синтаксис файла профиля безопасности и информация о создании новых профилей приложений (Security profile file syntax, and information about building new application profiles.)
User Environment
allusers
All user home directories are visible inside the sandbox.
By default, only current user home directory is visible.
env name=value
Set environment variable. Examples:
env LD_LIBRARY_PATH=/opt/test/lib
env CFLAGS="-W -Wall -Werror"
ipc-namespace
Enable IPC namespace.
name sandboxname
Set sandbox name. Example:
name browser
no3d Disable 3D hardware acceleration.
noautopulse (deprecated)
See keep-config-pulse.
nodvd Disable DVD and audio CD devices.
nogroups
Disable supplementary user groups
noinput
Disable input devices.
nosound
Disable sound system.
notv Disable DVB (Digital Video Broadcasting) TV devices.
nou2f Disable U2F devices.
novideo
Disable video capture devices.
machine-id
Spoof id number in /etc/machine-id file - a new random id
is generated inside the sandbox.
shell none
Run the program directly, without a shell.
