From 1c0428dba28299b66380c8c05770d6619383d758 Mon Sep 17 00:00:00 2001
From: The Fox in the Shell <KellerFuchs@hashbang.sh>
Date: Wed, 25 May 2016 14:59:30 +0200
Subject: Add force-nonewprivs setting

---
 src/man/firejail-config.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/man')

diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt
index fcf4109ee..dcede2ec6 100644
--- a/src/man/firejail-config.txt
+++ b/src/man/firejail-config.txt
@@ -48,6 +48,14 @@ Enable or disable user namespace support, default enabled.
 \fBx11
 Enable or disable X11 sandboxing support, default enabled.
 
+.TP
+\fBforce-nonewprivs
+Force use of nonewprivs.  This mitigates the possibility of
+a user abusing firejail's features to trick a privileged (suid
+or file capabilities) process into loading code or configuration
+that is partially under their control.  Default disabled.
+
+
 .TP
 \fBxephyr-screen
 Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for
-- 
cgit v1.2.3-70-g09d2