diff options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 39e0dbaf7..4f9f0cba9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -155,8 +155,15 @@ Define a custom whitelist Linux capabilities filter. | |||
155 | Example: | 155 | Example: |
156 | .br | 156 | .br |
157 | $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ | 157 | $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\ |
158 | setuid "/etc/init.d/nginx start && sleep inf" | 158 | setuid /etc/init.d/nginx start |
159 | .br | ||
159 | 160 | ||
161 | .br | ||
162 | A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories | ||
163 | should be made read-only independently. Making a parent directory read-only, will not | ||
164 | make the whitelist read-only. Example: | ||
165 | .br | ||
166 | $ firejail --whitelist=~/work --read-only=~/ --read-only=~/work | ||
160 | .TP | 167 | .TP |
161 | \fB\-\-caps.print=name | 168 | \fB\-\-caps.print=name |
162 | Print the caps filter for the sandbox identified by name. | 169 | Print the caps filter for the sandbox identified by name. |