diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-21 20:37:54 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-21 20:37:54 -0400 |
commit | 45306ca2adbe0ccfd655ac356cd7a989706a06a1 (patch) | |
tree | 782d163c4ab94884c5235fdcf2f9d2bdce8b3156 /src | |
parent | disable ssh-agent sockets in disable-programs.inc (diff) | |
download | firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.tar.gz firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.tar.zst firejail-45306ca2adbe0ccfd655ac356cd7a989706a06a1.zip |
fixed whitelist description in man pages
Diffstat (limited to 'src')
-rw-r--r-- | src/man/firejail-profile.txt | 12 | ||||
-rw-r--r-- | src/man/firejail.txt | 14 |
2 files changed, 19 insertions, 7 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 637519902..52802755f 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -198,9 +198,15 @@ Mount an empty tmpfs filesystem on top of directory. This option is available on | |||
198 | Blacklist violations logged to syslog. | 198 | Blacklist violations logged to syslog. |
199 | .TP | 199 | .TP |
200 | \fBwhitelist file_or_directory | 200 | \fBwhitelist file_or_directory |
201 | Build a new user home in a temporary filesystem, and mount-bind file_or_directory. | 201 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the |
202 | The modifications to file_or_directory are persistent, everything else is discarded | 202 | whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, |
203 | when the sandbox is closed. | 203 | everything else is discarded when the sandbox is closed. The top directory could be |
204 | user home, /dev, /media, /opt, /var, and /tmp. | ||
205 | .br | ||
206 | |||
207 | .br | ||
208 | Symbolic link handling: with the exception of user home, both the link and the real file should be in | ||
209 | the same top directory. For user home, both the link and the real file should be owned by the user. | ||
204 | .TP | 210 | .TP |
205 | \fBwritable-etc | 211 | \fBwritable-etc |
206 | Mount /etc directory read-write. | 212 | Mount /etc directory read-write. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 732d14624..d08b244f7 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1587,9 +1587,15 @@ $ firejail \-\-version | |||
1587 | firejail version 0.9.27 | 1587 | firejail version 0.9.27 |
1588 | .TP | 1588 | .TP |
1589 | \fB\-\-whitelist=dirname_or_filename | 1589 | \fB\-\-whitelist=dirname_or_filename |
1590 | Whitelist directory or file. This feature is implemented only for user home, /dev, /media, /opt, /var, and /tmp directories. | 1590 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the |
1591 | With the exception of user home, both the link and the real file should be in | 1591 | whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, |
1592 | the same top directory. For /home, both the link and the real file should be owned by the user. | 1592 | everything else is discarded when the sandbox is closed. The top directory could be |
1593 | user home, /dev, /media, /opt, /var, and /tmp. | ||
1594 | .br | ||
1595 | |||
1596 | .br | ||
1597 | Symbolic link handling: with the exception of user home, both the link and the real file should be in | ||
1598 | the same top directory. For user home, both the link and the real file should be owned by the user. | ||
1593 | .br | 1599 | .br |
1594 | 1600 | ||
1595 | .br | 1601 | .br |
@@ -1630,7 +1636,7 @@ applications started in the sandbox from accessing other X11 displays. | |||
1630 | A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket. | 1636 | A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket. |
1631 | .br | 1637 | .br |
1632 | 1638 | ||
1633 | .br | 1639 | br |
1634 | Firejail will try first Xpra, and if Xpra is not installed on the system, it will try to find Xephyr. | 1640 | Firejail will try first Xpra, and if Xpra is not installed on the system, it will try to find Xephyr. |
1635 | This feature is not available when running as root. | 1641 | This feature is not available when running as root. |
1636 | .br | 1642 | .br |