diff options
Diffstat (limited to 'src/man/firejail.txt')
-rw-r--r-- | src/man/firejail.txt | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index cd47800c5..0ce72f845 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1232,6 +1232,34 @@ $ ls /bin | |||
1232 | bash cat ls sed | 1232 | bash cat ls sed |
1233 | 1233 | ||
1234 | .TP | 1234 | .TP |
1235 | \fB\-\-private-lib=file,file | ||
1236 | Build a new /lib in a temporary filesystem. For command to be executed, | ||
1237 | the shell (if \-\-shell=none is not used), and the listed libraries | ||
1238 | find out dynamic libraries and copy them to the /lib directory. | ||
1239 | If no listed file is found, /lib directory will be empty and no programs will be able to execute. | ||
1240 | The same directory is also bind-mounted over /lib64 and /usr/lib. | ||
1241 | All modifications are discarded when the sandbox is closed. | ||
1242 | .br | ||
1243 | |||
1244 | .br | ||
1245 | Example: | ||
1246 | .br | ||
1247 | $ firejail \-\-noprofile \-\-shell=none \-\-private-lib= \-\-private-bin=ls /bin/ls /lib /bin | ||
1248 | .br | ||
1249 | Parent pid 15733, child pid 15734 | ||
1250 | .br | ||
1251 | Child process initialized in 69.61 ms | ||
1252 | .br | ||
1253 | /bin: | ||
1254 | .br | ||
1255 | ls | ||
1256 | .br | ||
1257 | .br | ||
1258 | /lib: | ||
1259 | .br | ||
1260 | ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libpcre.so.3 libpthread.so.0 libselinux.so.1 | ||
1261 | |||
1262 | .TP | ||
1235 | \fB\-\-private-dev | 1263 | \fB\-\-private-dev |
1236 | Create a new /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. | 1264 | Create a new /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. |
1237 | .br | 1265 | .br |