filed
Job queue using FUSE
git clone git://mccd.space/filed
| Log | Files | Refs | README | LICENSE |
commit 924e65be31f441b8c3014475110dc4c9f47b99d6 parent e534492415424b8ce8942bfd36bc9ba7e460592b Author: Marc Coquand <marc@coquand.email> Date: Thu, 18 Dec 2025 15:30:40 +0100 Docs Diffstat:
| M | filed-launch.1.scd | | | 30 | ++++++++++++++++++++++++------ |
1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/filed-launch.1.scd b/filed-launch.1.scd @@ -6,19 +6,37 @@ filed-launch - launch programs with restricted access # SYNOPSIS -*filed-launch* [-rw _dir_] [-ro _dir_] [-rwf _file_] [-rof _file_] -- _executable_ +*filed-launch* [_option_...] -- _command_ [argument ...] + +*filed-launch* _command_ [argument ...] # DESCRIPTION -*filed-launch* is used by *filed*(5) for launching programs with restricted file -access using *landlock*(7). +*filed-launch* launches _command_ with restricted file access using +*landlock*(7). + +If no _option_ is supplied, the _command_ is executed with full access to +the file system. + +# OPTIONS + +Options for file restrictions can be used multiple times. + +*-rwf* _file_ + Give read, execute and write access to file. + +*-rof* _file_ + Give read and execute access to file. + +*-rw* _dir_ + Give read and execute access to directory. -If no arguments are applied, the _executable_ is launched with full access -to the file system. +*-ro* _dir_ + Give read and execute access to directory. # EXAMPLE -*filed-launch* -ro /usr/bin -ro /lib -ro /proc -- echo hello +*filed-launch* -ro /usr/bin -ro /lib -- echo hello Echoes hello world. Note the use of multiple -ro flags. *filed-launch* -rof /usr/bin/cat -ro /lib -- cat $HOME/some-file