sandbox.conf(5)          Linux System Administration         sandbox.conf(5)

NAME         top

       sandbox.conf - user config file for the SELinux sandbox

DESCRIPTION         top

       When running sandbox with the -C argument, it will be confined using
       control groups and a system administrator can specify how the sandbox
       is confined.

       Everything after "#" is ignored, as are empty lines.  All arguments
       should be separated by and equals sign ("=").

       These keywords are allowed.

              NAME   The name of the sandbox control group.  Default is

                     Which cpus to assign sandbox to.  The default is ALL,
                     but users can specify a comma-separated list with
                     dashes ("-") to represent ranges.  Ex: 0-2,5

                     How much memory to allow sandbox to use.  The default
                     is 80%.  Users can specify either a percentage or a
                     value in the form of a number followed by one of the
                     suffixes K, M, G to denote kilobytes, megabytes or
                     gigabytes respectively.  Ex: 50% or 100M

                     Percentage of cpu sandbox should be allowed to use.
                     The default is 80%.  Specify a value followed by a
                     percent sign ("%"). Ex: 50%

SEE ALSO         top


AUTHOR         top

       This manual page was written by Thomas Liu <>

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨⟩.  If you
       have a bug report for this manual page, see 
       ⟨⟩.  This
       page was obtained from the project's upstream Git repository 
       ⟨⟩ on 2017-03-13.  If you
       discover any rendering problems in this HTML version of the page, or
       you believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail

sandbox.conf                      June 2010                  sandbox.conf(5)