Which pre-existing cpu cgroup to use as a parent (default: 'NSJAIL')
--iface_no_lo
Don't bring up the 'lo' interface
+ --iface_own VALUE
+ Move this existing network interface into the new NET namespace. Can be specified multiple times
--macvlan_iface|-I VALUE
Interface which will be cloned (MACVLAN) and put inside the subprocess' namespace as 'vs'
--macvlan_vs_ip VALUE
--macvlan_vs_gw VALUE
Default GW for the 'vs' interface (e.g. "192.168.0.1")
-Deprecated options:
- --iface|-I VALUE
- Interface which will be cloned (MACVLAN) and put inside the subprocess' namespace as 'vs'
- DEPRECATED: Use macvlan_iface instead.
- --iface_vs_ip VALUE
- IP of the 'vs' interface (e.g. "192.168.0.1")
- DEPRECATED: Use macvlan_vs_ip instead.
- --iface_vs_nm VALUE
- Netmask of the 'vs' interface (e.g. "255.255.255.0")
- DEPRECATED: Use macvlan_vs_nm instead.
- --iface_vs_gw VALUE
- Default GW for the 'vs' interface (e.g. "192.168.0.1")
- DEPRECATED: Use macvlan_vs_gw instead.
-
Examples:
Wait on a port 31337 for connections, and run /bin/sh
nsjail -Ml --port 31337 --chroot / -- /bin/sh -i
\fB\-\-iface_no_lo\fR
Don't bring up the 'lo' interface
.TP
+\fB\-\-iface_own\fR VALUE
+Move this existing network interface into the new NET namespace. Can be specified multiple times
+.TP
\fB\-\-macvlan_iface\fR|\fB\-I\fR VALUE
Interface which will be cloned (MACVLAN) and put inside the subprocess' namespace as 'vs'
.TP
\fB\-\-macvlan_vs_gw\fR VALUE
Default GW for the 'vs' interface (e.g. "192.168.0.1")
\"
-.SH Deprecated options
-.TP
-\fB\-\-iface\fR|\fB\-I\fR VALUE
-Interface which will be cloned (MACVLAN) and put inside the subprocess' namespace as 'vs'
-DEPRECATED: Use macvlan_iface instead.
-.TP
-\fB\-\-iface_vs_ip\fR VALUE
-IP of the 'vs' interface (e.g. "192.168.0.1")
-DEPRECATED: Use macvlan_vs_ip instead.
-.TP
-\fB\-\-iface_vs_nm\fR VALUE
-Netmask of the 'vs' interface (e.g. "255.255.255.0")
-DEPRECATED: Use macvlan_vs_nm instead.
-\fB\-\-iface_vs_gw\fR VALUE
-Default GW for the 'vs' interface (e.g. "192.168.0.1")
-DEPRECATED: Use macvlan_vs_gw instead.
-\"
.SH Examples
.PP
Wait on a port 31337 for connections, and run /bin/sh: