whitelist support in /etc/firejail/firejail.config

author: netblue30 <netblue30@yahoo.com> 2016-06-09 08:42:59 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-06-09 08:42:59 -0400
commit: d073a425b3e3ed3829a0e042e8c41963f0f40f0e (patch)
tree: 3241c3053a4d3ccba63c633015fddb6e21c9cf74 /src/man
parent: fixes (diff)
download: firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.tar.gz
firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.tar.zst
firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.zip
1 files changed, 11 insertions, 8 deletions
diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt
index 026765f1a..6a66c7f75 100644
--- a/src/man/firejail-config.txt
+++ b/src/man/firejail-config.txt
@@ -26,6 +26,13 @@ Enable or disable chroot support, default enabled.
 Enable or disable file transfer support, default enabled.
 .TP
+\fBforce-nonewprivs
+Force use of nonewprivs.  This mitigates the possibility of
+a user abusing firejail's features to trick a privileged (suid
+or file capabilities) process into loading code or configuration
+that is partially under their control.  Default disabled.
+.TP
 \fBnetwork
 Enable or disable networking features, default enabled.
@@ -45,16 +52,12 @@ Enable or disable seccomp support, default enabled.
 Enable or disable user namespace support, default enabled.
 .TP
-\fBx11
+\fBwhitelist
-Enable or disable X11 sandboxing support, default enabled.
+Enable or disable whitelisting support, default enabled.
 .TP
-\fBforce-nonewprivs
+\fBx11
-Force use of nonewprivs.  This mitigates the possibility of
+Enable or disable X11 sandboxing support, default enabled.
-a user abusing firejail's features to trick a privileged (suid
-or file capabilities) process into loading code or configuration
-that is partially under their control.  Default disabled.
 .TP
 \fBxephyr-screen
author	netblue30 <netblue30@yahoo.com>	2016-06-09 08:42:59 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-06-09 08:42:59 -0400
commit	d073a425b3e3ed3829a0e042e8c41963f0f40f0e (patch)
tree	3241c3053a4d3ccba63c633015fddb6e21c9cf74 /src/man
parent	fixes (diff)
download	firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.tar.gz firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.tar.zst firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.zip

diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt index 026765f1a..6a66c7f75 100644 --- a/src/man/firejail-config.txt +++ b/src/man/firejail-config.txt
@@ -26,6 +26,13 @@ Enable or disable chroot support, default enabled.
26	Enable or disable file transfer support, default enabled.	26	Enable or disable file transfer support, default enabled.
27		27
28	.TP	28	.TP
		29	\fBforce-nonewprivs
		30	Force use of nonewprivs. This mitigates the possibility of
		31	a user abusing firejail's features to trick a privileged (suid
		32	or file capabilities) process into loading code or configuration
		33	that is partially under their control. Default disabled.
		34
		35	.TP
29	\fBnetwork	36	\fBnetwork
30	Enable or disable networking features, default enabled.	37	Enable or disable networking features, default enabled.
31		38
@@ -45,16 +52,12 @@ Enable or disable seccomp support, default enabled.
45	Enable or disable user namespace support, default enabled.	52	Enable or disable user namespace support, default enabled.
46		53
47	.TP	54	.TP
48	\fBx11	55	\fBwhitelist
49	Enable or disable X11 sandboxing support, default enabled.	56	Enable or disable whitelisting support, default enabled.
50		57
51	.TP	58	.TP
52	\fBforce-nonewprivs	59	\fBx11
53	Force use of nonewprivs. This mitigates the possibility of	60	Enable or disable X11 sandboxing support, default enabled.
54	a user abusing firejail's features to trick a privileged (suid
55	or file capabilities) process into loading code or configuration
56	that is partially under their control. Default disabled.
57
58		61
59	.TP	62	.TP
60	\fBxephyr-screen	63	\fBxephyr-screen