diff options
author | netblue30 <netblue30@yahoo.com> | 2015-09-01 08:27:02 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-09-01 08:27:02 -0400 |
commit | 38f13e822b3771d5d34d7a4319f0f4baafea8648 (patch) | |
tree | dfe36e62a2dd0aeaac4122ccd653a0d5006e0233 /src/man | |
parent | Merge pull request #51 from sarneaud/gitignore (diff) | |
parent | Add noblacklist command to firejail. (diff) | |
download | firejail-38f13e822b3771d5d34d7a4319f0f4baafea8648.tar.gz firejail-38f13e822b3771d5d34d7a4319f0f4baafea8648.tar.zst firejail-38f13e822b3771d5d34d7a4319f0f4baafea8648.zip |
Merge pull request #53 from sarneaud/noblacklist
Noblacklist
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 5167a4c42..64565ab0b 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -87,6 +87,7 @@ Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" | |||
87 | These profile entries define a chroot filesystem built on top of the existing | 87 | These profile entries define a chroot filesystem built on top of the existing |
88 | host filesystem. Each line describes a file element that is removed from | 88 | host filesystem. Each line describes a file element that is removed from |
89 | the filesystem (\fBblacklist\fR), a read-only file or directory (\fBread-only\fR), | 89 | the filesystem (\fBblacklist\fR), a read-only file or directory (\fBread-only\fR), |
90 | a filter for finer control of blacklisting (\fBnoblacklist\fR), | ||
90 | a tmpfs mounted on top of an existing directory (\fBtmpfs\fR), | 91 | a tmpfs mounted on top of an existing directory (\fBtmpfs\fR), |
91 | or mount-bind a directory or file on top of another directory or file (\fBbind\fR). | 92 | or mount-bind a directory or file on top of another directory or file (\fBbind\fR). |
92 | Use \fBprivate\fR to set private mode. | 93 | Use \fBprivate\fR to set private mode. |
@@ -117,6 +118,14 @@ Remove ifconfig command from the regular path directories. | |||
117 | \f\blacklist ${HOME}/.ssh | 118 | \f\blacklist ${HOME}/.ssh |
118 | Remove .ssh directory from user home directory. | 119 | Remove .ssh directory from user home directory. |
119 | .TP | 120 | .TP |
121 | \f\ noblacklist ${HOME}/config/evince | ||
122 | Prevent any new blacklist commands from blacklisting | ||
123 | config/evince in the user home directory. Useful for defining | ||
124 | exceptions before including a large blacklist from a file. Note | ||
125 | that blacklisting ${HOME}/config can still make | ||
126 | ${HOME}/config/evince effectively unreachable through filesystem | ||
127 | traversal. | ||
128 | .TP | ||
120 | \f\private | 129 | \f\private |
121 | Mount new /root and /home/user directories in temporary | 130 | Mount new /root and /home/user directories in temporary |
122 | filesystems. All modifications are discarded when the sandbox is | 131 | filesystems. All modifications are discarded when the sandbox is |