• Home
  • Raw
  • Download

Lines Matching +full:directory +full:- +full:level

3 sandbox \- Run cmd under an SELinux sandbox
6-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X]  \-H homedir \-T tempdir ] [ \-R runuserdir ] [\-I…
10-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X]  \-H homedir \-T tempdir ] [ \-R runuserdir ] [\-I…
16 … descriptors handed to it. It is not allowed to open any other files.  The \-M option will mount a…
19 .I policycoreutils-sandbox 
20 package installed, you can use the \-X option and the \-M option.
21 .B sandbox \-X
22directory and /tmp.  The default SELinux policy does not allow any capabilities or network access.…
24 …d with \-H or \-T the directory will have its context modified with chcon(1) unless a level is spe…
27 \fB\-h\ \fB\-\-help\fR
30 \fB\-H\ \fB\-\-homedir\fR
31 Use alternate homedir to mount over your home directory.  Defaults to temporary. Requires \-X or \-
33 \fB\-i\fR \fB\-\-include\fR
34 Copy this file into the appropriate temporary sandbox directory. Command can be repeated.
36 \fB\-I\fR \fB\-\-includefile\fR
40 \fB\-l\fR \fB\-\-level\fR
41 Specify the MLS/MCS Security Level to run the sandbox with.  Defaults to random.
43 \fB\-M\fR \fB\-\-mount\fR
46 \fB\-s\fR \fB\-\-shred\fR
49 \fB\-t\fR \fB\-\-type\fR
50 Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for \-X.
54 sandbox_t	\-	No X, No Network Access, No Open, read/write on passed in file descriptors.
56 sandbox_min_t	\-	No Network Access
58 sandbox_x_t	\-	Ports for X applications to run locally
60 sandbox_web_t	\-	Ports required for web browsing
62 sandbox_net_t	\-		Network ports (for server software)
64 sandbox_net_client_t	\-	All network ports
67 \fB\-T\fR \fB\-\-tmpdir\fR
68 Use alternate temporary directory to mount on /tmp.  Defaults to tmpfs. Requires \-X or \-M.
70 \fB\-R\fR \fB\-\-runuserdir\fR
71 Use alternate temporary directory to mount on XDG_RUNTIME_DIR (/run/user/$UID).
73 \fB\-S\fR \fB\-\-session\fR
74 Run a full desktop session, Requires level, and home and tmpdir.
76 \fB\-w\fR \fB\-\-windowsize\fR
80 \fB\-W\fR \fB\-\-windowmanager\fR
82 .B sandbox \-X.
85 \fB\-X\fR 
89 \fB\-d\fR \fB\-\-dpi\fR
92 \fB\-C\fR \fB\-\-capabilities\fR Use capabilities within the
94 be allowed to use capabilities (setuid apps), with the \-C flag, you