filed

Job queue using FUSE
filed-launch.1.scd (1275B)
      1 FILED-LAUNCH(1)
      2 
      3 # NAME
      4 
      5 filed-launch - launch programs with restricted access
      6 
      7 # SYNOPSIS
      8 
      9 *filed-launch* [_option_...] -- _command_ [argument ...]
     10 
     11 *filed-launch* _command_ [argument ...]
     12 
     13 # DESCRIPTION
     14 
     15 *filed-launch* launches _command_  with restricted file access using
     16 *landlock*(7).
     17 
     18 If no _option_ is supplied, the _command_ is executed with full access to
     19 the file system.
     20 
     21 # OPTIONS
     22 
     23 Options for file restrictions can be used multiple times.
     24 
     25 *-rwf* _file_
     26 	Give read, execute and write access to file.
     27 
     28 *-rof* _file_
     29 	Give read and execute access to file.
     30 
     31 *-rw* _dir_
     32 	Give read and execute access to directory.
     33 
     34 *-ro* _dir_
     35 	Give read and execute access to directory.
     36 
     37 # EXAMPLE
     38 
     39 *filed-launch* -ro /usr/bin -ro /lib -- echo hello
     40 	Echoes hello world. Note the use of multiple -ro flags.
     41 
     42 *filed-launch* -rof /usr/bin/cat -ro /lib -- cat $HOME/some-file
     43 	Attempt to access a file outside of it's access range. If everything
     44 	is correct this should yield cat: /home/bob/some-file:
     45 	Permission denied
     46 
     47 # SEE ALSO
     48 
     49 *landlock*(7) *filed*(5) *filed.config*(5)
     50 
     51 # AUTHORS
     52 
     53 Maintained by Marc Coquand <marc@coquand.email>. Up-to-date sources can be
     54 found at https://git.sr.ht/~marcc/filed and bugs/patches can be submitted by
     55 email to ~marcc/public-inbox@lists.sr.ht.
     56