Add a new sandbox option to run /usr/bin/shred on all files in the temp
directories before they are deleted.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
add some definition to the standard types available for sandboxes so
users have a way to know about them and what they are intended to be
used for.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Some sandbox might want to be able to run a suid app. Add the -C option
to allow capabilities to stay in the bounding set, and thus be allowed
inside the sandbox.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This allows users to create sandbox windows of a specified size on the
command line.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Dan Walsh
Eric Paris