diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-09-26 10:54:28 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-09-26 10:54:28 -0400 |
| commit | 7c254e3251aa002972af3b379f71b6b49b7f5119 (patch) | |
| tree | 94e5888f5ee4abaa47de5da87b08a66c13bfe47e /src | |
| parent | seccomp testing (diff) | |
| download | firejail-7c254e3251aa002972af3b379f71b6b49b7f5119.tar.gz firejail-7c254e3251aa002972af3b379f71b6b49b7f5119.tar.zst firejail-7c254e3251aa002972af3b379f71b6b49b7f5119.zip | |
seccomp.errno manpage example
Diffstat (limited to 'src')
| -rw-r--r-- | src/man/firejail.txt | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 3f22a1d2a..899005434 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -850,9 +850,22 @@ Enable seccomp filter, and return errno for the syscalls specified by the comman | |||
| 850 | .br | 850 | .br |
| 851 | 851 | ||
| 852 | .br | 852 | .br |
| 853 | Example: | 853 | Example: a Bash shell where deleting files is disabled |
| 854 | .br | ||
| 855 | |||
| 856 | .br | ||
| 857 | $ firejail --seccomp.eperm=unlinkat | ||
| 858 | .br | ||
| 859 | Parent pid 10662, child pid 10663 | ||
| 854 | .br | 860 | .br |
| 855 | $ firejail \-\-shell=none \-\-seccomp.einval=kill kill 1 | 861 | Child process initialized |
| 862 | .br | ||
| 863 | $ touch testfile | ||
| 864 | .br | ||
| 865 | $ rm testfile | ||
| 866 | .br | ||
| 867 | rm: cannot remove `testfile': Operation not permitted | ||
| 868 | |||
| 856 | .TP | 869 | .TP |
| 857 | \fB\-\-seccomp.print=name | 870 | \fB\-\-seccomp.print=name |
| 858 | Print the seccomp filter for the sandbox started using \-\-name option. | 871 | Print the seccomp filter for the sandbox started using \-\-name option. |