diff options
| author |  Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 13:54:28 +0300 |
|---|---|---|
| committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 14:01:37 +0300 |
| commit | 85bb547e4054ab147d393bf437998ad76043783a (patch) | |
| tree | f18a85f2767fedf3d9b5b1fa3b3996c8cc027a9c /src/man | |
| parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
| download | firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.gz firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.zst firejail-85bb547e4054ab147d393bf437998ad76043783a.zip | |
Postpone installation of seccomp filters just before execve
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/firejail.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e9b27f9e4..89b815e02 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -1687,7 +1687,7 @@ rm: cannot remove `testfile': Operation not permitted | |||
| 1687 | \fB\-\-seccomp.keep=syscall,syscall,syscall | 1687 | \fB\-\-seccomp.keep=syscall,syscall,syscall |
| 1688 | Enable seccomp filter, and whitelist the syscalls specified by the | 1688 | Enable seccomp filter, and whitelist the syscalls specified by the |
| 1689 | command. The system calls needed by Firejail (group @default-keep: | 1689 | command. The system calls needed by Firejail (group @default-keep: |
| 1690 | dup, prctl, setgid, setgroups, setuid) are always whitelisted. | 1690 | prctl, execve) are handled with the preload library. |
| 1691 | .br | 1691 | .br |
| 1692 | 1692 | ||
| 1693 | .br | 1693 | .br |