diff options
author | netblue30 <netblue30@yahoo.com> | 2016-05-18 13:22:15 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-05-18 13:22:15 -0400 |
commit | 2a57a24561e3382059e199cac8aa8bba1bab44a0 (patch) | |
tree | af9f0d1afc3ef4551b0bec97983607af6fd267e2 /src | |
parent | 0.9.40 testing (diff) | |
download | firejail-2a57a24561e3382059e199cac8aa8bba1bab44a0.tar.gz firejail-2a57a24561e3382059e199cac8aa8bba1bab44a0.tar.zst firejail-2a57a24561e3382059e199cac8aa8bba1bab44a0.zip |
--read-only fix
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/util.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 16 |
2 files changed, 10 insertions, 8 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index da73bbfd5..3d5fc214d 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -548,7 +548,7 @@ char *expand_home(const char *path, const char* homedir) { | |||
548 | errExit("asprintf"); | 548 | errExit("asprintf"); |
549 | return new_name; | 549 | return new_name; |
550 | } | 550 | } |
551 | else if (strncmp(path, "~/", 2) == 0) { | 551 | else if (*path == '~') { |
552 | if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) | 552 | if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) |
553 | errExit("asprintf"); | 553 | errExit("asprintf"); |
554 | return new_name; | 554 | return new_name; |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 29a84f71e..e3a660286 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -153,14 +153,7 @@ Example: | |||
153 | .br | 153 | .br |
154 | $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ | 154 | $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ |
155 | setuid /etc/init.d/nginx start | 155 | setuid /etc/init.d/nginx start |
156 | .br | ||
157 | 156 | ||
158 | .br | ||
159 | A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories | ||
160 | should be made read-only independently. Making a parent directory read-only, will not | ||
161 | make the whitelist read-only. Example: | ||
162 | .br | ||
163 | $ firejail --whitelist=~/work --read-only=~/ --read-only=~/work | ||
164 | .TP | 157 | .TP |
165 | \fB\-\-caps.print=name|pid | 158 | \fB\-\-caps.print=name|pid |
166 | Print the caps filter for the sandbox identified by name or by PID. | 159 | Print the caps filter for the sandbox identified by name or by PID. |
@@ -1138,6 +1131,15 @@ Set directory or file read-only. | |||
1138 | Example: | 1131 | Example: |
1139 | .br | 1132 | .br |
1140 | $ firejail \-\-read-only=~/.mozilla firefox | 1133 | $ firejail \-\-read-only=~/.mozilla firefox |
1134 | .br | ||
1135 | |||
1136 | .br | ||
1137 | A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories | ||
1138 | should be made read-only independently. Making a parent directory read-only, will not | ||
1139 | make the whitelist read-only. Example: | ||
1140 | .br | ||
1141 | $ firejail --whitelist=~/work --read-only=~/ --read-only=~/work | ||
1142 | |||
1141 | .TP | 1143 | .TP |
1142 | \fB\-\-rlimit-fsize=number | 1144 | \fB\-\-rlimit-fsize=number |
1143 | Set the maximum file size that can be created by a process. | 1145 | Set the maximum file size that can be created by a process. |