diff options
author | avoidr <avoidr@users.noreply.github.com> | 2016-05-14 16:17:57 +0200 |
---|---|---|
committer | avoidr <avoidr@users.noreply.github.com> | 2016-05-14 16:17:57 +0200 |
commit | d2433893462007a8ba90f503cf6aaddb3ac56c27 (patch) | |
tree | 3c66a1fd1401453c80a45c592e60a8d07acc183e /src | |
parent | fixes (diff) | |
download | firejail-d2433893462007a8ba90f503cf6aaddb3ac56c27.tar.gz firejail-d2433893462007a8ba90f503cf6aaddb3ac56c27.tar.zst firejail-d2433893462007a8ba90f503cf6aaddb3ac56c27.zip |
update seccomp default list in firejail-profile
Diffstat (limited to 'src')
-rw-r--r-- | src/man/firejail-profile.txt | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 0e9614ab6..8f9eedbd3 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -222,10 +222,15 @@ first argument to socket system call. Recognized values: \fBunix\fR, | |||
222 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR. | 222 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR. |
223 | .TP | 223 | .TP |
224 | \fBseccomp | 224 | \fBseccomp |
225 | Enable default seccomp filter. The default list is as follows: | 225 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: |
226 | mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module, | 226 | mount, umount2, ptrace, kexec_load, kexec_file_load, open_by_handle_at, init_module, finit_module, delete_module, |
227 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev, | 227 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv, process_vm_writev, |
228 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp. | 228 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, |
229 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | ||
230 | io_destroy, io_getevents, io_submit, io_cancel, | ||
231 | remap_file_pages, mbind, get_mempolicy, set_mempolicy, | ||
232 | migrate_pages, move_pages, vmsplice, perf_event_open, chroot, | ||
233 | tuxcall, reboot, mfsservctl and get_kernel_syms. | ||
229 | .TP | 234 | .TP |
230 | \fBseccomp syscall,syscall,syscall | 235 | \fBseccomp syscall,syscall,syscall |
231 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. | 236 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. |