diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-26 07:18:01 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-26 07:18:01 -0500 |
commit | e83af0b1114499ccca03f6680a9e9b2c0e1e9493 (patch) | |
tree | bd8662356644d9d7e5ef7e472301e311dc01afa5 /src/man | |
parent | --debug enhancements (diff) | |
download | firejail-e83af0b1114499ccca03f6680a9e9b2c0e1e9493.tar.gz firejail-e83af0b1114499ccca03f6680a9e9b2c0e1e9493.tar.zst firejail-e83af0b1114499ccca03f6680a9e9b2c0e1e9493.zip |
fixes
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 39e0dbaf7..4f9f0cba9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -155,8 +155,15 @@ Define a custom whitelist Linux capabilities filter. | |||
155 | Example: | 155 | Example: |
156 | .br | 156 | .br |
157 | $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ | 157 | $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ |
158 | setuid "/etc/init.d/nginx start && sleep inf" | 158 | setuid /etc/init.d/nginx start |
159 | .br | ||
159 | 160 | ||
161 | .br | ||
162 | A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories | ||
163 | should be made read-only independently. Making a parent directory read-only, will not | ||
164 | make the whitelist read-only. Example: | ||
165 | .br | ||
166 | $ firejail --whitelist=~/work --read-only=~/ --read-only=~/work | ||
160 | .TP | 167 | .TP |
161 | \fB\-\-caps.print=name | 168 | \fB\-\-caps.print=name |
162 | Print the caps filter for the sandbox identified by name. | 169 | Print the caps filter for the sandbox identified by name. |