From: Jagger Date: Fri, 15 May 2015 00:25:55 +0000 (+0200) Subject: Better formatting of README.md X-Git-Tag: 1.0~27 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3a4fdc240df34541f46c3ec8ce8097350dfc1104;p=platform%2Fupstream%2Fnsjail.git Better formatting of README.md --- diff --git a/README.md b/README.md index 0abbbb7..0d8a37c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ ### WHAT IS IT? -NsJail is a Linux isolation tool making use of the namespacing and seccomp-bpf -subsystems of the Linux kernel. +NsJail is a Linux process isolation tool making use of the namespacing features, and seccomp-bpf filters of the Linux kernel This is NOT an official Google product. @@ -12,10 +11,12 @@ This is NOT an official Google product. ### WHAT USE-CASES DOES IT COVER? 1. Isolating networking daemons (inetd-style) - * Server: + ++ Server: $ ./nsjail -Ml --port 9000 --chroot /chroot/ --user 99999 --group 99999 -- /bin/sh -i - * Client: ++ Client: +``` $ nc 127.0.0.1 9000 / $ ifconfig / $ ifconfig -a @@ -24,10 +25,10 @@ This is NOT an official Google product. RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) - +``` 2. Isolating local processes (run it once, and exit) - +``` $ ./nsjail -Mo --chroot /chroot/ --user 99999 --group 99999 -- /bin/sh -i / $ ifconfig -a lo Link encap:Local Loopback @@ -39,9 +40,10 @@ This is NOT an official Google product. uid=99999 gid=99999 / $exit $ +``` 3. Isolating local processes (and re-running them) - +``` $ ./nsjail -Mr --chroot /chroot/ --user 99999 --group 99999 -- /bin/sh -i BusyBox v1.21.1 (Ubuntu 1:1.21.0-1ubuntu1) built-in shell (ash) Enter 'help' for a list of built-in commands. @@ -49,6 +51,7 @@ This is NOT an official Google product. BusyBox v1.21.1 (Ubuntu 1:1.21.0-1ubuntu1) built-in shell (ash) Enter 'help' for a list of built-in commands. / $ +``` ### MORE INFO? Type: './nsjail --help' - cmd-line switches are well-documented