From fa88b858da3a412c0111185fc0576fc9ad3c4be3 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Thu, 3 Dec 2015 11:57:07 -0500
Subject: --tracelog

---
 README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 692e689a3..477e59ee0 100644
--- a/README.md
+++ b/README.md
@@ -95,3 +95,19 @@ New profiles introduced in this version: unbound, dnscrypt-proxy
 ### --whitelist
 
 Whitelist command accepts files in user home, /dev, /media, /var, and /tmp directories.
+
+### --tracelog
+
+Tracelog command enables auditing blacklisted files and directories. A message
+is sent to syslog in case the file or the directory is accessed. Example:
+`````
+$ firejail --tracelog firefox
+`````
+Syslog example:
+`````
+$ sudo tail -f /var/log/syslog
+[...]
+Dec  3 11:43:25 debian firejail[70]: blacklist violation - sandbox 26370, exe iceweasel, syscall open64, path /etc/shadow
+Dec  3 11:46:17 debian firejail[70]: blacklist violation - sandbox 26370, exe iceweasel, syscall opendir, path /boot
+[...]
+`````
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf