From 0e88d053e806b2f2b5589f92683e6ad5f934b09d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 11 Mar 2016 08:07:20 -0500 Subject: nosound support in profile files --- src/man/firejail-profile.txt | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) (limited to 'src/man/firejail-profile.txt') diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 8897efc09..c5de79118 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -223,9 +223,13 @@ Enable seccomp filter and whitelist the system calls in the list. Use this command to enable an user namespace. The namespace has only one user, the current user. There is no root account (uid 0) defined in the namespace. -.SH Resource limits +.SH Resource limits, CPU affinity, Control Groups These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. -The limits can be modified inside the sandbox using the regular \fBulimit\fR command. Example: +The limits can be modified inside the sandbox using the regular \fBulimit\fR command. \fBcpu\fR command +configures the CPU cores available, and \fBcgroup\fR command +place the sandbox in an existing control group. + +Examples: .TP \fBrlimit-fsize 1024 @@ -239,23 +243,14 @@ Set the maximum number of files that can be opened by a process to 500. .TP \fBrlimit-sigpending 200 Set the maximum number of processes that can be created for the real user ID of the calling process to 200. - -.SH CPU Affinity -Set the CPU cores available for this sandbox using \fBcpu\fR command. Examples: - .TP -cpu 1,2,3 +\fBcpu 1,2,3 Use only CPU cores 0, 1 and 2. - .TP -nice -5 +\fBnice -5 Set a nice value of -5 to all processes running inside the sandbox. - -.SH Control Groups -Place the sandbox in an existing control group specified by the full path of the task file using \fBcgroup\fR. Example: - .TP -cgroup /sys/fs/cgroup/g1/tasks +\fBcgroup /sys/fs/cgroup/g1/tasks The sandbox is placed in g1 control group. .SH User Environment @@ -286,6 +281,9 @@ Run the program directly, without a shell. .TP \fBipc-namespace Enable IPC namespace. +.TP +\fBnosound +Disable sound system. .SH Networking Networking features available in profile files. -- cgit v1.2.3-70-g09d2