diff options
author | Adis Hamzić <adis@hamzadis.com> | 2016-08-12 18:06:47 +0200 |
---|---|---|
committer | Adis Hamzić <adis@hamzadis.com> | 2016-08-12 18:06:47 +0200 |
commit | 32e6cb2b6425b48c9cc2d456f81460ec6b3fc5b3 (patch) | |
tree | 9b62c2e0d85903d5c26ca3257cb0384d8547c777 /src/man | |
parent | x11 support rewrite (diff) | |
download | firejail-32e6cb2b6425b48c9cc2d456f81460ec6b3fc5b3.tar.gz firejail-32e6cb2b6425b48c9cc2d456f81460ec6b3fc5b3.tar.zst firejail-32e6cb2b6425b48c9cc2d456f81460ec6b3fc5b3.zip |
added more overlay options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 44 |
1 files changed, 40 insertions, 4 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index fb8cb630b..3cc9a8401 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -994,7 +994,7 @@ $ ls -l sandboxlog* | |||
994 | \fB\-\-overlay | 994 | \fB\-\-overlay |
995 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, | 995 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, |
996 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | 996 | the system directories are mounted read-write. All filesystem modifications go into the overlay. |
997 | The overlay is stored in $HOME/.firejail directory. This option is not available on Grsecurity systems. | 997 | The overlay is stored in $HOME/.firejail/<PID> directory. This option is not available on Grsecurity systems. |
998 | .br | 998 | .br |
999 | 999 | ||
1000 | .br | 1000 | .br |
@@ -1008,14 +1008,40 @@ Example: | |||
1008 | $ firejail \-\-overlay firefox | 1008 | $ firejail \-\-overlay firefox |
1009 | 1009 | ||
1010 | .TP | 1010 | .TP |
1011 | \fB\-\-overlay-clean | 1011 | \fB\-\-overlay-named=name |
1012 | Clean all overlays stored in $HOME/.firejail directory. | 1012 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, |
1013 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | ||
1014 | The overlay is stored in $HOME/.firejail/<NAME> directory. The created overlay can be reused between multiple | ||
1015 | sessions. This option is not available on Grsecurity systems. | ||
1016 | .br | ||
1017 | |||
1018 | .br | ||
1019 | OverlayFS support is required in Linux kernel for this option to work. | ||
1020 | OverlayFS was officially introduced in Linux kernel version 3.18 | ||
1013 | .br | 1021 | .br |
1014 | 1022 | ||
1015 | .br | 1023 | .br |
1016 | Example: | 1024 | Example: |
1017 | .br | 1025 | .br |
1018 | $ firejail \-\-overlay-clean | 1026 | $ firejail \-\-overlay-named=jail1 firefox |
1027 | |||
1028 | .TP | ||
1029 | \fB\-\-overlay-path=path | ||
1030 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, | ||
1031 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | ||
1032 | The overlay is stored in the specified path. The created overlay can be reused between multiple sessions. | ||
1033 | This option is not available on Grsecurity systems. | ||
1034 | .br | ||
1035 | |||
1036 | .br | ||
1037 | OverlayFS support is required in Linux kernel for this option to work. | ||
1038 | OverlayFS was officially introduced in Linux kernel version 3.18 | ||
1039 | .br | ||
1040 | |||
1041 | .br | ||
1042 | Example: | ||
1043 | .br | ||
1044 | $ firejail \-\-overlay-path=~/jails/jail1 firefox | ||
1019 | 1045 | ||
1020 | .TP | 1046 | .TP |
1021 | \fB\-\-overlay-tmpfs | 1047 | \fB\-\-overlay-tmpfs |
@@ -1034,6 +1060,16 @@ Example: | |||
1034 | $ firejail \-\-overlay-tmpfs firefox | 1060 | $ firejail \-\-overlay-tmpfs firefox |
1035 | 1061 | ||
1036 | .TP | 1062 | .TP |
1063 | \fB\-\-overlay-clean | ||
1064 | Clean all overlays stored in $HOME/.firejail directory. | ||
1065 | .br | ||
1066 | |||
1067 | .br | ||
1068 | Example: | ||
1069 | .br | ||
1070 | $ firejail \-\-overlay-clean | ||
1071 | |||
1072 | .TP | ||
1037 | \fB\-\-private | 1073 | \fB\-\-private |
1038 | Mount new /root and /home/user directories in temporary | 1074 | Mount new /root and /home/user directories in temporary |
1039 | filesystems. All modifications are discarded when the sandbox is | 1075 | filesystems. All modifications are discarded when the sandbox is |