When running sandbox with the -C argument, it will be confined
using control groups and a system administrator can specify how
the sandbox is confined.
Everything after "#" is ignored, as are empty lines. All
arguments should be separated by and equals sign ("=").
These keywords are allowed.
NAME The name of the sandbox control group. Default is
Which cpus to assign sandbox to. The default is
ALL, but users can specify a comma-separated list
with dashes ("-") to represent ranges. Ex: 0-2,5
How much memory to allow sandbox to use. The
default is 80%. Users can specify either a
percentage or a value in the form of a number
followed by one of the suffixes K, M, G to denote
kilobytes, megabytes or gigabytes respectively.
Ex: 50% or 100M
Percentage of cpu sandbox should be allowed to use.
The default is 80%. Specify a value followed by a
percent sign ("%"). Ex: 50%
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the
project can be found at
⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a
bug report for this manual page, see
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2022-12-17. (At
that time, the date of the most recent commit that was found in
the repository was 2022-12-16.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
sandbox.conf June 2010 sandbox.conf(5)