--read-write rework

author: netblue30 <netblue30@yahoo.com> 2016-07-19 13:03:24 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-07-19 13:03:24 -0400
commit: afe9fe993293a27dc345f6bca2a4b7ea964120b8 (patch)
tree: edc01898663f624b40f0c2b64c8a527b1d99db0b /src/man
parent: default.profile bug (diff)
download: firejail-afe9fe993293a27dc345f6bca2a4b7ea964120b8.tar.gz
firejail-afe9fe993293a27dc345f6bca2a4b7ea964120b8.tar.zst
firejail-afe9fe993293a27dc345f6bca2a4b7ea964120b8.zip
1 files changed, 12 insertions, 5 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index f7079200e..fed573e6c 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1184,16 +1184,23 @@ A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted d
 should be made read-only independently. Making a parent directory read-only, will not
 make the whitelist read-only. Example:
 .br
+.br
 $ firejail --whitelist=~/work --read-only=~ --read-only=~/work
 .TP
 \fB\-\-read-write=dirname_or_filename
-By default, the sandbox mounts system directories read-only.
+Set directory or file read-write. Only files or directories belonging to the current user are allowed for
-These directories are /etc, /var, /usr, /bin, /sbin, /lib, /lib32, /libx32 and /lib64. 
+this operation. Example:
-Use this option to mount read-write files or directories inside the system directories.
+.br
+.br
+$ mkdir ~/test
+.br
+$ touch ~/test/a
+.br
+$ firejail --read-only=~/test --read-write=~/test/a
-This option is available only to root user. It has no effect when --chroot or --overlay are also set. In these
-cases the system directories are mounted read-write.
 .TP
 \fB\-\-rlimit-fsize=number
author	netblue30 <netblue30@yahoo.com>	2016-07-19 13:03:24 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-07-19 13:03:24 -0400
commit	afe9fe993293a27dc345f6bca2a4b7ea964120b8 (patch)
tree	edc01898663f624b40f0c2b64c8a527b1d99db0b /src/man
parent	default.profile bug (diff)
download	firejail-afe9fe993293a27dc345f6bca2a4b7ea964120b8.tar.gz firejail-afe9fe993293a27dc345f6bca2a4b7ea964120b8.tar.zst firejail-afe9fe993293a27dc345f6bca2a4b7ea964120b8.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f7079200e..fed573e6c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1184,16 +1184,23 @@ A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted d
1184	should be made read-only independently. Making a parent directory read-only, will not	1184	should be made read-only independently. Making a parent directory read-only, will not
1185	make the whitelist read-only. Example:	1185	make the whitelist read-only. Example:
1186	.br	1186	.br
		1187
		1188	.br
1187	$ firejail --whitelist=~/work --read-only=~ --read-only=~/work	1189	$ firejail --whitelist=~/work --read-only=~ --read-only=~/work
1188		1190
1189	.TP	1191	.TP
1190	\fB\-\-read-write=dirname_or_filename	1192	\fB\-\-read-write=dirname_or_filename
1191	By default, the sandbox mounts system directories read-only.	1193	Set directory or file read-write. Only files or directories belonging to the current user are allowed for
1192	These directories are /etc, /var, /usr, /bin, /sbin, /lib, /lib32, /libx32 and /lib64.	1194	this operation. Example:
1193	Use this option to mount read-write files or directories inside the system directories.	1195	.br
		1196
		1197	.br
		1198	$ mkdir ~/test
		1199	.br
		1200	$ touch ~/test/a
		1201	.br
		1202	$ firejail --read-only=~/test --read-write=~/test/a
1194		1203
1195	This option is available only to root user. It has no effect when --chroot or --overlay are also set. In these
1196	cases the system directories are mounted read-write.
1197		1204
1198	.TP	1205	.TP
1199	\fB\-\-rlimit-fsize=number	1206	\fB\-\-rlimit-fsize=number