diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2017-08-06 23:20:34 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-06 23:24:20 +0300 |
commit | d382f230ed46004d81b60b97ddc79380632688d1 (patch) | |
tree | cef3bf2b80aa6c4f2a8fd7c40c12c544e1683c5b /src/man | |
parent | Seccomp: system call grouping and call numbers (diff) | |
download | firejail-d382f230ed46004d81b60b97ddc79380632688d1.tar.gz firejail-d382f230ed46004d81b60b97ddc79380632688d1.tar.zst firejail-d382f230ed46004d81b60b97ddc79380632688d1.zip |
Seccomp: split @default into more meaningful smaller groups
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index a03556caf..bf18167b2 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1501,10 +1501,11 @@ ulimit, vhangup and vserver. | |||
1501 | 1501 | ||
1502 | .br | 1502 | .br |
1503 | To help creating useful seccomp filters more easily, the following | 1503 | To help creating useful seccomp filters more easily, the following |
1504 | system call groups are defined: @default, @default-nodebuggers and | 1504 | system call groups are defined: @clock, @cpu-emulation, @debug, |
1505 | @default-keep. In addtion, a system call can be specified by its | 1505 | @default, @default-nodebuggers, @default-keep, @module, @obsolete, |
1506 | number instead of name with prefix $, so for example $165 would be | 1506 | @privileged, @raw-io, @reboot, @resources and @swap. In addtion, a |
1507 | equal to mount on i386. | 1507 | system call can be specified by its number instead of name with prefix |
1508 | $, so for example $165 would be equal to mount on i386. | ||
1508 | 1509 | ||
1509 | .br | 1510 | .br |
1510 | System architecture is not strictly imposed. The filter is applied | 1511 | System architecture is not strictly imposed. The filter is applied |