sandbox man page

sandbox.conf — user config file for the SELinux sandbox


When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined.

Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("=").

These keywords are allowed.

The name of the sandbox control group. Default is "sandbox".
Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5
How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M
Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50%

See Also



This manual page was written by Thomas Liu <>


June 2010 sandbox.conf Linux System Administration