diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-07-10 10:08:53 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-07-10 10:08:53 -0400 |
| commit | a344c555ff282c23a8274d10ad0f75eb4fae6836 (patch) | |
| tree | b86fde69dc1cb71a476745c974196735d694952a /src/man | |
| parent | noexec inside /var directory (diff) | |
| download | firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.gz firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.zst firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.zip | |
--noexec
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/firejail-profile.txt | 3 | ||||
| -rw-r--r-- | src/man/firejail.txt | 15 |
2 files changed, 18 insertions, 0 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 98fa17908..504842a9e 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -157,6 +157,9 @@ whitelist ~/.cache/mozilla/firefox | |||
| 157 | Similar to mkdir, this command creates a file in user home before the sandbox is started. | 157 | Similar to mkdir, this command creates a file in user home before the sandbox is started. |
| 158 | The file is created if it doesn't already exist. | 158 | The file is created if it doesn't already exist. |
| 159 | .TP | 159 | .TP |
| 160 | \fBnoexec file_or_directory | ||
| 161 | Remount the file or the directory noexec, nodev and nosuid. | ||
| 162 | .TP | ||
| 160 | \fBprivate | 163 | \fBprivate |
| 161 | Mount new /root and /home/user directories in temporary | 164 | Mount new /root and /home/user directories in temporary |
| 162 | filesystems. All modifications are discarded when the sandbox is | 165 | filesystems. All modifications are discarded when the sandbox is |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7c9cd98de..cd9ea6a8a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -851,6 +851,21 @@ $ nc dict.org 2628 | |||
| 851 | 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64 | 851 | 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64 |
| 852 | .br | 852 | .br |
| 853 | .TP | 853 | .TP |
| 854 | \fB\-\-noexec=dirname_or_filename | ||
| 855 | Remount directory or file noexec, nodev and nosuid. | ||
| 856 | .br | ||
| 857 | |||
| 858 | .br | ||
| 859 | Example: | ||
| 860 | .br | ||
| 861 | $ firejail \-\-noexec=/tmp | ||
| 862 | .br | ||
| 863 | |||
| 864 | .br | ||
| 865 | /etc and /var are noexec by default. If there are more than one mount operation | ||
| 866 | on the path of the file or directory, noexec should be applied to the last one. Always check if the change took effect inside the sandbox. | ||
| 867 | |||
| 868 | .TP | ||
| 854 | \fB\-\-nogroups | 869 | \fB\-\-nogroups |
| 855 | Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the | 870 | Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the |
| 856 | sandbox. For root user supplementary groups are always disabled. | 871 | sandbox. For root user supplementary groups are always disabled. |