From 0421623058694cb15d1b857f67f21e683e2aab55 Mon Sep 17 00:00:00 2001
From: startx2017 <vradu.startx@yandex.com>
Date: Thu, 3 Sep 2020 16:02:14 -0400
Subject: manpages: configuration for user namespace, x11

---
 src/man/firejail-profile.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/man/firejail-profile.txt')

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 283b4ba15..bc8067f91 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -401,10 +401,12 @@ Sets the NO_NEW_PRIVS prctl.  This ensures that child processes
 cannot acquire new privileges using execve(2);  in particular,
 this means that calling a suid binary (or one with file capabilities)
 does not result in an increase of privilege.
+#ifdef HAVE_USERNS
 .TP
 \fBnoroot
 Use this command  to enable an user namespace. The namespace has only one user, the current user.
 There is no root account (uid 0) defined in the namespace.
+#endif
 .TP
 \fBprotocol protocol1,protocol2,protocol3
 Enable protocol filter. The filter is based on seccomp and  checks the
@@ -443,6 +445,7 @@ Enable seccomp filter and whitelist the system calls in the list for 32 bit syst
 Return a different error instead of EPERM to the process, kill it when
 an attempt is made to call a blocked system call, or allow but log the
 attempt.
+#ifdef HAVE_X11
 .TP
 \fBx11
 Enable X11 sandboxing.
@@ -476,7 +479,7 @@ Example:
 xephyr-screen 640x480
 .br
 x11 xephyr
-
+#endif
 .SH DBus filtering
 
 Access to the session and system DBus UNIX sockets can be allowed, filtered or
-- 
cgit v1.2.3-70-g09d2