From 00822ba08cf16616473665dac6d1b9240a185872 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 17 Aug 2017 08:32:28 -0400 Subject: memory-deny-write-execute --- src/man/firejail-profile.txt | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/man') diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 5bd4f6ef8..9dafb3c65 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -312,6 +312,11 @@ Enable seccomp filter and blacklist the system calls in the list. \fBseccomp.keep syscall,syscall,syscall Enable seccomp filter and whitelist the system calls in the list. .TP +\fBmemory-deny-write-execute +Install a seccomp filter to block attempts to create memory mappings +that are both writable and executable, to change mappings to be +executable or to create executable shared memory. +.TP \fBnonewprivs Sets the NO_NEW_PRIVS prctl. This ensures that child processes cannot acquire new privileges using execve(2); in particular, -- cgit v1.2.3-70-g09d2