Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

cgsnapshot(1) [debian man page]

CGSNAPSHOT(1)							 libcgroup Manual						     CGSNAPSHOT(1)

NAME

       cgsnapshot - generate the configuration file for given controllers

SYNOPSIS

       cgsnapshot [-h] [-s] [-t] [-b file] [-w file] [-f output_file]  [controller] [...]

DESCRIPTION

       cgsnapshot  generates the cgconfig compatible configuration file for the given controllers.  If no controller is set, then cgsnapshot shows
       all mounted hierarchies.  The output is in the same format as the cgconfig.conf configuration file.

       -b file
	      Display only variables from the blacklist.  The default location of the blacklist is /etc/cgsnapshot_blacklist.conf.  This list con-
	      tains  all  variables  which should be ignored by the cgsnapshot If the variable is blacklisted, it will not be displayed.  If it is
	      not present on the blacklist, the whitelist is checked.

       -h, --help
	      display this help and exit

       -f, --file
	      Redirect the output to output_file

       -s, --silent
	      Ignore all warnings

       -t, --strict
	      Do not display the variables which are not on the whitelist

       -w file
	      Set the blacklist configuration file.  This list contains all variables which should be displayed by cgsnapshot If the  variable	is
	      not  blacklisted,  the  whitelist is checked.  If the variable is on the whitelist, it is displayed by cgsnapshot If the variable is
	      not on the whitelist, the variable is displayed and a warning message is produced.  By default the whitelist is not used.

	      The warning message can be omitted using the -s, --silent flag.  If the -t, --strict flag is used, the variable which is not on  the
	      whitelist is not displayed.

       controller
	      defines the controller whose hierarchies will be output

FILES

       /etc/cgsnapshot_blacklist.conf
	      default blacklist

       /etc/cgsnapshot_whitelist.conf
	      default whitelist

       /etc/cgconfig.conf
	      default libcgroup configuration file

SEE ALSO

       cgconfig.conf (5)

Linux								    2010-07-28							     CGSNAPSHOT(1)

Check Out this Related Man Page

FIREWALLD.LOCKDOWN(5)					   firewalld.lockdown-whitelist 				     FIREWALLD.LOCKDOWN(5)

NAME

       firewalld.lockdown-whitelist - firewalld lockdown whitelist configuration file

SYNOPSIS

       /etc/firewalld/lockdown-whitelists.xml

DESCRIPTION

       The firewalld lockdown-whitelist configuration file contains the selinux contexts, commands, users and user ids that are white-listed when
       firewalld lockdown feature is enabled (see firewalld.conf(5) and firewall-cmd(1)).

       This example configuration file shows the structure of an lockdown-whitelist file:

	   <?xml version="1.0" encoding="utf-8"?>
	   <whitelist>
	     <selinux context="selinuxcontext"/>
	     <command name="commandline[*]"/>
	     <user {name="username|id="userid"}/>
	   </whitelist>

OPTIONS

       The config can contain these tags and attributes. Some of them are mandatory, others optional.

   whitelist
       The mandatory whitelist start and end tag defines the lockdown-whitelist. This tag can only be used once in a lockdown-whitelist
       configuration file. There are no attributes for this.

   selinux
       Is an optional empty-element tag and can be used several times to have more than one selinux contexts entries. A selinux entry has exactly
       one attribute:

       context="string"
	   The context is the security (SELinux) context of a running application or service.

	   To get the context of a running application use ps -e --context and search for the application that should be white-listed.

	   Warning: If the context of an application is unconfined, then this will open access for more than the desired application.

   command
       Is an optional empty-element tag and can be used several times to have more than one command entry. A command entry has exactly one
       attribute:

       name="string"
	   The command string is a complete command line including path and also attributes.

	   If a command entry ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the
	   absolute command inclusive arguments must match.

	   Commands for user root and others is not always the same, the used path depends on the use of the PATH environment variable.

   user
       Is an optional empty-element tag and can be used several times to white-list more than one user. A user entry has exactly one attribute of
       these:

       name="string"
	   The user with the name string will be white-listed.

       id="integer"
	   The user with the id userid will be white-listed.

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 													     FIREWALLD.LOCKDOWN(5)
Man Page