Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   14857 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

COMPARTMENT(1)							COMPARTMENT(1)

NAME
       compartment - secure program/service wrapper

SYNOPSIS
       compartment  [--cap  CAPSET]  [--chroot	PATH]  [--user	USER] [--group
       GROUP]	 [--init    PROGRAM]	[--verbose]	[--quiet]     [--fork]
       /full/path/to/program

DESCRIPTION
       The  SuSE  Secure  Compartment  was designed to allow safe execution of
       priviliged and/or untrusted executables and services.  It has  got  all
       features possible included, which can be used to minimize the risk of a
       trojanized or vulnerable program/service.

COMMANDLINE OPTIONS
       --cap CAPSET
	      sets the defined CAPABILITY for the  process.   See  the	README
	      file for more information.

       --chroot PATH
	      chroots  to  the PATH defined. It has to be a valid chroot envi‐
	      ronment.	See the README file for more information and examples.

       --user USER
	      runs the program with uid/euid of USER

       --group GROUP
	      runs the program with gid/egid of GROUP

       --init PROGRAM
	      runs PROGRAM before running the untrusted program/service,  e.g.
	      to build a chroot environment

       --verbose
	      prints detailled information what compartment does.

       --quit does not print syslog information about the use of compartment

       --fork forks  if	 everything  was set up correctly, mother process will
	      exit.

FEATURES
       Linux Capabilities

       supports all Linux capabilites
	      (see /usr/include/linux/capability.h and the README file)

       Chrooting

       supports a chroot setup

       Privileges

       supports running with defined user and/or group privileges

       Setup Scripts

       supports running of initial scripts
	      before running a program/service, e.g. to build a	 chroot	 envi‐
	      ronment.

BUGS
       No bugs are currently known

AUTHOR
       Marc Heuse <marc@suse.de>

DISTRIBUTION
       compartment is part of the SuSE Linux Distribtution since 7.0 so it can
       be downloaded as an RPM file from the SuSE FTP servers. It can also  be
       downloaded as a .tar.gz file from http://www.suse.de/~marc

LICENCE
       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published  by  the
       Free Software Foundation; Version 2.

       This  program  is  distributed  in the hope that it will be useful, but
       WITHOUT ANY  WARRANTY;  without	even  the  implied  warranty  of  MER‐
       CHANTABILITY  or	 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
       Public License for more details.

SEE ALSO
       capset (2), chroot (1), chroot (2)

								COMPARTMENT(1)

Vote for polarhome