1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
.TH FIREMON 1 "MONTH YEAR" "VERSION" "firemon man page"
.SH NAME
Firemon \- Monitoring program for processes started in a Firejail sandbox.
.SH SYNOPSIS
firemon [OPTIONS] [PID]
.SH DESCRIPTION
Firemon monitors programs started in a Firejail sandbox.
Without a PID specified, all processes started by Firejail are monitored. Descendants of
these processes are also being monitored. On Grsecurity systems only root user
can run this program.
.SH OPTIONS
.TP
\fB\-\-apparmor
Print AppArmor confinement status for each sandbox.
.TP
\fB\-\-arp
Print ARP table for each sandbox.
.TP
\fB\-\-caps
Print capabilities configuration for each sandbox.
.TP
\fB\-\-cgroup
Print control group information for each sandbox.
.TP
\fB\-\-cpu
Print CPU affinity for each sandbox.
.TP
\fB\-\-debug
Print debug messages
.TP
\fB\-?\fR, \fB\-\-help\fR
Print options end exit.
.TP
\fB\-\-interface
Print network interface information for each sandbox.
.TP
\fB\-\-list
List all sandboxes.
.TP
\fB\-\-name=name
Print information only about named sandbox.
.TP
\fB\-\-netstats
Monitor network statistics for sandboxes creating a new network namespace.
.TP
\fB\-\-nowrap
Enable line wrapping in terminals. By default the lines are trimmed.
.TP
\fB\-\-route
Print route table for each sandbox.
.TP
\fB\-\-seccomp
Print seccomp configuration for each sandbox.
.TP
\fB\-\-top
Monitor the most CPU-intensive sandboxes. This command is similar to
the regular UNIX top command, however it applies only to sandboxes.
.TP
\fB\-\-tree
Print a tree of all sandboxed processes.
.TP
\fB\-\-version
Print program version and exit.
.TP
\fB\-\-x11
Print X11 display number.
.PP
The format for each listed sandbox entry is as follows:
PID:USER:Sandbox Name:Command
Listed below are the available fields (columns) in various firemon commands in alphabetical order:
.TP
Command
Command used to start the sandbox.
.TP
CPU%
CPU usage, the sandbox share of the elapsed CPU time since the
last screen update
.TP
PID
Unique process ID for the task controlling the sandbox.
.TP
Prcs
Number of processes running in sandbox, including the controlling process.
.TP
RES
Resident Memory Size (KiB), sandbox non-swapped physical memory.
It is a sum of the RES values for all processes running in the sandbox.
.TP
Sandbox Name
The name of the sandbox, if any.
.TP
SHR
Shared Memory Size (KiB), it reflects memory shared with other
processes. It is a sum of the SHR values for all processes running
in the sandbox, including the controlling process.
.TP
Uptime
Sandbox running time in hours:minutes:seconds format.
.TP
USER
The owner of the sandbox.
.SH LICENSE
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
.PP
Homepage: https://firejail.wordpress.com
.SH SEE ALSO
\&\flfirejail\fR\|(1),
\&\flfirecfg\fR\|(1),
\&\flfirejail-profile\fR\|(5),
\&\flfirejail-login\fR\|(5)
\&\flfirejail-users\fR\|(5)
|
