diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-08-17 08:32:28 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-08-17 08:32:28 -0400 |
| commit | 00822ba08cf16616473665dac6d1b9240a185872 (patch) | |
| tree | 9640ea1fc44f6b01fb64d4f05b024b27cddfbb9e /src/man/firejail-profile.txt | |
| parent | --net=none documentation (diff) | |
| download | firejail-00822ba08cf16616473665dac6d1b9240a185872.tar.gz firejail-00822ba08cf16616473665dac6d1b9240a185872.tar.zst firejail-00822ba08cf16616473665dac6d1b9240a185872.zip | |
memory-deny-write-execute
Diffstat (limited to 'src/man/firejail-profile.txt')
| -rw-r--r-- | src/man/firejail-profile.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 5bd4f6ef8..9dafb3c65 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -312,6 +312,11 @@ Enable seccomp filter and blacklist the system calls in the list. | |||
| 312 | \fBseccomp.keep syscall,syscall,syscall | 312 | \fBseccomp.keep syscall,syscall,syscall |
| 313 | Enable seccomp filter and whitelist the system calls in the list. | 313 | Enable seccomp filter and whitelist the system calls in the list. |
| 314 | .TP | 314 | .TP |
| 315 | \fBmemory-deny-write-execute | ||
| 316 | Install a seccomp filter to block attempts to create memory mappings | ||
| 317 | that are both writable and executable, to change mappings to be | ||
| 318 | executable or to create executable shared memory. | ||
| 319 | .TP | ||
| 315 | \fBnonewprivs | 320 | \fBnonewprivs |
| 316 | Sets the NO_NEW_PRIVS prctl. This ensures that child processes | 321 | Sets the NO_NEW_PRIVS prctl. This ensures that child processes |
| 317 | cannot acquire new privileges using execve(2); in particular, | 322 | cannot acquire new privileges using execve(2); in particular, |