diff options
Diffstat (limited to 'src/firejail/usage.c')
-rw-r--r-- | src/firejail/usage.c | 27 |
1 files changed, 2 insertions, 25 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 52d9bbe7e..c08ec18a0 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -185,31 +185,6 @@ void usage(void) { | |||
185 | printf("\t$HOME/.firejail/<NAME> directory. (OverlayFS support is required in\n"); | 185 | printf("\t$HOME/.firejail/<NAME> directory. (OverlayFS support is required in\n"); |
186 | printf("\tLinux kernel for this option to work). \n\n"); | 186 | printf("\tLinux kernel for this option to work). \n\n"); |
187 | 187 | ||
188 | #if 0 // disabled for now, it could be used to overwrite system directories | ||
189 | printf(" --overlay-path=path - mount a filesystem overlay on top of the current\n"); | ||
190 | printf("\tfilesystem. The upper filesystem layer is persistent, and stored in\n"); | ||
191 | printf("\tthe specified path. (OverlayFS support is required in Linux kernel for\n"); | ||
192 | printf("\tthis option to work). \n\n"); | ||
193 | |||
194 | .TP | ||
195 | \fB\-\-overlay-path=path | ||
196 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, | ||
197 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | ||
198 | The overlay is stored in the specified path. The created overlay can be reused between multiple sessions. | ||
199 | .br | ||
200 | |||
201 | .br | ||
202 | OverlayFS support is required in Linux kernel for this option to work. | ||
203 | OverlayFS was officially introduced in Linux kernel version 3.18. | ||
204 | This option is not available on Grsecurity systems. | ||
205 | .br | ||
206 | |||
207 | .br | ||
208 | Example: | ||
209 | .br | ||
210 | $ firejail \-\-overlay-path=~/jails/jail1 firefox | ||
211 | #endif | ||
212 | |||
213 | printf(" --overlay-tmpfs - mount a filesystem overlay on top of the current\n"); | 188 | printf(" --overlay-tmpfs - mount a filesystem overlay on top of the current\n"); |
214 | printf("\tfilesystem. The upper layer is stored in a tmpfs filesystem,\n"); | 189 | printf("\tfilesystem. The upper layer is stored in a tmpfs filesystem,\n"); |
215 | printf("\tand it is discarded when the sandbox is closed. (OverlayFS\n"); | 190 | printf("\tand it is discarded when the sandbox is closed. (OverlayFS\n"); |
@@ -246,6 +221,8 @@ $ firejail \-\-overlay-path=~/jails/jail1 firefox | |||
246 | printf(" --protocol.print=name|pid - print the protocol filter for the sandbox\n"); | 221 | printf(" --protocol.print=name|pid - print the protocol filter for the sandbox\n"); |
247 | printf("\tidentified by name or PID.\n\n"); | 222 | printf("\tidentified by name or PID.\n\n"); |
248 | 223 | ||
224 | printf(" --put=name|pid src-filename dest-filename - put a file in sandbox container.\n\n"); | ||
225 | |||
249 | printf(" --quiet - turn off Firejail's output.\n\n"); | 226 | printf(" --quiet - turn off Firejail's output.\n\n"); |
250 | printf(" --read-only=dirname_or_filename - set directory or file read-only..\n\n"); | 227 | printf(" --read-only=dirname_or_filename - set directory or file read-only..\n\n"); |
251 | printf(" --read-write=dirname_or_filename - set directory or file read-write..\n\n"); | 228 | printf(" --read-write=dirname_or_filename - set directory or file read-write..\n\n"); |