Network bandwidth is an expensive resource shared among all
sandboxes running on a system. Traffic shaping allows the user
to increase network performance by controlling the amount of data
that flows into and out of the sandboxes.
Firejail implements a simple rate-limiting shaper based on Linux
command tc. The shaper works at sandbox level, and can be used
only for sandboxes configured with new network namespaces.
Set rate-limits:
$ firejail --bandwidth=name|pid set network download upload
Clear rate-limits:
$ firejail --bandwidth=name|pid clear network
Status:
$ firejail --bandwidth=name|pid status
where:
name - sandbox name
pid - sandbox pid
network - network interface as used by --net option
download - download speed in KB/s (kilobyte per second)
upload - upload speed in KB/s (kilobyte per second)
Example:
$ firejail --name=mybrowser --net=eth0 firefox &
$ firejail --bandwidth=mybrowser set eth0 80 20
$ firejail --bandwidth=mybrowser status
$ firejail --bandwidth=mybrowser clear eth0