diff options
author | Drew DeVault <sir@cmpwn.com> | 2016-12-02 10:32:08 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2016-12-02 10:32:08 -0500 |
commit | 0c8dc0e6dfbd9272bc22b5476259cd68a1fab35c (patch) | |
tree | 86f902be50c41fde4459bdf2bfd61b3ade1099e5 | |
parent | Soften up environment security (diff) | |
download | sway-0c8dc0e6dfbd9272bc22b5476259cd68a1fab35c.tar.gz sway-0c8dc0e6dfbd9272bc22b5476259cd68a1fab35c.tar.zst sway-0c8dc0e6dfbd9272bc22b5476259cd68a1fab35c.zip |
Clarify that executable has to be a full path
-rw-r--r-- | sway/sway-security.7.txt | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sway/sway-security.7.txt b/sway/sway-security.7.txt index ec11f10b..a1ed9e32 100644 --- a/sway/sway-security.7.txt +++ b/sway/sway-security.7.txt | |||
@@ -104,11 +104,13 @@ access: | |||
104 | 104 | ||
105 | **permit** <executable> <features...>:: | 105 | **permit** <executable> <features...>:: |
106 | Permits <executable> to use <features> (each feature seperated by a space). | 106 | Permits <executable> to use <features> (each feature seperated by a space). |
107 | <executable> may be * to affect the default policy. | 107 | <executable> may be * to affect the default policy, or the full path to the |
108 | executable file. | ||
108 | 109 | ||
109 | **reject** <executable> <features...>:: | 110 | **reject** <executable> <features...>:: |
110 | Disallows <executable> from using <features> (each feature seperated by a space). | 111 | Disallows <executable> from using <features> (each feature seperated by a space). |
111 | <executable> may be * to affect the default policy. | 112 | <executable> may be * to affect the default policy, or the full path to the |
113 | executable file. | ||
112 | 114 | ||
113 | Note that policy enforcement requires procfs to be mounted at /proc and the sway | 115 | Note that policy enforcement requires procfs to be mounted at /proc and the sway |
114 | process to be able to access _/proc/[pid]/exe_ (see **procfs(5)** for details on | 116 | process to be able to access _/proc/[pid]/exe_ (see **procfs(5)** for details on |