51 lines
1.6 KiB
Groff
51 lines
1.6 KiB
Groff
.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
|
|
.SH NAME
|
|
seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
|
|
.SH SYNOPSIS
|
|
.B seunshare
|
|
[ -v ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
|
|
.br
|
|
.SH DESCRIPTION
|
|
.PP
|
|
Run the
|
|
.I executable
|
|
within the specified context, using custom home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to execute the application under the specified SELinux context.
|
|
|
|
.TP
|
|
\fB\-h homedir\fR
|
|
Alternate homedir to be used by the application. Homedir must be owned by the user
|
|
.TP
|
|
\fB\-t\ tmpdir
|
|
Use alternate temporary directory to mount on /tmp. tmpdir must be owned by the user
|
|
.TP
|
|
\fB\-r\ runuserdir
|
|
Use alternate temporary directory to mount on XDG_RUNTIME_DIR (/run/user/$UID). runuserdir must be owned by the user
|
|
.TP
|
|
\fB\-C --capabilities\fR
|
|
Allow apps executed within the namespace to use capabilities. Default is no capabilities
|
|
.TP
|
|
\fB\-k --kill\fR
|
|
Kill all processes with matching MCS level
|
|
.TP
|
|
\fB\-Z\ context
|
|
Use alternate SELinux context while running the executable
|
|
.TP
|
|
\fB\-v\fR
|
|
Verbose output
|
|
|
|
.SH EXAMPLE
|
|
.nf
|
|
Run bash with temporary /home and /tmp directory
|
|
# USERHOMEDIR=`mktemp -d /tmp/home.XXXXXX`; USERTEMPDIR=`mktemp -d /tmp/temp.XXXXXX`
|
|
# seunshare -v -h ${USERHOMEDIR} -t ${USERTEMPDIR} -- /bin/bash
|
|
|
|
.SH "SEE ALSO"
|
|
.TP
|
|
runcon(1), sandbox(8), selinux(8)
|
|
.PP
|
|
.SH AUTHOR
|
|
This manual page was written by
|
|
.I Dan Walsh <dwalsh@redhat.com>
|
|
and
|
|
.I Thomas Liu <tliu@fedoraproject.org>
|