diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-09 12:26:56 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-09 12:26:56 -0400 |
commit | 7c964608ba3560d8869492c674f89a07f5240850 (patch) | |
tree | 767ca55fc82c4e2c661c0fcccb16564449fe2387 /src/man/firejail.txt | |
parent | seccomp filter update (diff) | |
download | firejail-7c964608ba3560d8869492c674f89a07f5240850.tar.gz firejail-7c964608ba3560d8869492c674f89a07f5240850.tar.zst firejail-7c964608ba3560d8869492c674f89a07f5240850.zip |
added --rmenv
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index cb555980d..8d20cf36b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1172,6 +1172,15 @@ make the whitelist read-only. Example: | |||
1172 | $ firejail --whitelist=~/work --read-only=~ --read-only=~/work | 1172 | $ firejail --whitelist=~/work --read-only=~ --read-only=~/work |
1173 | 1173 | ||
1174 | .TP | 1174 | .TP |
1175 | \fB\-\-read-write=dirname_or_filename | ||
1176 | By default, the sandbox mounts system directories read-only. | ||
1177 | These directories are /etc, /var, /usr, /bin, /sbin, /lib, /lib32, /libx32 and /lib64. | ||
1178 | Use this option to mount read-write files or directories inside the system directories. | ||
1179 | |||
1180 | This option is available only to root user. It has no effect when --chroot or --overlay are also set. In these | ||
1181 | cases the system directories are mounted read-write. | ||
1182 | |||
1183 | .TP | ||
1175 | \fB\-\-rlimit-fsize=number | 1184 | \fB\-\-rlimit-fsize=number |
1176 | Set the maximum file size that can be created by a process. | 1185 | Set the maximum file size that can be created by a process. |
1177 | .TP | 1186 | .TP |
@@ -1185,13 +1194,14 @@ Set the maximum number of processes that can be created for the real user ID of | |||
1185 | Set the maximum number of pending signals for a process. | 1194 | Set the maximum number of pending signals for a process. |
1186 | 1195 | ||
1187 | .TP | 1196 | .TP |
1188 | \fB\-\-read-write=dirname_or_filename | 1197 | \fB\-\-rmenv=name |
1189 | By default, the sandbox mounts system directories read-only. | 1198 | Remove environment variable in the new sandbox. |
1190 | These directories are /etc, /var, /usr, /bin, /sbin, /lib, /lib32, /libx32 and /lib64. | 1199 | .br |
1191 | Use this option to mount read-write files or directories inside the system directories. | ||
1192 | 1200 | ||
1193 | This option is available only to root user. It has no effect when --chroot or --overlay are also set. In these | 1201 | .br |
1194 | cases the system directories are mounted read-write. | 1202 | Example: |
1203 | .br | ||
1204 | $ firejail \-\-rmenv=DBUS_SESSION_BUS_ADDRESS | ||
1195 | 1205 | ||
1196 | .TP | 1206 | .TP |
1197 | \fB\-\-scan | 1207 | \fB\-\-scan |