github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

bringing back whitelisting /dev

Browse source
This commit is contained in:
netblue30 2023-01-14 10:41:08 -05:00
parent 7902594e7a
commit ecb408418f
2 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
RELNOTES
View file

@ -25,7 +25,6 @@ firejail (0.9.72) baseline; urgency=low
* modif: disabled tracelog by default in /etc/firejail/firejail.config
(#5190)
* modif: removed grsecurity support
* modif: disabled whitelisting for /dev directory
* bugfix: Flood of seccomp audit log entries (#5207)
* bugfix: --netlock does not work (Error: no valid sandbox) (#5312)
* bugfix: Remove invalid --profile-path from --help (#5585 #5586)

4
src/man/firejail.txt
View file

@ -3040,7 +3040,7 @@ $ firejail \-\-net=br0 --veth-name=if0
Whitelist directory or file. A temporary file system is mounted on the top directory, and the
whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
everything else is discarded when the sandbox is closed. The top directory can be
all directories in / (except /dev, /proc and /sys), /sys/module, /run/user/$UID, $HOME and
all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and
all directories in /usr.
.br
@ -3064,7 +3064,7 @@ Example:
.br
$ firejail \-\-noprofile \-\-whitelist=~/.mozilla
.br
$ firejail \-\-whitelist=/tmp/.X11-unix
$ firejail \-\-whitelist=/tmp/.X11-unix \-\-whitelist=/dev/null
.br
$ firejail "\-\-whitelist=/home/username/My Virtual Machines"
.br