***
### Configuration file
-[config.proto](https://github.com/google/nsjail/blob/master/config.proto) contains ProtoBuf schema for nsjail's configuration format. You can also find example config file in [config.example](https://github.com/google/nsjail/blob/master/configs/config.example).
+[config.proto](https://github.com/google/nsjail/blob/master/config.proto) contains ProtoBuf schema for nsjail's configuration format. You can also find example config file in [config1.example](https://github.com/google/nsjail/blob/master/configs/config1.example).
Usage:
<pre>
-./nsjail --config ./config.example
+./nsjail --config configs/config1.example
</pre>
-You can also override certain options with command-line options. Here, the executed binary is changed from _/usr/bin/id_ to _/bin/ls_, yet options from _config.example_ are applied.
+You can also override certain options with command-line options. Here, the executed binary is changed from _/usr/bin/id_ to _/bin/ls_, yet options from _config1.example_ are applied.
<pre>
-./nsjail --config ./config.example -- /bin/ls
+./nsjail --config configs/config1.example -- /bin/ls
</pre>
### More info
+++ /dev/null
-mode: ONCE
-chroot_dir: "/"
-is_root_rw: false
-hostname: "TEST-NS"
-cwd: "/lib"
-
-bindhost: "::1"
-max_conns_per_ip: 10
-port: 31337
-
-time_limit: 100
-daemon: false
-keep_env: false
-silent: false
-skip_setsid: false
-pass_fd: 100
-pass_fd: 3
-pivot_root_only: false
-disable_no_new_privs: false
-
-rlimit_as: 128
-rlimit_core: 0
-rlimit_cpu: 10
-rlimit_fsize: 0
-rlimit_nofile: 5
-rlimit_stack: 1
-
-persona_addr_compat_layout: false
-persona_mmap_page_zero: false
-persona_read_implies_exec: false
-persona_addr_limit_3gb: false
-persona_addr_no_randomize: false
-
-clone_newnet: true
-clone_newuser: true
-clone_newns: true
-clone_newpid: true
-clone_newipc: true
-clone_newuts: true
-clone_newcgroup: true
-
-uidmap {
- inside_id: "999999"
- outside_id: ""
- count: 1
-}
-
-gidmap {
- inside_id: "999998"
- outside_id: ""
- count: 1
-}
-
-mount {
- src: ""
- dst: "/tmp"
- fstype: "tmpfs"
- options: ""
- is_ro: false
- is_bind: false
-}
-
-mount {
- src: ""
- dst: "/dev"
- fstype: "tmpfs"
- options: ""
- is_ro: false
- is_bind: false
-}
-
-mount {
- src: "/dev/null"
- dst: "/dev/null"
- fstype: ""
- options: ""
- is_ro: false
- is_bind: true
-}
-
-seccomp_string: "
- POLICY example {
- ERRNO(1337) { geteuid },
- KILL { syslog }
- }
- USE example DEFAULT ALLOW
-"
-
-exec_bin {
- path: "/usr/bin/id"
- arg: "root"
-}
--- /dev/null
+mode: ONCE
+chroot_dir: "/"
+is_root_rw: false
+hostname: "TEST-NS"
+cwd: "/lib"
+
+bindhost: "::1"
+max_conns_per_ip: 10
+port: 31337
+
+time_limit: 100
+daemon: false
+keep_env: false
+silent: false
+skip_setsid: false
+pass_fd: 100
+pass_fd: 3
+pivot_root_only: false
+disable_no_new_privs: false
+
+rlimit_as: 128
+rlimit_core: 0
+rlimit_cpu: 10
+rlimit_fsize: 0
+rlimit_nofile: 5
+rlimit_stack: 1
+
+persona_addr_compat_layout: false
+persona_mmap_page_zero: false
+persona_read_implies_exec: false
+persona_addr_limit_3gb: false
+persona_addr_no_randomize: false
+
+clone_newnet: true
+clone_newuser: true
+clone_newns: true
+clone_newpid: true
+clone_newipc: true
+clone_newuts: true
+clone_newcgroup: true
+
+uidmap {
+ inside_id: "999999"
+ outside_id: ""
+ count: 1
+}
+
+gidmap {
+ inside_id: "999998"
+ outside_id: ""
+ count: 1
+}
+
+mount {
+ src: ""
+ dst: "/tmp"
+ fstype: "tmpfs"
+ options: ""
+ is_ro: false
+ is_bind: false
+}
+
+mount {
+ src: ""
+ dst: "/dev"
+ fstype: "tmpfs"
+ options: ""
+ is_ro: false
+ is_bind: false
+}
+
+mount {
+ src: "/dev/null"
+ dst: "/dev/null"
+ fstype: ""
+ options: ""
+ is_ro: false
+ is_bind: true
+}
+
+seccomp_string: "
+ POLICY example {
+ ERRNO(1337) { geteuid },
+ KILL { syslog }
+ }
+ USE example DEFAULT ALLOW
+"
+
+exec_bin {
+ path: "/usr/bin/id"
+ arg: "root"
+}
projects / platform / upstream / nsjail.git / commitdiff