Lines Matching full:process
3 minijail0 \- sandbox a process
22 that these capabilities are not inherited by subprocesses of the process given
35 Write the pid of the jailed process to \fIfile\fR.
74 \fB-v\fR and \fB-r\fR, since otherwise the process can see outside its namespace
83 that even if the process has write access to a system config knob in /proc
87 Enable seccomp(2) in mode 1, which restricts the child process to a very small
91 Enable seccomp(2) in mode 13 which restricts the child process to a set of
108 the process to which they will actually apply - specifically capability use
109 (since capabilities are not inherited to an exec'd process unless the exec'd
110 process has POSIX file capabilities), seccomp (since we can't exec() once we're
