From e83af0b1114499ccca03f6680a9e9b2c0e1e9493 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Thu, 26 Nov 2015 07:18:01 -0500
Subject: fixes

---
 src/man/firejail.txt | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/man')

diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 39e0dbaf7..4f9f0cba9 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -155,8 +155,15 @@ Define a custom whitelist Linux capabilities filter.
 Example:
 .br
 $ sudo firejail \-\-caps.keep=chown,net_bind_service,setgid,\\
-setuid "/etc/init.d/nginx start && sleep inf"
+setuid /etc/init.d/nginx start
+.br
 
+.br
+A short note about mixing \-\-whitelist and \-\-read-only options. Whitelisted directories
+should be made read-only independently. Making a parent directory read-only, will not
+make the whitelist read-only. Example:
+.br
+$ firejail --whitelist=~/work --read-only=~/ --read-only=~/work
 .TP
 \fB\-\-caps.print=name
 Print the caps filter for the sandbox identified by name.
-- 
cgit v1.2.3-54-g00ecf