tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_external_selinux/sandbox/seunshare.8
Petr Lautrbach ecfcb1d6a8 sandbox: Use temporary directory for XDG_RUNTIME_DIR 
XDG_RUNTIME_DIR (/run/user/$UID) is used for user-specific data files
such as sockets, named pipes and so on. Therefore, it should not be
available to sandboxed processes.

Usage:
    # ls -a $XDG_RUNTIME_DIR
    .  ..  bus  pipewire-0  systemd
    # sandbox -R /root/sandbox/user -- sh -c "ls -a $XDG_RUNTIME_DIR"
    .  ..

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
2022-11-09 07:49:34 -05:00

43 lines
1.4 KiB
Groff
Raw Blame History

.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
.SH NAME
seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
.SH SYNOPSIS
.B seunshare
[ -v ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
.br
.SH DESCRIPTION
.PP
Run the
.I executable
within the specified context, using the alternate home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to execute the application under the specified SELinux context.
.TP
\fB\-h homedir\fR
Alternate homedir to be used by the application. Homedir must be owned by the user.
.TP
\fB\-t\ tmpdir
Use alternate temporary directory to mount on /tmp. tmpdir must be owned by the user.
.TP
\fB\-r\ runuserdir
Use alternate temporary directory to mount on XDG_RUNTIME_DIR (/run/user/$UID). runuserdir must be owned by the user.
.TP
\fB\-C --capabilities\fR
Allow apps executed within the namespace to use capabilities. Default is no capabilities.
.TP
\fB\-k --kill\fR
Kill all processes with matching MCS level.
.TP
\fB\-Z\ context
Use alternate SELinux context while running the executable.
.TP
\fB\-v\fR
Verbose output
.SH "SEE ALSO"
.TP
runcon(1), sandbox(8), selinux(8)
.PP
.SH AUTHOR
This manual page was written by
.I Dan Walsh <dwalsh@redhat.com>
and
.I Thomas Liu <tliu@fedoraproject.org>
Reference in a new issue View git blame Copy permalink