diff options
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 9af25bf63..511194ff3 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -386,19 +386,31 @@ first argument to socket system call. Recognized values: \fBunix\fR, | |||
386 | \fBseccomp | 386 | \fBseccomp |
387 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. | 387 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. |
388 | .TP | 388 | .TP |
389 | \fBseccomp.32 | ||
390 | Enable seccomp filter and blacklist the syscalls in the default list for 32 bit system calls on a 64 bit architecture system. | ||
391 | .TP | ||
389 | \fBseccomp syscall,syscall,syscall | 392 | \fBseccomp syscall,syscall,syscall |
390 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. | 393 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. |
391 | .TP | 394 | .TP |
395 | \fBseccomp.32 syscall,syscall,syscall | ||
396 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter for 32 bit system calls on a 64 bit architecture system. | ||
397 | .TP | ||
392 | \fBseccomp.block-secondary | 398 | \fBseccomp.block-secondary |
393 | Enable seccomp filter and filter system call architectures | 399 | Enable seccomp filter and filter system call architectures |
394 | so that only the native architecture is allowed. | 400 | so that only the native architecture is allowed. |
395 | .TP | 401 | .TP |
396 | \fBseccomp.drop syscall,syscall,syscall | 402 | \fBseccomp.drop syscall,syscall,syscall |
397 | Enable seccomp filter and blacklist the system calls in the list. | 403 | Enable seccomp filter and blacklist the system calls in the list. |
404 | .TP | ||
405 | \fBseccomp.32.drop syscall,syscall,syscall | ||
406 | Enable seccomp filter and blacklist the system calls in the list for 32 bit system calls on a 64 bit architecture system. | ||
398 | .TP | 407 | .TP |
399 | \fBseccomp.keep syscall,syscall,syscall | 408 | \fBseccomp.keep syscall,syscall,syscall |
400 | Enable seccomp filter and whitelist the system calls in the list. | 409 | Enable seccomp filter and whitelist the system calls in the list. |
401 | .TP | 410 | .TP |
411 | \fBseccomp.32.keep syscall,syscall,syscall | ||
412 | Enable seccomp filter and whitelist the system calls in the list for 32 bit system calls on a 64 bit architecture system. | ||
413 | .TP | ||
402 | \fBx11 | 414 | \fBx11 |
403 | Enable X11 sandboxing. | 415 | Enable X11 sandboxing. |
404 | .TP | 416 | .TP |