From 95544a17fac7e5fb2b0eabe3d96305813fc96a1b Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 13 Jun 2022 09:26:37 -0400 Subject: more on disable cgroups --- src/man/firejail-profile.txt | 8 ++------ src/man/firejail.txt | 15 +++------------ src/man/firemon.txt | 3 --- 3 files changed, 5 insertions(+), 21 deletions(-) (limited to 'src/man') diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 0fe434fac..5c8b6031d 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -683,17 +683,13 @@ ignore dbus-user.talk org.freedesktop.Notifications .br [...] #endif -.SH Resource limits, CPU affinity, Control Groups +.SH Resource limits, CPU affinity These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. The limits can be modified inside the sandbox using the regular \fBulimit\fR command. \fBcpu\fR command -configures the CPU cores available, and \fBcgroup\fR command -place the sandbox in an existing control group. +configures the CPU cores available. Examples: -.TP -\fBcgroup /sys/fs/cgroup/g1/tasks -The sandbox is placed in g1 control group. .TP \fBcpu 0,1,2 Use only CPU cores 0, 1 and 2. diff --git a/src/man/firejail.txt b/src/man/firejail.txt index a18b53fea..c2c0bc297 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -289,15 +289,6 @@ $ firejail \-\-caps.print=3272 \fB\-\-cat=name|pid filename Print content of file from sandbox container, see FILE TRANSFER section for more details. #endif -.TP -\fB\-\-cgroup=file -Place the sandbox in the specified control group. file is the full path of a tasks or cgroup.procs file. -.br - -.br -Example: -.br -# firejail \-\-cgroup=/sys/fs/cgroup/g1/tasks #ifdef HAVE_CHROOT .TP \fB\-\-chroot=dirname @@ -994,7 +985,7 @@ $ firejail \-\-ipc-namespace firefox Join the sandbox identified by name or by PID. By default a /bin/bash shell is started after joining the sandbox. If a program is specified, the program is run in the sandbox. If \-\-join command is issued as a regular user, all security filters are configured for the new process the same they are configured in the sandbox. -If \-\-join command is issued as root, the security filters, cgroups and cpus configurations are not applied +If \-\-join command is issued as root, the security filters and cpus configurations are not applied to the process joining the sandbox. .br @@ -1019,13 +1010,13 @@ $ firejail \-\-join=3272 \fB\-\-join-filesystem=name|pid Join the mount namespace of the sandbox identified by name or PID. By default a /bin/bash shell is started after joining the sandbox. If a program is specified, the program is run in the sandbox. This command is available only to root user. -Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. +Security filters and cpus configurations are not applied to the process joining the sandbox. #ifdef HAVE_NETWORK .TP \fB\-\-join-network=name|pid Join the network namespace of the sandbox identified by name. By default a /bin/bash shell is started after joining the sandbox. If a program is specified, the program is run in the sandbox. This command is available only to root user. -Security filters, cgroups and cpus configurations are not applied to the process joining the sandbox. Example: +Security filters and cpus configurations are not applied to the process joining the sandbox. Example: .br .br diff --git a/src/man/firemon.txt b/src/man/firemon.txt index c4e6e15b3..fd58a7168 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt @@ -21,9 +21,6 @@ Print ARP table for each sandbox. \fB\-\-caps Print capabilities configuration for each sandbox. .TP -\fB\-\-cgroup -Print control group information for each sandbox. -.TP \fB\-\-cpu Print CPU affinity for each sandbox. .TP -- cgit v1.2.3-70-g09d2