1 files changed, 13 insertions, 1 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index e962e18da..3dd339d94 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -343,6 +343,18 @@ closed.
 .TP
 \fBprivate directory
 Use directory as user home.
+--private and --private=directory cannot be used together.
+.br
+.br
+Bug: Even with this enabled, some commands (such as mkdir, mkfile and
+private-cache) will still operate on the original home directory.
+Workaround: Disable the incompatible commands, such as by using "ignore mkdir"
+and "ignore mkfile".
+For details, see
+.UR https://github.com/netblue30/firejail/issues/903
+#903
+.UE
 .TP
 \fBprivate-bin file,file
 Build a new /bin in a temporary filesystem, and copy the programs in the list.
@@ -505,7 +517,7 @@ There is no root account (uid 0) defined in the namespace.
 Enable protocol filter. The filter is based on seccomp and checks the
 first argument to socket system call. Recognized values: \fBunix\fR,
 \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR, and \fBbluetooth\fR.
-Multiple protocol commands are allowed.
+Multiple protocol commands are allowed and they accumulate.
 .TP
 \fBseccomp
 Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details.

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index e962e18da..3dd339d94 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -343,6 +343,18 @@ closed.
343	.TP	343	.TP
344	\fBprivate directory	344	\fBprivate directory
345	Use directory as user home.	345	Use directory as user home.
		346	--private and --private=directory cannot be used together.
		347	.br
		348
		349	.br
		350	Bug: Even with this enabled, some commands (such as mkdir, mkfile and
		351	private-cache) will still operate on the original home directory.
		352	Workaround: Disable the incompatible commands, such as by using "ignore mkdir"
		353	and "ignore mkfile".
		354	For details, see
		355	.UR https://github.com/netblue30/firejail/issues/903
		356	#903
		357	.UE
346	.TP	358	.TP
347	\fBprivate-bin file,file	359	\fBprivate-bin file,file
348	Build a new /bin in a temporary filesystem, and copy the programs in the list.	360	Build a new /bin in a temporary filesystem, and copy the programs in the list.
@@ -505,7 +517,7 @@ There is no root account (uid 0) defined in the namespace.
505	Enable protocol filter. The filter is based on seccomp and checks the	517	Enable protocol filter. The filter is based on seccomp and checks the
506	first argument to socket system call. Recognized values: \fBunix\fR,	518	first argument to socket system call. Recognized values: \fBunix\fR,
507	\fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR, and \fBbluetooth\fR.	519	\fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR, and \fBbluetooth\fR.
508	Multiple protocol commands are allowed.	520	Multiple protocol commands are allowed and they accumulate.
509	.TP	521	.TP
510	\fBseccomp	522	\fBseccomp
511	Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details.	523	Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details.