removed mknod from default seccomp filter, some software packages are using named pipes created with mknod

author: netblue30 <netblue30@yahoo.com> 2015-08-16 15:43:50 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-08-16 15:43:50 -0400
commit: 3bfb00f627f5d4ff6879d886165fb751868527b0 (patch)
tree: 85d57bb0b7487af3637936a82a4115b9d0c11341 /src/man
parent: moved warning under --debug option (diff)
download: firejail-3bfb00f627f5d4ff6879d886165fb751868527b0.tar.gz
firejail-3bfb00f627f5d4ff6879d886165fb751868527b0.tar.zst
firejail-3bfb00f627f5d4ff6879d886165fb751868527b0.zip
2 files changed, 2 insertions, 2 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 4941d8b8b..7be5304c1 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -106,7 +106,7 @@ Whitelist Linux capabilities filter.
 \f\seccomp
 Enable default seccomp filter.  The default list is as follows:
 mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,
-iopl, ioperm, swapon, swapoff, mknode, syslog, process_vm_readv and process_vm_writev,
+iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev,
 sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.
 .TP
 \f\seccomp syscall,syscall,syscall
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 3e399db72..0b7ed1434 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -742,7 +742,7 @@ $ firejail \-\-net=eth0 \-\-scan
 \fB\-\-seccomp
 Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows:
 mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,
-iopl, ioperm, swapon, swapoff, mknode, syslog, process_vm_readv and process_vm_writev,
+iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev,
 sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.
 .br
author	netblue30 <netblue30@yahoo.com>	2015-08-16 15:43:50 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-08-16 15:43:50 -0400
commit	3bfb00f627f5d4ff6879d886165fb751868527b0 (patch)
tree	85d57bb0b7487af3637936a82a4115b9d0c11341 /src/man
parent	moved warning under --debug option (diff)
download	firejail-3bfb00f627f5d4ff6879d886165fb751868527b0.tar.gz firejail-3bfb00f627f5d4ff6879d886165fb751868527b0.tar.zst firejail-3bfb00f627f5d4ff6879d886165fb751868527b0.zip

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 4941d8b8b..7be5304c1 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -106,7 +106,7 @@ Whitelist Linux capabilities filter.
106	\f\seccomp	106	\f\seccomp
107	Enable default seccomp filter. The default list is as follows:	107	Enable default seccomp filter. The default list is as follows:
108	mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,	108	mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,
109	iopl, ioperm, swapon, swapoff, mknode, syslog, process_vm_readv and process_vm_writev,	109	iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev,
110	sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.	110	sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.
111	.TP	111	.TP
112	\f\seccomp syscall,syscall,syscall	112	\f\seccomp syscall,syscall,syscall


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 3e399db72..0b7ed1434 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -742,7 +742,7 @@ $ firejail \-\-net=eth0 \-\-scan
742	\fB\-\-seccomp	742	\fB\-\-seccomp
743	Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows:	743	Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows:
744	mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,	744	mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module,
745	iopl, ioperm, swapon, swapoff, mknode, syslog, process_vm_readv and process_vm_writev,	745	iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev,
746	sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.	746	sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp.
747	.br	747	.br
748		748