diff options
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index e962e18da..3dd339d94 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -343,6 +343,18 @@ closed. | |||
343 | .TP | 343 | .TP |
344 | \fBprivate directory | 344 | \fBprivate directory |
345 | Use directory as user home. | 345 | Use directory as user home. |
346 | --private and --private=directory cannot be used together. | ||
347 | .br | ||
348 | |||
349 | .br | ||
350 | Bug: Even with this enabled, some commands (such as mkdir, mkfile and | ||
351 | private-cache) will still operate on the original home directory. | ||
352 | Workaround: Disable the incompatible commands, such as by using "ignore mkdir" | ||
353 | and "ignore mkfile". | ||
354 | For details, see | ||
355 | .UR https://github.com/netblue30/firejail/issues/903 | ||
356 | #903 | ||
357 | .UE | ||
346 | .TP | 358 | .TP |
347 | \fBprivate-bin file,file | 359 | \fBprivate-bin file,file |
348 | Build a new /bin in a temporary filesystem, and copy the programs in the list. | 360 | Build a new /bin in a temporary filesystem, and copy the programs in the list. |
@@ -505,7 +517,7 @@ There is no root account (uid 0) defined in the namespace. | |||
505 | Enable protocol filter. The filter is based on seccomp and checks the | 517 | Enable protocol filter. The filter is based on seccomp and checks the |
506 | first argument to socket system call. Recognized values: \fBunix\fR, | 518 | first argument to socket system call. Recognized values: \fBunix\fR, |
507 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR, and \fBbluetooth\fR. | 519 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR, and \fBbluetooth\fR. |
508 | Multiple protocol commands are allowed. | 520 | Multiple protocol commands are allowed and they accumulate. |
509 | .TP | 521 | .TP |
510 | \fBseccomp | 522 | \fBseccomp |
511 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. | 523 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. |