From patchwork Tue May 10 07:21:21 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Lautrbach X-Patchwork-Id: 9054641 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id DFE789F1C3 for ; Tue, 10 May 2016 07:21:45 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3284520145 for ; Tue, 10 May 2016 07:21:45 +0000 (UTC) Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E248A2010E for ; Tue, 10 May 2016 07:21:43 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.24,604,1454976000"; d="scan'208";a="16004372" IronPort-PHdr: =?us-ascii?q?9a23=3A4p45bBHHYcLOmVo66NjJt51GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75osSwAkXT6L1XgUPTWs2DsrQf27uQ6vurADZaqb+681k8M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aJBzzOEJP?= =?us-ascii?q?K/jvHcaK1oLsh7H0osaYOl8SzBOGIppMbzyO5T3LsccXhYYwYo0Q8TDu5kVyRu?= =?us-ascii?q?JN2GlzLkiSlRuvru25/Zpk7jgC86l5r50IbL/+N5gcYfQYSW1+cjN92Mq+rhTH?= =?us-ascii?q?TA2S9lMAQ24WlVxOGAGD4xbkDbnrtS6vjudhwmG+NNDqV7o9UjTqu79vQQL0ki?= =?us-ascii?q?0OHyQ0/GHelop7i6cN80HpnAB234OBONLdD/F5ZK6IOIpCSA=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2FUBQBTizFX/wHyM5BdgziBUrscIYcvTAEBAQEBAQICYie?= =?us-ascii?q?CLYIcAjcUIA4DCQIXKQgIAwEtDAkfCwUYBIgKujEehiCIXREBBmKFDQWYJ44dA?= =?us-ascii?q?oFnh22FPwKGLIkSYoNtbIdMCRcEgRoBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 May 2016 07:21:41 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u4A7LVOK015454; Tue, 10 May 2016 03:21:34 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u4A7LT68083654 for ; Tue, 10 May 2016 03:21:29 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u4A7LT4C015452 for ; Tue, 10 May 2016 03:21:29 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AgAQDCijFXjxy3hNFdhQqmXIICAY40hBOGEIE1TAEBAQEBARMBAQEBCQkLCSGFcIEeM4gruk+GIIh1YoUNBZgnjh0CgWeNLAKGLIkSghgBX4FXOjKHTCSBGgEBAQ X-IPAS-Result: A1AgAQDCijFXjxy3hNFdhQqmXIICAY40hBOGEIE1TAEBAQEBARMBAQEBCQkLCSGFcIEeM4gruk+GIIh1YoUNBZgnjh0CgWeNLAKGLIkSghgBX4FXOjKHTCSBGgEBAQ X-IronPort-AV: E=Sophos;i="5.24,604,1454994000"; d="scan'208";a="5438337" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 10 May 2016 03:21:29 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AVC4jkhOsjtD/oyOS6Lsl6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0KPj4rarrMEGX3/hxlliBBdydsKIVzbON+Pm6AyQp2tWojjMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3Dwdp?= =?us-ascii?q?POO9QteU1JTmkbnpsMSJOU1hv3mUX/BbFF2OtwLft80b08NJC50a7V/3mEZOYP?= =?us-ascii?q?lc3mhyJFiezF7W78a0+4N/oWwL46pyv50IbaKvZKk8TLpFHBw6Ims144vtrhCF?= =?us-ascii?q?QgyRtVUGVWBDqhdUGUDh5QzmRJ34uSuy4vJ50TSGJ8f/Zao5VTSr8+FgTxq+23?= =?us-ascii?q?RPDCIw7GyC0p84t6lcuh/0/xE=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FgAQBTizFXjxy3hNFdhQqmXIICAY40h?= =?us-ascii?q?BOGEIE2TAEBAQEBAQICDwEBAQEJCQsJIS+CLYMUgR4ziCu6T4YgiHVihQ0FmCe?= =?us-ascii?q?OHQKBZ40sAoYsiRKCeIFXOjKHTCSBGgEBAQ?= X-IPAS-Result: =?us-ascii?q?A0FgAQBTizFXjxy3hNFdhQqmXIICAY40hBOGEIE2TAEBAQE?= =?us-ascii?q?BAQICDwEBAQEJCQsJIS+CLYMUgR4ziCu6T4YgiHVihQ0FmCeOHQKBZ40sAoYsi?= =?us-ascii?q?RKCeIFXOjKHTCSBGgEBAQ?= X-IronPort-AV: E=Sophos;i="5.24,604,1454976000"; d="scan'208";a="13508230" Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 May 2016 07:21:28 +0000 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8E65DC03BD5F for ; Tue, 10 May 2016 07:21:27 +0000 (UTC) Received: from hulk.com (ovpn-204-39.brq.redhat.com [10.40.204.39]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u4A7LPrL028607; Tue, 10 May 2016 03:21:26 -0400 From: Petr Lautrbach To: selinux@tycho.nsa.gov Subject: [PATCH] policycoreutils: update sandbox.8 man page Date: Tue, 10 May 2016 09:21:21 +0200 Message-Id: <1462864881-8879-1-git-send-email-plautrba@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 10 May 2016 07:21:27 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP - Handling of cgroups was remove in de0795a12edfa8c1239c3165bc4d6c566b6875af but -c option was still documented in sandbox.8 - Minor formatting fix Signed-off-by: Petr Lautrbach --- policycoreutils/sandbox/sandbox.8 | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8 index 0c8cd1e..81f497a 100644 --- a/policycoreutils/sandbox/sandbox.8 +++ b/policycoreutils/sandbox/sandbox.8 @@ -3,11 +3,11 @@ sandbox \- Run cmd under an SELinux sandbox .SH SYNOPSIS .B sandbox -[\-C] [\-c] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] cmd +[\-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] cmd .br .B sandbox -[\-C] [\-c] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] \-S +[\-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] \-S .br .SH DESCRIPTION .PP @@ -24,10 +24,10 @@ allows you to run X applications within a sandbox. These applications will star If directories are specified with \-H or \-T the directory will have its context modified with chcon(1) unless a level is specified with \-l. If the MLS/MCS security level is specified, the user is responsible to set the correct labels. .PP .TP -\fB\-h\ \fB\\-\-help\fR +\fB\-h\ \fB\-\-help\fR display usage message .TP -\fB\-H\ \fB\\-\-homedir\fR +\fB\-H\ \fB\-\-homedir\fR Use alternate homedir to mount over your home directory. Defaults to temporary. Requires \-X or \-M. .TP \fB\-i\fR \fB\-\-include\fR @@ -84,9 +84,6 @@ $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t \fB\-d\fR \fB\-\-dpi\fR Set the DPI value for the sandbox X Server. Defaults to the current X Sever DPI. .TP -\fB\-c\fR \fB\-\-cgroups\fR -Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc. -.TP \fB\-C\fR \fB\-\-capabilities\fR Use capabilities within the sandbox. By default applications executed within the sandbox will not be allowed to use capabilities (setuid apps), with the \-C flag, you