diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-07-09 09:48:17 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-07-09 09:48:17 -0400 |
| commit | fb2406ff02ea1e4fe6a5d5840e5e24ad303330aa (patch) | |
| tree | 26424cc5b400f46d68134b3eef7bfb397bee39b3 /src/man | |
| parent | fixes (diff) | |
| download | firejail-fb2406ff02ea1e4fe6a5d5840e5e24ad303330aa.tar.gz firejail-fb2406ff02ea1e4fe6a5d5840e5e24ad303330aa.tar.zst firejail-fb2406ff02ea1e4fe6a5d5840e5e24ad303330aa.zip | |
seccomp filter update
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/firejail-profile.txt | 10 | ||||
| -rw-r--r-- | src/man/firejail.txt | 4 |
2 files changed, 3 insertions, 11 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 9c416b0f3..98fa17908 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -224,15 +224,7 @@ first argument to socket system call. Recognized values: \fBunix\fR, | |||
| 224 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR. | 224 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR. |
| 225 | .TP | 225 | .TP |
| 226 | \fBseccomp | 226 | \fBseccomp |
| 227 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: | 227 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. |
| 228 | mount, umount2, ptrace, kexec_load, kexec_file_load, open_by_handle_at, init_module, finit_module, delete_module, | ||
| 229 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv, process_vm_writev, | ||
| 230 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, | ||
| 231 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | ||
| 232 | io_destroy, io_getevents, io_submit, io_cancel, | ||
| 233 | remap_file_pages, mbind, get_mempolicy, set_mempolicy, | ||
| 234 | migrate_pages, move_pages, vmsplice, perf_event_open, chroot, | ||
| 235 | tuxcall, reboot, mfsservctl and get_kernel_syms. | ||
| 236 | .TP | 228 | .TP |
| 237 | \fBseccomp syscall,syscall,syscall | 229 | \fBseccomp syscall,syscall,syscall |
| 238 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. | 230 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e915ab6cb..cb555980d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -1206,8 +1206,8 @@ $ firejail \-\-net=eth0 \-\-scan | |||
| 1206 | .TP | 1206 | .TP |
| 1207 | \fB\-\-seccomp | 1207 | \fB\-\-seccomp |
| 1208 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: | 1208 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: |
| 1209 | mount, umount2, ptrace, kexec_load, kexec_file_load, open_by_handle_at, init_module, finit_module, delete_module, | 1209 | mount, umount2, ptrace, kexec_load, kexec_file_load, name_to_handle_at, open_by_handle_at, create_module, init_module, finit_module, delete_module, |
| 1210 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv, process_vm_writev, | 1210 | iopl, ioperm, ioprio_set, swapon, swapoff, syslog, process_vm_readv, process_vm_writev, |
| 1211 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, | 1211 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, |
| 1212 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | 1212 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, |
| 1213 | io_destroy, io_getevents, io_submit, io_cancel, | 1213 | io_destroy, io_getevents, io_submit, io_cancel, |