fixed whitelist description in man pages

author: netblue30 <netblue30@yahoo.com> 2016-08-21 20:37:54 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-08-21 20:37:54 -0400
commit: 45306ca2adbe0ccfd655ac356cd7a989706a06a1 (patch)
tree: 782d163c4ab94884c5235fdcf2f9d2bdce8b3156 /src/man
parent: disable ssh-agent sockets in disable-programs.inc (diff)
download: firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.tar.gz
firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.tar.zst
firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.zip
2 files changed, 19 insertions, 7 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 637519902..52802755f 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -198,9 +198,15 @@ Mount an empty tmpfs filesystem on top of directory. This option is available on
 Blacklist violations logged to syslog.
 .TP
 \fBwhitelist file_or_directory
-Build a new user home in a temporary filesystem, and mount-bind file_or_directory.
+Whitelist directory or file. A temporary file system is mounted on the top directory, and the
-The modifications to file_or_directory are persistent, everything else is discarded
+whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
-when the sandbox is closed.
+everything else is discarded when the sandbox is closed. The top directory could be 
+user home, /dev, /media, /opt, /var, and /tmp.
+.br
+.br
+Symbolic link handling: with the exception of user home, both the link and the real file should be in
+the same top directory. For user home, both the link and the real file should be owned by the user.
 .TP
 \fBwritable-etc
 Mount /etc directory read-write.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 732d14624..d08b244f7 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1587,9 +1587,15 @@ $ firejail \-\-version
 firejail version 0.9.27
 .TP
 \fB\-\-whitelist=dirname_or_filename
-Whitelist directory or file. This feature is implemented only for user home, /dev, /media, /opt, /var, and /tmp directories.
+Whitelist directory or file. A temporary file system is mounted on the top directory, and the
-With the exception of user home, both the link and the real file should be in
+whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
-the same top directory. For /home, both the link and the real file should be owned by the user.
+everything else is discarded when the sandbox is closed. The top directory could be 
+user home, /dev, /media, /opt, /var, and /tmp.
+.br
+.br
+Symbolic link handling: with the exception of user home, both the link and the real file should be in
+the same top directory. For user home, both the link and the real file should be owned by the user.
 .br
 .br
@@ -1630,7 +1636,7 @@ applications started in the sandbox from accessing other X11 displays.
 A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket.
 .br
-.br
+br
 Firejail will try first Xpra, and if Xpra is not installed on the system, it will try to find Xephyr.
 This feature is not available when running as root. 
 .br
author	netblue30 <netblue30@yahoo.com>	2016-08-21 20:37:54 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-08-21 20:37:54 -0400
commit	45306ca2adbe0ccfd655ac356cd7a989706a06a1 (patch)
tree	782d163c4ab94884c5235fdcf2f9d2bdce8b3156 /src/man
parent	disable ssh-agent sockets in disable-programs.inc (diff)
download	firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.tar.gz firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.tar.zst firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.zip

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 637519902..52802755f 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -198,9 +198,15 @@ Mount an empty tmpfs filesystem on top of directory. This option is available on
198	Blacklist violations logged to syslog.	198	Blacklist violations logged to syslog.
199	.TP	199	.TP
200	\fBwhitelist file_or_directory	200	\fBwhitelist file_or_directory
201	Build a new user home in a temporary filesystem, and mount-bind file_or_directory.	201	Whitelist directory or file. A temporary file system is mounted on the top directory, and the
202	The modifications to file_or_directory are persistent, everything else is discarded	202	whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
203	when the sandbox is closed.	203	everything else is discarded when the sandbox is closed. The top directory could be
		204	user home, /dev, /media, /opt, /var, and /tmp.
		205	.br
		206
		207	.br
		208	Symbolic link handling: with the exception of user home, both the link and the real file should be in
		209	the same top directory. For user home, both the link and the real file should be owned by the user.
204	.TP	210	.TP
205	\fBwritable-etc	211	\fBwritable-etc
206	Mount /etc directory read-write.	212	Mount /etc directory read-write.


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 732d14624..d08b244f7 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1587,9 +1587,15 @@ $ firejail \-\-version
1587	firejail version 0.9.27	1587	firejail version 0.9.27
1588	.TP	1588	.TP
1589	\fB\-\-whitelist=dirname_or_filename	1589	\fB\-\-whitelist=dirname_or_filename
1590	Whitelist directory or file. This feature is implemented only for user home, /dev, /media, /opt, /var, and /tmp directories.	1590	Whitelist directory or file. A temporary file system is mounted on the top directory, and the
1591	With the exception of user home, both the link and the real file should be in	1591	whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
1592	the same top directory. For /home, both the link and the real file should be owned by the user.	1592	everything else is discarded when the sandbox is closed. The top directory could be
		1593	user home, /dev, /media, /opt, /var, and /tmp.
		1594	.br
		1595
		1596	.br
		1597	Symbolic link handling: with the exception of user home, both the link and the real file should be in
		1598	the same top directory. For user home, both the link and the real file should be owned by the user.
1593	.br	1599	.br
1594		1600
1595	.br	1601	.br
@@ -1630,7 +1636,7 @@ applications started in the sandbox from accessing other X11 displays.
1630	A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket.	1636	A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket.
1631	.br	1637	.br
1632		1638
1633	.br	1639	br
1634	Firejail will try first Xpra, and if Xpra is not installed on the system, it will try to find Xephyr.	1640	Firejail will try first Xpra, and if Xpra is not installed on the system, it will try to find Xephyr.
1635	This feature is not available when running as root.	1641	This feature is not available when running as root.
1636	.br	1642	.br