1 files changed, 4 insertions, 3 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 12e841af5..db58e0910 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -420,7 +420,7 @@ Make directory or file read-only.
 Make directory or file read-write.
 .TP
 \fBtmpfs directory
-Mount an empty tmpfs filesystem on top of directory. This option is available only when running the sandbox as root.
+Mount an empty tmpfs filesystem on top of directory. Directories outside user home or not owned by the user are not allowed. Sandboxes running as root are exempt from these restrictions.
 .TP
 \fBtracelog
 Blacklist violations logged to syslog.
@@ -428,8 +428,9 @@ Blacklist violations logged to syslog.
 \fBwhitelist file_or_directory
 Whitelist directory or file. A temporary file system is mounted on the top directory, and the
 whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
-everything else is discarded when the sandbox is closed. The top directory could be
+everything else is discarded when the sandbox is closed. The top directory can be
-user home, /dev, /etc, /media, /mnt, /opt, /srv, /sys/module, /usr/share, /var, and /tmp.
+all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and
+all directories in /usr.
 .br
 .br

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 12e841af5..db58e0910 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -420,7 +420,7 @@ Make directory or file read-only.
420	Make directory or file read-write.	420	Make directory or file read-write.
421	.TP	421	.TP
422	\fBtmpfs directory	422	\fBtmpfs directory
423	Mount an empty tmpfs filesystem on top of directory. This option is available only when running the sandbox as root.	423	Mount an empty tmpfs filesystem on top of directory. Directories outside user home or not owned by the user are not allowed. Sandboxes running as root are exempt from these restrictions.
424	.TP	424	.TP
425	\fBtracelog	425	\fBtracelog
426	Blacklist violations logged to syslog.	426	Blacklist violations logged to syslog.
@@ -428,8 +428,9 @@ Blacklist violations logged to syslog.
428	\fBwhitelist file_or_directory	428	\fBwhitelist file_or_directory
429	Whitelist directory or file. A temporary file system is mounted on the top directory, and the	429	Whitelist directory or file. A temporary file system is mounted on the top directory, and the
430	whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,	430	whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
431	everything else is discarded when the sandbox is closed. The top directory could be	431	everything else is discarded when the sandbox is closed. The top directory can be
432	user home, /dev, /etc, /media, /mnt, /opt, /srv, /sys/module, /usr/share, /var, and /tmp.	432	all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and
		433	all directories in /usr.
433	.br	434	.br
434		435
435	.br	436	.br