| 1234567891011121314151617181920212223242526272829 |
- .TH DOT_SANDBOX 1
- .SH NAME
- dot_sandbox \- Graphviz sandbox
- .SH SYNOPSIS
- \fBdot_sandbox\fR \fIoptions...\fR
- .SH DESCRIPTION
- This program is a wrapper around Graphviz. It aims to provide a safe environment
- for the processing of untrusted input graphs and command line options. More
- precisely:
- .RS
- .IP \[bu] 2
- No network access will be allowed.
- .IP \[bu]
- The file system will be read-only. Command line options like \fB\-o ...\fR and
- \fB\-O\fR will not work. It is expected that the caller will render to
- \fBstdout\fR and pipe the output to their desired file.
- .RE
- .PP
- The command line options to \fBdot_sandbox\fR are command line options to be
- passed to \fBdot\fR. Options are passed through unmodified.
- .PP
- The following sandboxing mechanisms are supported:
- .RS
- .IP \[bu] 2
- Bubblewrap
- .RE
- .SH "SEE ALSO"
- .BR dot (1),
- .BR bwrap (1)
|
