diff options
Diffstat (limited to 'docs/sandbox.md')
| -rw-r--r-- | docs/sandbox.md | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/docs/sandbox.md b/docs/sandbox.md index 87763685..508a0d03 100644 --- a/docs/sandbox.md +++ b/docs/sandbox.md @@ -77,6 +77,24 @@ Built-in profiles (set via `SEATBELT_PROFILE` env var): - `restrictive-open`: Strict restrictions, network allowed - `restrictive-closed`: Maximum restrictions +### Custom Sandbox Flags + +For container-based sandboxing, you can inject custom flags into the `docker` or `podman` command using the `SANDBOX_FLAGS` environment variable. This is useful for advanced configurations, such as disabling security features for specific use cases. + +**Example (Podman)**: + +To disable SELinux labeling for volume mounts, you can set the following: + +```bash +export SANDBOX_FLAGS="--security-opt label=disable" +``` + +Multiple flags can be provided as a space-separated string: + +```bash +export SANDBOX_FLAGS="--flag1 --flag2=value" +``` + ## Linux UID/GID handling The sandbox automatically handles user permissions on Linux. Override these permissions with: |