diff options
author | netblue30 <netblue30@yahoo.com> | 2018-09-01 07:59:40 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-09-01 07:59:40 -0400 |
commit | 07384ab64a4a98ff920e7667795282ae9ad21322 (patch) | |
tree | 10a6408aca31a2f48ee254d577a2481507a67ef2 /src/man/firejail.txt | |
parent | error strings (diff) | |
download | firejail-07384ab64a4a98ff920e7667795282ae9ad21322.tar.gz firejail-07384ab64a4a98ff920e7667795282ae9ad21322.tar.zst firejail-07384ab64a4a98ff920e7667795282ae9ad21322.zip |
--chroot fixes (Debian problem)
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index d7e402e31..c09684596 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -100,7 +100,8 @@ $ firejail --allusers | |||
100 | Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. | 100 | Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. |
101 | .TP | 101 | .TP |
102 | \fB\-\-appimage | 102 | \fB\-\-appimage |
103 | Sandbox an AppImage (https://appimage.org/) application. | 103 | Sandbox an AppImage (https://appimage.org/) application. If the sandbox is started as a |
104 | regular user, default seccomp and capabilities filters are enabled. | ||
104 | .br | 105 | .br |
105 | 106 | ||
106 | .br | 107 | .br |
@@ -272,8 +273,7 @@ Example: | |||
272 | \fB\-\-chroot=dirname | 273 | \fB\-\-chroot=dirname |
273 | Chroot the sandbox into a root filesystem. Unlike the regular filesystem container, | 274 | Chroot the sandbox into a root filesystem. Unlike the regular filesystem container, |
274 | the system directories are mounted read-write. If the sandbox is started as a | 275 | the system directories are mounted read-write. If the sandbox is started as a |
275 | regular user, default seccomp and capabilities filters are enabled. This | 276 | regular user, default seccomp and capabilities filters are enabled. |
276 | option is not available on Grsecurity systems. | ||
277 | .br | 277 | .br |
278 | 278 | ||
279 | .br | 279 | .br |
@@ -1268,6 +1268,7 @@ Similar to \-\-output, but stderr is also stored. | |||
1268 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, | 1268 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, |
1269 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | 1269 | the system directories are mounted read-write. All filesystem modifications go into the overlay. |
1270 | Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<PID> directory. | 1270 | Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<PID> directory. |
1271 | If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled. | ||
1271 | .br | 1272 | .br |
1272 | 1273 | ||
1273 | .br | 1274 | .br |
@@ -1287,6 +1288,7 @@ Mount a filesystem overlay on top of the current filesystem. Unlike the regular | |||
1287 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | 1288 | the system directories are mounted read-write. All filesystem modifications go into the overlay. |
1288 | Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<NAME> directory. | 1289 | Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<NAME> directory. |
1289 | The created overlay can be reused between multiple sessions. | 1290 | The created overlay can be reused between multiple sessions. |
1291 | If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled. | ||
1290 | .br | 1292 | .br |
1291 | 1293 | ||
1292 | .br | 1294 | .br |
@@ -1304,7 +1306,7 @@ $ firejail \-\-overlay-named=jail1 firefox | |||
1304 | \fB\-\-overlay-tmpfs | 1306 | \fB\-\-overlay-tmpfs |
1305 | Mount a filesystem overlay on top of the current filesystem. All filesystem modifications | 1307 | Mount a filesystem overlay on top of the current filesystem. All filesystem modifications |
1306 | are discarded when the sandbox is closed. Directories /run, /tmp and /dev are not covered by the overlay. | 1308 | are discarded when the sandbox is closed. Directories /run, /tmp and /dev are not covered by the overlay. |
1307 | 1309 | If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled. | |
1308 | .br | 1310 | .br |
1309 | 1311 | ||
1310 | .br | 1312 | .br |