diff options
author | netblue30 <netblue30@yahoo.com> | 2016-06-09 08:42:59 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-06-09 08:42:59 -0400 |
commit | d073a425b3e3ed3829a0e042e8c41963f0f40f0e (patch) | |
tree | 3241c3053a4d3ccba63c633015fddb6e21c9cf74 /src/man | |
parent | fixes (diff) | |
download | firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.tar.gz firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.tar.zst firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.zip |
whitelist support in /etc/firejail/firejail.config
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-config.txt | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt index 026765f1a..6a66c7f75 100644 --- a/src/man/firejail-config.txt +++ b/src/man/firejail-config.txt | |||
@@ -26,6 +26,13 @@ Enable or disable chroot support, default enabled. | |||
26 | Enable or disable file transfer support, default enabled. | 26 | Enable or disable file transfer support, default enabled. |
27 | 27 | ||
28 | .TP | 28 | .TP |
29 | \fBforce-nonewprivs | ||
30 | Force use of nonewprivs. This mitigates the possibility of | ||
31 | a user abusing firejail's features to trick a privileged (suid | ||
32 | or file capabilities) process into loading code or configuration | ||
33 | that is partially under their control. Default disabled. | ||
34 | |||
35 | .TP | ||
29 | \fBnetwork | 36 | \fBnetwork |
30 | Enable or disable networking features, default enabled. | 37 | Enable or disable networking features, default enabled. |
31 | 38 | ||
@@ -45,16 +52,12 @@ Enable or disable seccomp support, default enabled. | |||
45 | Enable or disable user namespace support, default enabled. | 52 | Enable or disable user namespace support, default enabled. |
46 | 53 | ||
47 | .TP | 54 | .TP |
48 | \fBx11 | 55 | \fBwhitelist |
49 | Enable or disable X11 sandboxing support, default enabled. | 56 | Enable or disable whitelisting support, default enabled. |
50 | 57 | ||
51 | .TP | 58 | .TP |
52 | \fBforce-nonewprivs | 59 | \fBx11 |
53 | Force use of nonewprivs. This mitigates the possibility of | 60 | Enable or disable X11 sandboxing support, default enabled. |
54 | a user abusing firejail's features to trick a privileged (suid | ||
55 | or file capabilities) process into loading code or configuration | ||
56 | that is partially under their control. Default disabled. | ||
57 | |||
58 | 61 | ||
59 | .TP | 62 | .TP |
60 | \fBxephyr-screen | 63 | \fBxephyr-screen |