Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   firejail-profile    ( 5 )

синтаксис файла профиля безопасности и информация о создании новых профилей приложений (Security profile file syntax, and information about building new application profiles.)

  Name  |  Synopsis  |  Description  |  Templates  |  Scripting  |  Filesystem  |  Security filters  |  Dbus filtering  |    Resource limits, cpu affinity, control groups    |  User environment  |  Networking  |  Other  |  Files  |  See also  |

Resource limits, CPU affinity, Control Groups

These profile entries define the limits on system resources (rlimits) for the processes inside the sandbox. The limits can be modified inside the sandbox using the regular ulimit command. cpu command configures the CPU cores available, and cgroup command place the sandbox in an existing control group.

Examples:

cgroup /sys/fs/cgroup/g1/tasks The sandbox is placed in g1 control group.

cpu 0,1,2 Use only CPU cores 0, 1 and 2.

nice -5 Set a nice value of -5 to all processes running inside the sandbox.

rlimit-as 123456789012 Set the maximum size of the process's virtual memory to 123456789012 bytes.

rlimit-cpu 123 Set the maximum CPU time in seconds.

rlimit-fsize 1024 Set the maximum file size that can be created by a process to 1024 bytes.

rlimit-nproc 1000 Set the maximum number of processes that can be created for the real user ID of the calling process to 1000.

rlimit-nofile 500 Set the maximum number of files that can be opened by a process to 500.

rlimit-sigpending 200 Set the maximum number of processes that can be created for the real user ID of the calling process to 200.

timeout hh:mm:ss Kill the sandbox automatically after the time has elapsed. The time is specified in hours/minutes/seconds format.