diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-11 08:07:20 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-11 08:07:20 -0500 |
commit | 0e88d053e806b2f2b5589f92683e6ad5f934b09d (patch) | |
tree | ca1af3bbda0d6486519ef344adf80779152b0409 /src/man | |
parent | file transfer options (diff) | |
download | firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.tar.gz firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.tar.zst firejail-0e88d053e806b2f2b5589f92683e6ad5f934b09d.zip |
nosound support in profile files
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 8897efc09..c5de79118 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -223,9 +223,13 @@ Enable seccomp filter and whitelist the system calls in the list. | |||
223 | Use this command to enable an user namespace. The namespace has only one user, the current user. | 223 | Use this command to enable an user namespace. The namespace has only one user, the current user. |
224 | There is no root account (uid 0) defined in the namespace. | 224 | There is no root account (uid 0) defined in the namespace. |
225 | 225 | ||
226 | .SH Resource limits | 226 | .SH Resource limits, CPU affinity, Control Groups |
227 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. | 227 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. |
228 | The limits can be modified inside the sandbox using the regular \fBulimit\fR command. Example: | 228 | The limits can be modified inside the sandbox using the regular \fBulimit\fR command. \fBcpu\fR command |
229 | configures the CPU cores available, and \fBcgroup\fR command | ||
230 | place the sandbox in an existing control group. | ||
231 | |||
232 | Examples: | ||
229 | 233 | ||
230 | .TP | 234 | .TP |
231 | \fBrlimit-fsize 1024 | 235 | \fBrlimit-fsize 1024 |
@@ -239,23 +243,14 @@ Set the maximum number of files that can be opened by a process to 500. | |||
239 | .TP | 243 | .TP |
240 | \fBrlimit-sigpending 200 | 244 | \fBrlimit-sigpending 200 |
241 | Set the maximum number of processes that can be created for the real user ID of the calling process to 200. | 245 | Set the maximum number of processes that can be created for the real user ID of the calling process to 200. |
242 | |||
243 | .SH CPU Affinity | ||
244 | Set the CPU cores available for this sandbox using \fBcpu\fR command. Examples: | ||
245 | |||
246 | .TP | 246 | .TP |
247 | cpu 1,2,3 | 247 | \fBcpu 1,2,3 |
248 | Use only CPU cores 0, 1 and 2. | 248 | Use only CPU cores 0, 1 and 2. |
249 | |||
250 | .TP | 249 | .TP |
251 | nice -5 | 250 | \fBnice -5 |
252 | Set a nice value of -5 to all processes running inside the sandbox. | 251 | Set a nice value of -5 to all processes running inside the sandbox. |
253 | |||
254 | .SH Control Groups | ||
255 | Place the sandbox in an existing control group specified by the full path of the task file using \fBcgroup\fR. Example: | ||
256 | |||
257 | .TP | 252 | .TP |
258 | cgroup /sys/fs/cgroup/g1/tasks | 253 | \fBcgroup /sys/fs/cgroup/g1/tasks |
259 | The sandbox is placed in g1 control group. | 254 | The sandbox is placed in g1 control group. |
260 | 255 | ||
261 | .SH User Environment | 256 | .SH User Environment |
@@ -286,6 +281,9 @@ Run the program directly, without a shell. | |||
286 | .TP | 281 | .TP |
287 | \fBipc-namespace | 282 | \fBipc-namespace |
288 | Enable IPC namespace. | 283 | Enable IPC namespace. |
284 | .TP | ||
285 | \fBnosound | ||
286 | Disable sound system. | ||
289 | .SH Networking | 287 | .SH Networking |
290 | Networking features available in profile files. | 288 | Networking features available in profile files. |
291 | 289 | ||