diff options
-rw-r--r-- | README.md | 21 | ||||
-rw-r--r-- | RELNOTES | 1 |
2 files changed, 21 insertions, 1 deletions
@@ -283,6 +283,25 @@ INTRUSION DETECTION SYSTEM (IDS) | |||
283 | 283 | ||
284 | ````` | 284 | ````` |
285 | 285 | ||
286 | ### File descriptors | ||
287 | ````` | ||
288 | --keep-fd=all | ||
289 | Inherit all open file descriptors to the sandbox. By default | ||
290 | only file descriptors 0, 1 and 2 are inherited to the sandbox, | ||
291 | and all other file descriptors are closed. | ||
292 | |||
293 | Example: | ||
294 | $ firejail --keep-fd=all | ||
295 | |||
296 | --keep-fd=file_descriptor | ||
297 | Don't close specified open file descriptors. By default only | ||
298 | file descriptors 0, 1 and 2 are inherited to the sandbox, and | ||
299 | all other file descriptors are closed. | ||
300 | |||
301 | Example: | ||
302 | $ firejail --keep-fd=3,4,5 | ||
303 | ````` | ||
304 | |||
286 | ### Deteministic Shutdown | 305 | ### Deteministic Shutdown |
287 | ````` | 306 | ````` |
288 | --deterministic-exit-code | 307 | --deterministic-exit-code |
@@ -298,7 +317,7 @@ INTRUSION DETECTION SYSTEM (IDS) | |||
298 | 317 | ||
299 | ### Network Monitor | 318 | ### Network Monitor |
300 | ````` | 319 | ````` |
301 | --nettrace=name|pid | 320 | --nettrace=name|pid |
302 | Monitor TCP and UDP traffic coming into the sandbox specified by | 321 | Monitor TCP and UDP traffic coming into the sandbox specified by |
303 | name or pid. Only networked sandboxes created with --net are | 322 | name or pid. Only networked sandboxes created with --net are |
304 | supported. | 323 | supported. |
@@ -1,6 +1,7 @@ | |||
1 | firejail (0.9.67) baseline; urgency=low | 1 | firejail (0.9.67) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * exit code: distinguish fatal signals by adding 128 (#4533) | 3 | * exit code: distinguish fatal signals by adding 128 (#4533) |
4 | * close file descriptors greater than 2 (--keep-fd) (#4845) | ||
4 | * intrusion detection system (--ids-init, --ids-check) | 5 | * intrusion detection system (--ids-init, --ids-check) |
5 | * deterministic shutdown (--deterministic-exit-code, | 6 | * deterministic shutdown (--deterministic-exit-code, |
6 | --deterministic-shutdown) (#4635) | 7 | --deterministic-shutdown) (#4635) |