diff options
author | netblue30 <netblue30@yahoo.com> | 2016-05-18 13:22:15 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-05-18 13:22:15 -0400 |
commit | 2a57a24561e3382059e199cac8aa8bba1bab44a0 (patch) | |
tree | af9f0d1afc3ef4551b0bec97983607af6fd267e2 /src/man/firejail.txt | |
parent | 0.9.40 testing (diff) | |
download | firejail-2a57a24561e3382059e199cac8aa8bba1bab44a0.tar.gz firejail-2a57a24561e3382059e199cac8aa8bba1bab44a0.tar.zst firejail-2a57a24561e3382059e199cac8aa8bba1bab44a0.zip |
--read-only fix
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 29a84f71e..e3a660286 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -153,14 +153,7 @@ Example: | |||
153 | .br | 153 | .br |
154 | $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ | 154 | $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ |
155 | setuid /etc/init.d/nginx start | 155 | setuid /etc/init.d/nginx start |
156 | .br | ||
157 | 156 | ||
158 | .br | ||
159 | A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories | ||
160 | should be made read-only independently. Making a parent directory read-only, will not | ||
161 | make the whitelist read-only. Example: | ||
162 | .br | ||
163 | $ firejail --whitelist=~/work --read-only=~/ --read-only=~/work | ||
164 | .TP | 157 | .TP |
165 | \fB\-\-caps.print=name|pid | 158 | \fB\-\-caps.print=name|pid |
166 | Print the caps filter for the sandbox identified by name or by PID. | 159 | Print the caps filter for the sandbox identified by name or by PID. |
@@ -1138,6 +1131,15 @@ Set directory or file read-only. | |||
1138 | Example: | 1131 | Example: |
1139 | .br | 1132 | .br |
1140 | $ firejail \-\-read-only=~/.mozilla firefox | 1133 | $ firejail \-\-read-only=~/.mozilla firefox |
1134 | .br | ||
1135 | |||
1136 | .br | ||
1137 | A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories | ||
1138 | should be made read-only independently. Making a parent directory read-only, will not | ||
1139 | make the whitelist read-only. Example: | ||
1140 | .br | ||
1141 | $ firejail --whitelist=~/work --read-only=~/ --read-only=~/work | ||
1142 | |||
1141 | .TP | 1143 | .TP |
1142 | \fB\-\-rlimit-fsize=number | 1144 | \fB\-\-rlimit-fsize=number |
1143 | Set the maximum file size that can be created by a process. | 1145 | Set the maximum file size that can be created by a process. |