keep-fd option (#4845)

author: smitsohu <smitsohu@gmail.com> 2022-01-14 20:19:25 +0100
committer: smitsohu <smitsohu@gmail.com> 2022-01-14 23:58:43 +0100
commit: c764520b5aa343c00c3a73633511df039645973c (patch)
tree: efa4f9e44786d571079e29e9a0223107893e0822 /src/man
parent: refactor closing of file descriptors (diff)
download: firejail-c764520b5aa343c00c3a73633511df039645973c.tar.gz
firejail-c764520b5aa343c00c3a73633511df039645973c.tar.zst
firejail-c764520b5aa343c00c3a73633511df039645973c.zip
2 files changed, 25 insertions, 0 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 71dab18ba..29f0fe4e4 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -724,6 +724,11 @@ env CFLAGS="-W -Wall -Werror"
 .TP
 \fBipc-namespace
 Enable IPC namespace.
+.TP
+\fBkeep-fd
+Inherit open file descriptors to sandbox.
 .TP
 \fBname sandboxname
 Set sandbox name. Example:
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 80487a49d..a5704e995 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1104,6 +1104,26 @@ Example:
 $ firejail --keep-dev-shm --private-dev
 .TP
+\fB\-\-keep-fd=all
+Inherit all open file descriptors to the sandbox. By default only file descriptors 0, 1 and 2 are inherited to the sandbox, and all other file descriptors are closed.
+.br
+.br
+Example:
+.br
+$ firejail --keep-fd=all
+.TP
+\fB\-\-keep-fd=file_descriptor
+Don't close specified open file descriptors. By default only file descriptors 0, 1 and 2 are inherited to the sandbox, and all other file descriptors are closed.
+.br
+.br
+Example:
+.br
+$ firejail --keep-fd=3,4,5
+.TP
 \fB\-\-keep-var-tmp
 /var/tmp directory is untouched.
 .br
author	smitsohu <smitsohu@gmail.com>	2022-01-14 20:19:25 +0100
committer	smitsohu <smitsohu@gmail.com>	2022-01-14 23:58:43 +0100
commit	c764520b5aa343c00c3a73633511df039645973c (patch)
tree	efa4f9e44786d571079e29e9a0223107893e0822 /src/man
parent	refactor closing of file descriptors (diff)
download	firejail-c764520b5aa343c00c3a73633511df039645973c.tar.gz firejail-c764520b5aa343c00c3a73633511df039645973c.tar.zst firejail-c764520b5aa343c00c3a73633511df039645973c.zip

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 71dab18ba..29f0fe4e4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -724,6 +724,11 @@ env CFLAGS="-W -Wall -Werror"
724	.TP	724	.TP
725	\fBipc-namespace	725	\fBipc-namespace
726	Enable IPC namespace.	726	Enable IPC namespace.
		727
		728	.TP
		729	\fBkeep-fd
		730	Inherit open file descriptors to sandbox.
		731
727	.TP	732	.TP
728	\fBname sandboxname	733	\fBname sandboxname
729	Set sandbox name. Example:	734	Set sandbox name. Example:


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 80487a49d..a5704e995 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1104,6 +1104,26 @@ Example:
1104	$ firejail --keep-dev-shm --private-dev	1104	$ firejail --keep-dev-shm --private-dev
1105		1105
1106	.TP	1106	.TP
		1107	\fB\-\-keep-fd=all
		1108	Inherit all open file descriptors to the sandbox. By default only file descriptors 0, 1 and 2 are inherited to the sandbox, and all other file descriptors are closed.
		1109	.br
		1110
		1111	.br
		1112	Example:
		1113	.br
		1114	$ firejail --keep-fd=all
		1115
		1116	.TP
		1117	\fB\-\-keep-fd=file_descriptor
		1118	Don't close specified open file descriptors. By default only file descriptors 0, 1 and 2 are inherited to the sandbox, and all other file descriptors are closed.
		1119	.br
		1120
		1121	.br
		1122	Example:
		1123	.br
		1124	$ firejail --keep-fd=3,4,5
		1125
		1126	.TP
1107	\fB\-\-keep-var-tmp	1127	\fB\-\-keep-var-tmp
1108	/var/tmp directory is untouched.	1128	/var/tmp directory is untouched.
1109	.br	1129	.br