--chroot fixes (Debian problem)

author: netblue30 <netblue30@yahoo.com> 2018-09-01 07:59:40 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-09-01 07:59:40 -0400
commit: 07384ab64a4a98ff920e7667795282ae9ad21322 (patch)
tree: 10a6408aca31a2f48ee254d577a2481507a67ef2 /src/man/firejail.txt
parent: error strings (diff)
download: firejail-07384ab64a4a98ff920e7667795282ae9ad21322.tar.gz
firejail-07384ab64a4a98ff920e7667795282ae9ad21322.tar.zst
firejail-07384ab64a4a98ff920e7667795282ae9ad21322.zip
1 files changed, 6 insertions, 4 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index d7e402e31..c09684596 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -100,7 +100,8 @@ $ firejail --allusers
 Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below.
 .TP
 \fB\-\-appimage
-Sandbox an AppImage (https://appimage.org/) application.
+Sandbox an AppImage (https://appimage.org/) application. If the sandbox is started as a
+regular user, default seccomp and capabilities filters are enabled.
 .br
 .br
@@ -272,8 +273,7 @@ Example:
 \fB\-\-chroot=dirname
 Chroot the sandbox into a root filesystem. Unlike the regular filesystem container,
 the system directories are mounted read-write. If the sandbox is started as a
-regular user, default seccomp and capabilities filters are enabled. This
+regular user, default seccomp and capabilities filters are enabled.
-option is not available on Grsecurity systems.
 .br
 .br
@@ -1268,6 +1268,7 @@ Similar to \-\-output, but stderr is also stored.
 Mount a filesystem overlay on top of the current filesystem.  Unlike the regular filesystem container,
 the system directories are mounted read-write. All filesystem modifications go into the overlay.
 Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<PID> directory.
+If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled.
 .br
 .br
@@ -1287,6 +1288,7 @@ Mount a filesystem overlay on top of the current filesystem.  Unlike the regular
 the system directories are mounted read-write. All filesystem modifications go into the overlay.
 Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<NAME> directory.
 The created overlay can be reused between multiple sessions.
+If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled.
 .br
 .br
@@ -1304,7 +1306,7 @@ $ firejail \-\-overlay-named=jail1 firefox
 \fB\-\-overlay-tmpfs
 Mount a filesystem overlay on top of the current filesystem. All filesystem modifications
 are discarded when the sandbox is closed. Directories /run, /tmp and /dev are not covered by the overlay.
+If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled.
 .br
 .br
author	netblue30 <netblue30@yahoo.com>	2018-09-01 07:59:40 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-09-01 07:59:40 -0400
commit	07384ab64a4a98ff920e7667795282ae9ad21322 (patch)
tree	10a6408aca31a2f48ee254d577a2481507a67ef2 /src/man/firejail.txt
parent	error strings (diff)
download	firejail-07384ab64a4a98ff920e7667795282ae9ad21322.tar.gz firejail-07384ab64a4a98ff920e7667795282ae9ad21322.tar.zst firejail-07384ab64a4a98ff920e7667795282ae9ad21322.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index d7e402e31..c09684596 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -100,7 +100,8 @@ $ firejail --allusers
100	Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below.	100	Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below.
101	.TP	101	.TP
102	\fB\-\-appimage	102	\fB\-\-appimage
103	Sandbox an AppImage (https://appimage.org/) application.	103	Sandbox an AppImage (https://appimage.org/) application. If the sandbox is started as a
		104	regular user, default seccomp and capabilities filters are enabled.
104	.br	105	.br
105		106
106	.br	107	.br
@@ -272,8 +273,7 @@ Example:
272	\fB\-\-chroot=dirname	273	\fB\-\-chroot=dirname
273	Chroot the sandbox into a root filesystem. Unlike the regular filesystem container,	274	Chroot the sandbox into a root filesystem. Unlike the regular filesystem container,
274	the system directories are mounted read-write. If the sandbox is started as a	275	the system directories are mounted read-write. If the sandbox is started as a
275	regular user, default seccomp and capabilities filters are enabled. This	276	regular user, default seccomp and capabilities filters are enabled.
276	option is not available on Grsecurity systems.
277	.br	277	.br
278		278
279	.br	279	.br
@@ -1268,6 +1268,7 @@ Similar to \-\-output, but stderr is also stored.
1268	Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container,	1268	Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container,
1269	the system directories are mounted read-write. All filesystem modifications go into the overlay.	1269	the system directories are mounted read-write. All filesystem modifications go into the overlay.
1270	Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<PID> directory.	1270	Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<PID> directory.
		1271	If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled.
1271	.br	1272	.br
1272		1273
1273	.br	1274	.br
@@ -1287,6 +1288,7 @@ Mount a filesystem overlay on top of the current filesystem. Unlike the regular
1287	the system directories are mounted read-write. All filesystem modifications go into the overlay.	1288	the system directories are mounted read-write. All filesystem modifications go into the overlay.
1288	Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<NAME> directory.	1289	Directories /run, /tmp and /dev are not covered by the overlay. The overlay is stored in $HOME/.firejail/<NAME> directory.
1289	The created overlay can be reused between multiple sessions.	1290	The created overlay can be reused between multiple sessions.
		1291	If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled.
1290	.br	1292	.br
1291		1293
1292	.br	1294	.br
@@ -1304,7 +1306,7 @@ $ firejail \-\-overlay-named=jail1 firefox
1304	\fB\-\-overlay-tmpfs	1306	\fB\-\-overlay-tmpfs
1305	Mount a filesystem overlay on top of the current filesystem. All filesystem modifications	1307	Mount a filesystem overlay on top of the current filesystem. All filesystem modifications
1306	are discarded when the sandbox is closed. Directories /run, /tmp and /dev are not covered by the overlay.	1308	are discarded when the sandbox is closed. Directories /run, /tmp and /dev are not covered by the overlay.
1307		1309	If the sandbox is started as a regular user, default seccomp and capabilities filters are enabled.
1308	.br	1310	.br
1309		1311
1310	.br	1312	.br