diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 13:54:28 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 14:01:37 +0300 |
commit | 85bb547e4054ab147d393bf437998ad76043783a (patch) | |
tree | f18a85f2767fedf3d9b5b1fa3b3996c8cc027a9c /src/man/firejail.txt | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.gz firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.zst firejail-85bb547e4054ab147d393bf437998ad76043783a.zip |
Postpone installation of seccomp filters just before execve
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e9b27f9e4..89b815e02 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1687,7 +1687,7 @@ rm: cannot remove `testfile': Operation not permitted | |||
1687 | \fB\-\-seccomp.keep=syscall,syscall,syscall | 1687 | \fB\-\-seccomp.keep=syscall,syscall,syscall |
1688 | Enable seccomp filter, and whitelist the syscalls specified by the | 1688 | Enable seccomp filter, and whitelist the syscalls specified by the |
1689 | command. The system calls needed by Firejail (group @default-keep: | 1689 | command. The system calls needed by Firejail (group @default-keep: |
1690 | dup, prctl, setgid, setgroups, setuid) are always whitelisted. | 1690 | prctl, execve) are handled with the preload library. |
1691 | .br | 1691 | .br |
1692 | 1692 | ||
1693 | .br | 1693 | .br |