From bb18e513ae92ebf78529bfbb89f33986b57240aa Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 30 May 2019 09:08:54 -0400 Subject: [PATCH] merge update man pages (private-dev, noexec) --- src/man/firejail-profile.txt | 5 +++-- src/man/firejail.txt | 6 +++--- status | 8 ++++---- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 92e95f165..36db61ed1 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -210,8 +210,9 @@ Mount an empty temporary filesystem on top of the .cache directory in user home. modifications are discarded when the sandbox is closed. .TP \fBprivate-dev -Create a new /dev directory. Only disc, dri, null, full, zero, tty, pts, ptmx, -random, snd, urandom, video, log and shm devices are available. +Create a new /dev directory. Only disc, dri, dvb, hidraw, null, full, zero, tty, pts, ptmx, +random, snd, urandom, video, log, shm and usb devices are available. +Use the options no3d, nodvd, nosound, notv, nou2f and novideo for additional restrictions. .TP \fBkeep-dev-shm /dev/shm directory is untouched (even with private-dev). diff --git a/src/man/firejail.txt b/src/man/firejail.txt index b8f8a22e9..fd1d4a6be 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1038,8 +1038,7 @@ $ firejail \-\-noexec=/tmp .br .br -/etc and /var are noexec by default if the sandbox was started as a regular user. If there are more than one mount operation -on the path of the file or directory, noexec should be applied to the last one. Always check if the change took effect inside the sandbox. +/etc and /var are noexec by default if the sandbox was started as a regular user. .TP \fB\-\-nogroups @@ -1215,7 +1214,8 @@ $ firejail \-\-private-cache openbox .TP \fB\-\-private-dev -Create a new /dev directory. Only disc, dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. +Create a new /dev directory. Only disc, dri, dvb, hidraw, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log, shm and usb devices are available. +Use the options --no3d, --nodvd, --nosound, --notv, --nou2f and --novideo for additional restrictions. .br .br diff --git a/status b/status index dce2452c6..3f1a4e7de 100644 --- a/status +++ b/status @@ -1,15 +1,15 @@ -un 29 test: +Jun 29 test: TESTING: tar TESTING ERROR 4.2 TESTING: DNS (test/environment/dns.exp) netblue@debian:~/work/github/LTSbase/test/environment$ TESTING ERROR 1.2 -todo May 23: add header guard to firecfg.h -todo May 18: man pages: add FIREJAIL_QUIET +May 23: add header guard to firecfg.h +May 18: man pages: add FIREJAIL_QUIET todo May 17: Merge pull request #2688 from laomaiweng/nodbus-enhancements todo May 17: Merge pull request #2701 from smitsohu/opath - bring back support for Centos6 -todo May 4: update man pages (private-dev, noexec) +May 4: update man pages (private-dev, noexec) todo April 21: typo todo April 20: typo and merges todo Mar 23: mount runtime seccomp files read-only