Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   profile    ( 5 )

синтаксис файла профиля безопасности и информация о создании новых профилей приложений (Security profile file syntax, and information about building new application profiles.)

Networking

Networking features available in profile files.

defaultgw address Use this address as default gateway in the new network namespace.

dns address Set a DNS server for the sandbox. Up to three DNS servers can be defined.

hostname name Set a hostname for the sandbox.

hosts-file file Use file as /etc/hosts.

ip address Assign IP addresses to the last network interface defined by a net command. A default gateway is assigned by default.

Example: net eth0 ip 10.10.20.56

ip none No IP address and no default gateway are configured for the last interface defined by a net command. Use this option in case you intend to start an external DHCP client in the sandbox.

Example: net eth0 ip none

ip dhcp Acquire an IP address and default gateway for the last interface defined by a net command, as well as set the DNS servers according to the DHCP response. This command requires the ISC dhclient DHCP client to be installed and will start it automatically inside the sandbox.

Example: net br0 ip dhcp

This command should not be used in conjunction with the dns command if the DHCP server is set to configure DNS servers for the clients, because the manually specified DNS servers will be overwritten.

The DHCP client will NOT release the DHCP lease when the sandbox terminates. If your DHCP server requires leases to be explicitly released, consider running a DHCP client and releasing the lease manually in conjunction with the net none command.

ip6 address Assign IPv6 addresses to the last network interface defined by a net command.

Example: net eth0 ip6 2001:0db8:0:f101::1/64

ip6 dhcp Acquire an IPv6 address and default gateway for the last interface defined by a net command, as well as set the DNS servers according to the DHCP response. This command requires the ISC dhclient DHCP client to be installed and will start it automatically inside the sandbox.

Example: net br0 ip6 dhcp

This command should not be used in conjunction with the dns command if the DHCP server is set to configure DNS servers for the clients, because the manually specified DNS servers will be overwritten.

The DHCP client will NOT release the DHCP lease when the sandbox terminates. If your DHCP server requires leases to be explicitly released, consider running a DHCP client and releasing the lease manually.

iprange address,address Assign an IP address in the provided range to the last network interface defined by a net command. A default gateway is assigned by default.

Example:

net eth0 iprange 192.168.1.150,192.168.1.160

mac address Assign MAC addresses to the last network interface defined by a net command.

mtu number Assign a MTU value to the last network interface defined by a net command.

net bridge_interface Enable a new network namespace and connect it to this bridge interface. Unless specified with option --ip and --defaultgw, an IP address and a default gateway will be assigned automatically to the sandbox. The IP address is verified using ARP before assignment. The address configured as default gateway is the bridge device IP address. Up to four --net bridge devices can be defined. Mixing bridge and macvlan devices is allowed.

net ethernet_interface|wireless_interface Enable a new network namespace and connect it to this ethernet interface using the standard Linux macvlan or ipvlan driver. Unless specified with option --ip and --defaultgw, an IP address and a default gateway will be assigned automatically to the sandbox. The IP address is verified using ARP before assignment. The address configured as default gateway is the default gateway of the host. Up to four --net devices can be defined. Mixing bridge and macvlan devices is allowed.

net none Enable a new, unconnected network namespace. The only interface available in the new namespace is a new loopback interface (lo). Use this option to deny network access to programs that don't really need network access.

net tap_interface Enable a new network namespace and connect it to this ethernet tap interface using the standard Linux macvlan driver. If the tap interface is not configured, the sandbox will not try to configure the interface inside the sandbox. Please use ip, netmask and defaultgw to specify the configuration.

netfilter If a new network namespace is created, enabled default network filter.

netfilter filename If a new network namespace is created, enabled the network filter in filename.

netmask address Use this option when you want to assign an IP address in a new namespace and the parent interface specified by --net is not configured. An IP address and a default gateway address also have to be added.

netns namespace Run the program in a named, persistent network namespace. These can be created and configured using "ip netns".

veth-name name Use this name for the interface connected to the bridge for --net=bridge_interface commands, instead of the default one.