diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-10-16 07:17:55 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-10-16 07:17:55 -0400 |
| commit | 83b898c9d7c14e70bb7531fffc56de40d2db4fb8 (patch) | |
| tree | d3b627fefbc898424cf17b81f9f1fa1b4b85954e /src | |
| parent | testing (diff) | |
| download | firejail-83b898c9d7c14e70bb7531fffc56de40d2db4fb8.tar.gz firejail-83b898c9d7c14e70bb7531fffc56de40d2db4fb8.tar.zst firejail-83b898c9d7c14e70bb7531fffc56de40d2db4fb8.zip | |
seccomp testing
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/usage.c | 6 | ||||
| -rw-r--r-- | src/man/firejail.txt | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 096d44765..a9900cf33 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
| @@ -213,7 +213,11 @@ void usage(void) { | |||
| 213 | printf("\t\tfinit_module, delete_module, iopl, ioperm, swapon, swapoff,\n"); | 213 | printf("\t\tfinit_module, delete_module, iopl, ioperm, swapon, swapoff,\n"); |
| 214 | printf("\t\tsyslog, process_vm_readv and process_vm_writev\n"); | 214 | printf("\t\tsyslog, process_vm_readv and process_vm_writev\n"); |
| 215 | printf("\t\tsysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie,\n"); | 215 | printf("\t\tsysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie,\n"); |
| 216 | printf("\t\tperf_event_open, fanotify_init and kcmp.\n\n"); | 216 | printf("\t\tperf_event_open, fanotify_init, kcmp, add_key, request_key,\n"); |
| 217 | printf("\t\tkeyctl, uselib, acct, modify_ldt, pivot_root, io_setup,\n"); | ||
| 218 | printf("\t\tio_destroy, io_getevents, io_submit, io_cancel,\n"); | ||
| 219 | printf("\t\tremap_file_pages, mbind, get_mempolicy, set_mempolicy,\n"); | ||
| 220 | printf("\t\tmigrate_pages, move_pages, vmsplice, and perf_event_open.\n\n"); | ||
| 217 | 221 | ||
| 218 | printf("\t--seccomp=syscall,syscall,syscall - enable seccomp filter, blacklist the\n"); | 222 | printf("\t--seccomp=syscall,syscall,syscall - enable seccomp filter, blacklist the\n"); |
| 219 | printf("\t\tdefault syscall list and the syscalls specified by the command.\n\n"); | 223 | printf("\t\tdefault syscall list and the syscalls specified by the command.\n\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 9d3595d16..ae9d07bb8 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -861,7 +861,11 @@ $ firejail \-\-net=eth0 \-\-scan | |||
| 861 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: | 861 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: |
| 862 | mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module, | 862 | mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module, |
| 863 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev, | 863 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev, |
| 864 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp. | 864 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, |
| 865 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | ||
| 866 | io_destroy, io_getevents, io_submit, io_cancel, | ||
| 867 | remap_file_pages, mbind, get_mempolicy, set_mempolicy, | ||
| 868 | migrate_pages, move_pages, vmsplice, and perf_event_open. | ||
| 865 | .br | 869 | .br |
| 866 | 870 | ||
| 867 | .br | 871 | .br |