diff options
author | smitsohu <smitsohu@gmail.com> | 2018-08-28 16:45:55 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-08-28 16:45:55 +0200 |
commit | 34f148031a41bd9d2db3a3bd286d8741a7ed1fe9 (patch) | |
tree | 2a16419e5a8accc430e8f10c82ff3cdb811cc552 /src/man/firejail.txt | |
parent | Add private-bin to 0ad (diff) | |
download | firejail-34f148031a41bd9d2db3a3bd286d8741a7ed1fe9.tar.gz firejail-34f148031a41bd9d2db3a3bd286d8741a7ed1fe9.tar.zst firejail-34f148031a41bd9d2db3a3bd286d8741a7ed1fe9.zip |
fix and harden overlay options
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7de1bff50..d7e402e31 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1267,7 +1267,7 @@ Similar to \-\-output, but stderr is also stored. | |||
1267 | \fB\-\-overlay | 1267 | \fB\-\-overlay |
1268 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, | 1268 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, |
1269 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | 1269 | the system directories are mounted read-write. All filesystem modifications go into the overlay. |
1270 | The overlay is stored in $HOME/.firejail/<PID> directory. | 1270 | Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<PID> directory. |
1271 | .br | 1271 | .br |
1272 | 1272 | ||
1273 | .br | 1273 | .br |
@@ -1285,8 +1285,8 @@ $ firejail \-\-overlay firefox | |||
1285 | \fB\-\-overlay-named=name | 1285 | \fB\-\-overlay-named=name |
1286 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, | 1286 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, |
1287 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | 1287 | the system directories are mounted read-write. All filesystem modifications go into the overlay. |
1288 | The overlay is stored in $HOME/.firejail/<NAME> directory. The created overlay can be reused between multiple | 1288 | Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<NAME> directory. |
1289 | sessions. | 1289 | The created overlay can be reused between multiple sessions. |
1290 | .br | 1290 | .br |
1291 | 1291 | ||
1292 | .br | 1292 | .br |
@@ -1303,7 +1303,8 @@ $ firejail \-\-overlay-named=jail1 firefox | |||
1303 | .TP | 1303 | .TP |
1304 | \fB\-\-overlay-tmpfs | 1304 | \fB\-\-overlay-tmpfs |
1305 | Mount a filesystem overlay on top of the current filesystem. All filesystem modifications | 1305 | Mount a filesystem overlay on top of the current filesystem. All filesystem modifications |
1306 | are discarded when the sandbox is closed. | 1306 | are discarded when the sandbox is closed. Directories /run, /tmp and /dev are not covered by the overlay. |
1307 | |||
1307 | .br | 1308 | .br |
1308 | 1309 | ||
1309 | .br | 1310 | .br |