From ea9e77b7ac6059dd4cb63f88133b889897d2b1a3 Mon Sep 17 00:00:00 2001 From: ಚಿರಾಗ್ ನಟರಾಜ್ Date: Mon, 9 Jul 2018 09:06:06 -0400 Subject: Add documentation for keep-dev-shm option --- src/firejail/usage.c | 3 ++- src/man/firejail-profile.txt | 3 +++ src/man/firejail.txt | 10 ++++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/firejail/usage.c b/src/firejail/usage.c index d9ce96f10..804bfb179 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -94,6 +94,7 @@ static char *usage_str = " --join-network=name|pid - join the network namespace.\n" #endif " --join-or-start=name|pid - join the sandbox or start a new one.\n" + " --keep-dev-shm - /dev/shm directory is untouched (even with --private-dev).\n" " --keep-var-tmp - /var/tmp directory is untouched.\n" " --list - list all sandboxes.\n" #ifdef HAVE_FILE_TRANSFER @@ -212,7 +213,7 @@ static char *usage_str = " --top - monitor the most CPU-intensive sandboxes.\n" " --trace - trace open, access and connect system calls.\n" " --tracelog - add a syslog message for every access to files or\n" - "\tdirectoires blacklisted by the security profile.\n" + "\tdirectories blacklisted by the security profile.\n" " --tree - print a tree of all sandboxed processes.\n" " --version - print program version and exit.\n" #ifdef HAVE_NETWORK diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 50455b038..767cf89f4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -233,6 +233,9 @@ The same directory is also bind-mounted over /sbin, /usr/bin and /usr/sbin. Create a new /dev directory. Only disc, dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. .TP +\fBkeep-dev-shm +/dev/shm directory is untouched (even with private-dev). +.TP \fBprivate-etc file,directory Build a new /etc in a temporary filesystem, and copy the files and directories in the list. diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 24d4bbd8c..74a9a9da9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -677,6 +677,16 @@ Same as "firejail --join=name" if sandbox with specified name exists, otherwise .br Note that in contrary to other join options there is respective profile option. +.TP +\fB\-\-keep-dev-shm +/dev/shm directory is untouched (even with --private-dev) +.br + +.br +Example: +.br +$ firejail --keep-dev-shm --private-dev + .TP \fB\-\-keep-var-tmp /var/tmp directory is untouched. -- cgit v1.2.3-54-g00ecf