacklist the system calls in the list. |
315 | .TP | 319 | .TP |