diff options
Diffstat (limited to 'src/man/firejail.txt')
| -rw-r--r-- | src/man/firejail.txt | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2e410061d..d8fed1f31 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -1602,20 +1602,16 @@ $ firejail \-\-net=eth0 \-\-scan | |||
| 1602 | .TP | 1602 | .TP |
| 1603 | \fB\-\-seccomp | 1603 | \fB\-\-seccomp |
| 1604 | Enable seccomp filter and blacklist the syscalls in the default list (@default). The default list is as follows: | 1604 | Enable seccomp filter and blacklist the syscalls in the default list (@default). The default list is as follows: |
| 1605 | mount, umount2, ptrace, kexec_load, kexec_file_load, name_to_handle_at, open_by_handle_at, create_module, init_module, finit_module, delete_module, | 1605 | _sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime, |
| 1606 | iopl, ioperm, ioprio_set, swapon, swapoff, syslog, process_vm_readv, process_vm_writev, | 1606 | create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module, |
| 1607 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, | 1607 | io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load, |
| 1608 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | 1608 | kexec_load, keyctl, lock, lookup_dcookie, mbind, mfsservctl, migrate_pages, modify_ldt, mount, move_pages, mpx, |
| 1609 | io_destroy, io_getevents, io_submit, io_cancel, | 1609 | name_to_handle_at, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open, |
| 1610 | remap_file_pages, mbind, set_mempolicy, | 1610 | personality, pivot_root, process_vm_readv, process_vm_writev, process_vm_writev, prof, profil, ptrace, putpmsg, |
| 1611 | migrate_pages, move_pages, vmsplice, chroot, | 1611 | query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr, |
| 1612 | tuxcall, reboot, mfsservctl, get_kernel_syms, | 1612 | security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot, |
| 1613 | bpf, clock_settime, personality, process_vm_writev, query_module, | 1613 | swapoff, swapon, switch_endian, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup, |
| 1614 | settimeofday, stime, umount, userfaultfd, ustat, vm86, vm86old, | 1614 | vm86, vm86old, vmsplice and vserver. |
| 1615 | afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, | ||
| 1616 | pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, | ||
| 1617 | security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, | ||
| 1618 | ulimit, vhangup and vserver. | ||
| 1619 | 1615 | ||
| 1620 | .br | 1616 | .br |
| 1621 | To help creating useful seccomp filters more easily, the following | 1617 | To help creating useful seccomp filters more easily, the following |
| @@ -1698,7 +1694,7 @@ Bad system call | |||
| 1698 | .br | 1694 | .br |
| 1699 | 1695 | ||
| 1700 | .TP | 1696 | .TP |
| 1701 | \fB\-\-seccomp.block_secondary | 1697 | \fB\-\-seccomp.block-secondary |
| 1702 | Enable seccomp filter and filter system call architectures so that | 1698 | Enable seccomp filter and filter system call architectures so that |
| 1703 | only the native architecture is allowed. For example, on amd64, i386 | 1699 | only the native architecture is allowed. For example, on amd64, i386 |
| 1704 | and x32 system calls are blocked as well as changing the execution | 1700 | and x32 system calls are blocked as well as changing the execution |