diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 23 |
1 files changed, 21 insertions, 2 deletions
@@ -90,9 +90,28 @@ AUDIT | |||
90 | Limitations: audit feature is not implemented for --x11 commands. | 90 | Limitations: audit feature is not implemented for --x11 commands. |
91 | ````` | 91 | ````` |
92 | 92 | ||
93 | ## --private-dev enhancements - work in progress! | 93 | ## --noexec |
94 | ````` | ||
95 | --noexec=dirname_or_filename | ||
96 | Remount directory or file noexec, nodev and nosuid. | ||
97 | |||
98 | Example: | ||
99 | $ firejail --noexec=/tmp | ||
100 | |||
101 | /etc and /var are noexec by default. If there are more than one | ||
102 | mount operation on the path of the file or directory, noexec | ||
103 | should be applied to the last one. Always check if the change | ||
104 | took effect inside the sandbox. | ||
105 | ````` | ||
94 | 106 | ||
95 | The following devices are added to --private-dev list. | 107 | ## --rmenv |
108 | ````` | ||
109 | --rmenv=name | ||
110 | Remove environment variable in the new sandbox. | ||
111 | |||
112 | Example: | ||
113 | $ firejail --rmenv=DBUS_SESSION_BUS_ADDRESS | ||
114 | ````` | ||
96 | 115 | ||
97 | ## Converting profiles to private-bin - work in progress! | 116 | ## Converting profiles to private-bin - work in progress! |
98 | 117 | ||