Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

sandbox-exec(1) [osx man page]

SANDBOX-EXEC(1) 					    BSD General Commands Manual 					   SANDBOX-EXEC(1)

NAME

     sandbox-exec -- execute within a sandbox

SYNOPSIS

     sandbox-exec [-f profile-file] [-n profile-name] [-p profile-string] [-D key=value ...] command [arguments ...]

DESCRIPTION

     The sandbox-exec command enters a sandbox using a profile specified by the -f, -n, or -p option and executes command with arguments.

     The options are as follows:

     -f profile-file
	     Read the profile from the file named profile-file.

     -n profile-name
	     Use the pre-defined profile profile-name.

     -p profile-string
	     Specify the profile to be used on the command line.

     -D key=value
	     Set the profile parameter key to value.

SEE ALSO

     sandbox_init(3), sandbox(7), sandboxd(8)

Mac OS X							   July 29, 2008							  Mac OS X

Check Out this Related Man Page

AA-EXEC(8)							     AppArmor								AA-EXEC(8)

NAME

       aa-exec - confine a program with the specified AppArmor profile

SYNOPSIS

       aa-exec [options] [--] [<command> ...]

DESCRIPTION

       aa-exec is used to launch a program confined by the specified profile and or namespace.	If both a profile and namespace are specified
       command will be confined by profile in the new policy namespace.  If only a namespace is specified, the profile name of the current
       confinement will be used.  If neither a profile or namespace is specified command will be run using standard profile attachment (ie. as if
       run without the aa-exec command).

       If the arguments are to be pasted to the <command> being invoked by aa-exec then -- should be used to separate aa-exec arguments from the
       command.
	 aa-exec -p profile1 -- ls -l

OPTIONS aa-exec accepts the following arguments:
       -p PROFILE, --profile=PROFILE
	   confine <command> with PROFILE. If the PROFILE is not specified use the current profile name (likely unconfined).

       -n NAMESPACE, --namespace=NAMESPACE
	   use profiles in NAMESPACE.  This will result in confinement transitioning to using the new profile namespace.

       -f FILE, --file=FILE
	   a file or directory containing profiles to load before confining the program.

       -i, --immediate
	   transition to PROFILE before doing executing <command>.  This subjects the running of <command> to the exec transition rules of the
	   current profile.

       -v, --verbose
	   show commands being performed

       -d, --debug
	   show commands and error codes

       --  Signal the end of options and disables further option processing. Any arguments after the -- are treated as arguments of the command.
	   This is useful when passing arguments to the <command> being invoked by aa-exec.

BUGS

       If you find any bugs, please report them at <http://https://bugs.launchpad.net/apparmor/+filebug>.

SEE ALSO

       aa-stack(8), aa-namespace(8), apparmor(7), apparmor.d(5), aa_change_profile(3), aa_change_onexec(3) and <http://wiki.apparmor.net>.

AppArmor 2.7.103						    2012-06-28								AA-EXEC(8)
Man Page