diff options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-config.txt | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt index 026765f1a..6a66c7f75 100644 --- a/src/man/firejail-config.txt +++ b/src/man/firejail-config.txt | |||
@@ -26,6 +26,13 @@ Enable or disable chroot support, default enabled. | |||
26 | Enable or disable file transfer support, default enabled. | 26 | Enable or disable file transfer support, default enabled. |
27 | 27 | ||
28 | .TP | 28 | .TP |
29 | \fBforce-nonewprivs | ||
30 | Force use of nonewprivs. This mitigates the possibility of | ||
31 | a user abusing firejail's features to trick a privileged (suid | ||
32 | or file capabilities) process into loading code or configuration | ||
33 | that is partially under their control. Default disabled. | ||
34 | |||
35 | .TP | ||
29 | \fBnetwork | 36 | \fBnetwork |
30 | Enable or disable networking features, default enabled. | 37 | Enable or disable networking features, default enabled. |
31 | 38 | ||
@@ -45,16 +52,12 @@ Enable or disable seccomp support, default enabled. | |||
45 | Enable or disable user namespace support, default enabled. | 52 | Enable or disable user namespace support, default enabled. |
46 | 53 | ||
47 | .TP | 54 | .TP |
48 | \fBx11 | 55 | \fBwhitelist |
49 | Enable or disable X11 sandboxing support, default enabled. | 56 | Enable or disable whitelisting support, default enabled. |
50 | 57 | ||
51 | .TP | 58 | .TP |
52 | \fBforce-nonewprivs | 59 | \fBx11 |
53 | Force use of nonewprivs. This mitigates the possibility of | 60 | Enable or disable X11 sandboxing support, default enabled. |
54 | a user abusing firejail's features to trick a privileged (suid | ||
55 | or file capabilities) process into loading code or configuration | ||
56 | that is partially under their control. Default disabled. | ||
57 | |||
58 | 61 | ||
59 | .TP | 62 | .TP |
60 | \fBxephyr-screen | 63 | \fBxephyr-screen |