1 files changed, 8 insertions, 1 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 39e0dbaf7..4f9f0cba9 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -155,8 +155,15 @@ Define a custom whitelist Linux capabilities filter.
 Example:
 .br
 $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\
-setuid "/etc/init.d/nginx start && sleep inf"
+setuid /etc/init.d/nginx start
+.br
+.br
+A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories
+should be made read-only independently. Making a parent directory read-only, will not
+make the whitelist read-only. Example:
+.br
+$ firejail --whitelist=~/work --read-only=~/ --read-only=~/work
 .TP
 \fB\-\-caps.print=name
 Print the caps filter for the sandbox identified by name.

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 39e0dbaf7..4f9f0cba9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -155,8 +155,15 @@ Define a custom whitelist Linux capabilities filter.
155	Example:	155	Example:
156	.br	156	.br
157	$ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\	157	$ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\
158	setuid "/etc/init.d/nginx start && sleep inf"	158	setuid /etc/init.d/nginx start
		159	.br
159		160
		161	.br
		162	A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories
		163	should be made read-only independently. Making a parent directory read-only, will not
		164	make the whitelist read-only. Example:
		165	.br
		166	$ firejail --whitelist=~/work --read-only=~/ --read-only=~/work
160	.TP	167	.TP
161	\fB\-\-caps.print=name	168	\fB\-\-caps.print=name
162	Print the caps filter for the sandbox identified by name.	169	Print the caps filter for the sandbox identified by name.