1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
.SH NAME
seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
.SH SYNOPSIS
.B seunshare
[ -v ] [ -c ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
.br
.SH DESCRIPTION
.PP
Run the
.I executable
within the specified context, using the alternate home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to execute the application under the specified SELinux context.
.TP
\fB\-h homedir\fR
Alternate homedir to be used by the application. Homedir must be owned by the user.
.TP
\fB\-t\ tmpdir
Use alternate tempory directory to mount on /tmp. tmpdir must be owned by the user.
.TP
\fB\-c --cgroups\fR
Use cgroups to control this copy of seunshare. Specify parameters in /etc/default/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
.TP
\fB\-C --capabilities\fR
Allow apps executed within the namespace to use capabilities. Default is no capabilities.
.TP
\fB\-k --kill\fR
Kill all processes with matching MCS level.
.TP
\fB\-Z\ context
Use alternate SELinux context while runing the executable.
.TP
\fB\-v\fR
Verbose output
.SH "SEE ALSO"
.TP
runcon(1), sandbox(8), selinux(8)
.PP
.SH AUTHOR
This manual page was written by
.I Dan Walsh <dwalsh@redhat.com>
and
.I Thomas Liu <tliu@fedoraproject.org>
|
