diff options
author | netblue30 <netblue30@protonmail.com> | 2022-06-13 09:26:37 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2022-06-13 09:26:37 -0400 |
commit | 95544a17fac7e5fb2b0eabe3d96305813fc96a1b (patch) | |
tree | ca0259eb8523de487c297f2a14e23f87d512b17d /src/man | |
parent | disable cgroup code (diff) | |
download | firejail-95544a17fac7e5fb2b0eabe3d96305813fc96a1b.tar.gz firejail-95544a17fac7e5fb2b0eabe3d96305813fc96a1b.tar.zst firejail-95544a17fac7e5fb2b0eabe3d96305813fc96a1b.zip |
more on disable cgroups
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 8 | ||||
-rw-r--r-- | src/man/firejail.txt | 15 | ||||
-rw-r--r-- | src/man/firemon.txt | 3 |
3 files changed, 5 insertions, 21 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 0fe434fac..5c8b6031d 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -683,18 +683,14 @@ ignore dbus-user.talk org.freedesktop.Notifications | |||
683 | .br | 683 | .br |
684 | [...] | 684 | [...] |
685 | #endif | 685 | #endif |
686 | .SH Resource limits, CPU affinity, Control Groups | 686 | .SH Resource limits, CPU affinity |
687 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. | 687 | These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. |
688 | The limits can be modified inside the sandbox using the regular \fBulimit\fR command. \fBcpu\fR command | 688 | The limits can be modified inside the sandbox using the regular \fBulimit\fR command. \fBcpu\fR command |
689 | configures the CPU cores available, and \fBcgroup\fR command | 689 | configures the CPU cores available. |
690 | place the sandbox in an existing control group. | ||
691 | 690 | ||
692 | Examples: | 691 | Examples: |
693 | 692 | ||
694 | .TP | 693 | .TP |
695 | \fBcgroup /sys/fs/cgroup/g1/tasks | ||
696 | The sandbox is placed in g1 control group. | ||
697 | .TP | ||
698 | \fBcpu 0,1,2 | 694 | \fBcpu 0,1,2 |
699 | Use only CPU cores 0, 1 and 2. | 695 | Use only CPU cores 0, 1 and 2. |
700 | .TP | 696 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index a18b53fea..c2c0bc297 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -289,15 +289,6 @@ $ firejail \-\-caps.print=3272 | |||
289 | \fB\-\-cat=name|pid filename | 289 | \fB\-\-cat=name|pid filename |
290 | Print content of file from sandbox container, see FILE TRANSFER section for more details. | 290 | Print content of file from sandbox container, see FILE TRANSFER section for more details. |
291 | #endif | 291 | #endif |
292 | .TP | ||
293 | \fB\-\-cgroup=file | ||
294 | Place the sandbox in the specified control group. file is the full path of a tasks or cgroup.procs file. | ||
295 | .br | ||
296 | |||
297 | .br | ||
298 | Example: | ||
299 | .br | ||
300 | # firejail \-\-cgroup=/sys/fs/cgroup/g1/tasks | ||
301 | #ifdef HAVE_CHROOT | 292 | #ifdef HAVE_CHROOT |
302 | .TP | 293 | .TP |
303 | \fB\-\-chroot=dirname | 294 | \fB\-\-chroot=dirname |
@@ -994,7 +985,7 @@ $ firejail \-\-ipc-namespace firefox | |||
994 | Join the sandbox identified by name or by PID. By default a /bin/bash shell is started after joining the sandbox. | 985 | Join the sandbox identified by name or by PID. By default a /bin/bash shell is started after joining the sandbox. |
995 | If a program is specified, the program is run in the sandbox. If \-\-join command is issued as a regular user, | 986 | If a program is specified, the program is run in the sandbox. If \-\-join command is issued as a regular user, |
996 | all security filters are configured for the new process the same they are configured in the sandbox. | 987 | all security filters are configured for the new process the same they are configured in the sandbox. |
997 | If \-\-join command is issued as root, the security filters, cgroups and cpus configurations are not applied | 988 | If \-\-join command is issued as root, the security filters and cpus configurations are not applied |
998 | to the process joining the sandbox. | 989 | to the process joining the sandbox. |
999 | .br | 990 | .br |
1000 | 991 | ||
@@ -1019,13 +1010,13 @@ $ firejail \-\-join=3272 | |||
1019 | \fB\-\-join-filesystem=name|pid | 1010 | \fB\-\-join-filesystem=name|pid |
1020 | Join the mount namespace of the sandbox identified by name or PID. By default a /bin/bash shell is started after joining the sandbox. | 1011 | Join the mount namespace of the sandbox identified by name or PID. By default a /bin/bash shell is started after joining the sandbox. |
1021 | If a program is specified, the program is run in the sandbox. This command is available only to root user. | 1012 | If a program is specified, the program is run in the sandbox. This command is available only to root user. |
1022 | Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. | 1013 | Security filters and cpus configurations are not applied to the process joining the sandbox. |
1023 | #ifdef HAVE_NETWORK | 1014 | #ifdef HAVE_NETWORK |
1024 | .TP | 1015 | .TP |
1025 | \fB\-\-join-network=name|pid | 1016 | \fB\-\-join-network=name|pid |
1026 | Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. | 1017 | Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. |
1027 | If a program is specified, the program is run in the sandbox. This command is available only to root user. | 1018 | If a program is specified, the program is run in the sandbox. This command is available only to root user. |
1028 | Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. Example: | 1019 | Security filters and cpus configurations are not applied to the process joining the sandbox. Example: |
1029 | .br | 1020 | .br |
1030 | 1021 | ||
1031 | .br | 1022 | .br |
diff --git a/src/man/firemon.txt b/src/man/firemon.txt index c4e6e15b3..fd58a7168 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt | |||
@@ -21,9 +21,6 @@ Print ARP table for each sandbox. | |||
21 | \fB\-\-caps | 21 | \fB\-\-caps |
22 | Print capabilities configuration for each sandbox. | 22 | Print capabilities configuration for each sandbox. |
23 | .TP | 23 | .TP |
24 | \fB\-\-cgroup | ||
25 | Print control group information for each sandbox. | ||
26 | .TP | ||
27 | \fB\-\-cpu | 24 | \fB\-\-cpu |
28 | Print CPU affinity for each sandbox. | 25 | Print CPU affinity for each sandbox. |
29 | .TP | 26 | .TP |