diff options
| author |  The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-05-25 02:26:31 +0200 |
|---|---|---|
| committer | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-05-25 15:01:13 +0200 |
| commit | 2cecda837db48f92d5f6089ba680ae5292382e6c (patch) | |
| tree | f6f25f8812228e842a53850b5dfdb21ca4f2d97a /src/man/firejail.txt | |
| parent | Make NO_NEW_PRIVS configurable (diff) | |
| download | firejail-2cecda837db48f92d5f6089ba680ae5292382e6c.tar.gz firejail-2cecda837db48f92d5f6089ba680ae5292382e6c.tar.zst firejail-2cecda837db48f92d5f6089ba680ae5292382e6c.zip | |
Document nonewprivs
Diffstat (limited to 'src/man/firejail.txt')
| -rw-r--r-- | src/man/firejail.txt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2ea15ff2b..7b22a5bf2 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -904,6 +904,13 @@ ping: icmp open socket: Operation not permitted | |||
| 904 | $ | 904 | $ |
| 905 | 905 | ||
| 906 | .TP | 906 | .TP |
| 907 | \fB\-\-nonewprivs | ||
| 908 | Sets the NO_NEW_PRIVS prctl. This ensures that child processes | ||
| 909 | cannot acquire new privileges using execve(2); in particular, | ||
| 910 | this means that calling a suid binary (or one with file capabilities) | ||
| 911 | does not results in an increase of privilege. | ||
| 912 | |||
| 913 | .TP | ||
| 907 | \fB\-\-nosound | 914 | \fB\-\-nosound |
| 908 | Disable sound system. | 915 | Disable sound system. |
| 909 | .br | 916 | .br |