diff options
-rw-r--r-- | README.md | 24 | ||||
-rw-r--r-- | RELNOTES | 3 |
2 files changed, 26 insertions, 1 deletions
@@ -171,7 +171,7 @@ shell none | |||
171 | $ | 171 | $ |
172 | ````` | 172 | ````` |
173 | 173 | ||
174 | ## New command line options | 174 | ## New command line and profile options |
175 | ````` | 175 | ````` |
176 | --writable-run-user | 176 | --writable-run-user |
177 | This options disables the default blacklisting of | 177 | This options disables the default blacklisting of |
@@ -179,6 +179,28 @@ $ | |||
179 | 179 | ||
180 | Example: | 180 | Example: |
181 | $ sudo firejail --writable-run-user | 181 | $ sudo firejail --writable-run-user |
182 | |||
183 | --rlimit-as=number | ||
184 | Set the maximum size of the process's virtual memory (address | ||
185 | space) in bytes. | ||
186 | |||
187 | --rlimit-cpu=number | ||
188 | Set the maximum limit, in seconds, for the amount of CPU time | ||
189 | each sandboxed process can consume. When the limit is reached, | ||
190 | the processes are killed. | ||
191 | |||
192 | The CPU limit is a limit on CPU seconds rather than elapsed | ||
193 | time. CPU seconds is basically how many seconds the CPU has | ||
194 | been in use and does not necessarily directly relate to the | ||
195 | elapsed time. Linux kernel keeps track of CPU seconds for each | ||
196 | process independently. | ||
197 | |||
198 | --timeout=hh:mm:ss | ||
199 | Kill the sandbox automatically after the time has elapsed. The | ||
200 | time is specified in hours/minutes/seconds format. | ||
201 | |||
202 | $ firejail --timeout=01:30:00 firefox | ||
203 | |||
182 | ````` | 204 | ````` |
183 | 205 | ||
184 | ## New profiles: | 206 | ## New profiles: |
@@ -17,6 +17,9 @@ firejail (0.9.51) baseline; urgency=low | |||
17 | atril, mate-color-select, tar, file, strings, gpicview, | 17 | atril, mate-color-select, tar, file, strings, gpicview, |
18 | eom, eog, gedit, pluma | 18 | eom, eog, gedit, pluma |
19 | * feature: --writable-run-user | 19 | * feature: --writable-run-user |
20 | * feature: --rlimit-as | ||
21 | * feature: --rlimit-cpu | ||
22 | * feature: --timeout | ||
20 | * feature: profile build tool (--build) | 23 | * feature: profile build tool (--build) |
21 | * new profiles: upstreamed many profiles from the following sources: | 24 | * new profiles: upstreamed many profiles from the following sources: |
22 | https://github.com/chiraag-nataraj/firejail-profiles, | 25 | https://github.com/chiraag-nataraj/firejail-profiles, |