diff options
author | netblue30 <netblue30@yahoo.com> | 2017-08-17 08:32:28 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-08-17 08:32:28 -0400 |
commit | 00822ba08cf16616473665dac6d1b9240a185872 (patch) | |
tree | 9640ea1fc44f6b01fb64d4f05b024b27cddfbb9e /src/man | |
parent | --net=none documentation (diff) | |
download | firejail-00822ba08cf16616473665dac6d1b9240a185872.tar.gz firejail-00822ba08cf16616473665dac6d1b9240a185872.tar.zst firejail-00822ba08cf16616473665dac6d1b9240a185872.zip |
memory-deny-write-execute
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 5bd4f6ef8..9dafb3c65 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -312,6 +312,11 @@ Enable seccomp filter and blacklist the system calls in the list. | |||
312 | \fBseccomp.keep syscall,syscall,syscall | 312 | \fBseccomp.keep syscall,syscall,syscall |
313 | Enable seccomp filter and whitelist the system calls in the list. | 313 | Enable seccomp filter and whitelist the system calls in the list. |
314 | .TP | 314 | .TP |
315 | \fBmemory-deny-write-execute | ||
316 | Install a seccomp filter to block attempts to create memory mappings | ||
317 | that are both writable and executable, to change mappings to be | ||
318 | executable or to create executable shared memory. | ||
319 | .TP | ||
315 | \fBnonewprivs | 320 | \fBnonewprivs |
316 | Sets the NO_NEW_PRIVS prctl. This ensures that child processes | 321 | Sets the NO_NEW_PRIVS prctl. This ensures that child processes |
317 | cannot acquire new privileges using execve(2); in particular, | 322 | cannot acquire new privileges using execve(2); in particular, |