From 435d739d961cc71406db8114d3040999d096d2fa Mon Sep 17 00:00:00 2001 From: smitsohu Date: Mon, 21 Jun 2021 01:26:17 +0200 Subject: tmpfs option enhancements * downgrade error to warning, smiliar to read-write option; this simplifies use of tmpfs option in general purpose profiles, for example we don't need to worry about links people put in their homedir * update manpage --- src/man/firejail-profile.txt | 2 +- src/man/firejail.txt | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'src/man') diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 6f3bef7f2..db58e0910 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -420,7 +420,7 @@ Make directory or file read-only. Make directory or file read-write. .TP \fBtmpfs directory -Mount an empty tmpfs filesystem on top of directory. This option is available only when running the sandbox as root. +Mount an empty tmpfs filesystem on top of directory. Directories outside user home or not owned by the user are not allowed. Sandboxes running as root are exempt from these restrictions. .TP \fBtracelog Blacklist violations logged to syslog. diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 3212a88e4..4a2e520c5 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -2566,14 +2566,13 @@ Kill the sandbox automatically after the time has elapsed. The time is specified $ firejail \-\-timeout=01:30:00 firefox .TP \fB\-\-tmpfs=dirname -Mount a writable tmpfs filesystem on directory dirname. This option is available only when running the sandbox as root. -File globbing is supported, see \fBFILE GLOBBING\fR section for more details. +Mount a writable tmpfs filesystem on directory dirname. Directories outside user home or not owned by the user are not allowed. Sandboxes running as root are exempt from these restrictions. File globbing is supported, see \fBFILE GLOBBING\fR section for more details. .br .br Example: .br -# firejail \-\-tmpfs=/var +$ firejail \-\-tmpfs=~/.local/share .TP \fB\-\-top Monitor the most CPU-intensive sandboxes, see \fBMONITORING\fR section for more details. -- cgit v1.2.3-70-g09d2