sandbox.conf — user config file for the SELinux sandbox


When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined.

Everything after "#" is ignored, as are empty lines.  All arguments should be separated by and equals sign ("=").

These keywords are allowed.


The name of the sandbox control group.  Default is "sandbox".


Which cpus to assign sandbox to.  The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges.  Ex: 0-2,5


How much memory to allow sandbox to use.  The default is 80%.  Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively.  Ex: 50% or 100M


Percentage of cpu sandbox should be allowed to use.  The default is 80%.  Specify a value followed by a percent sign ("%"). Ex: 50%

See Also



This manual page was written by Thomas Liu <>


June 2010 sandbox.conf Linux System Administration