diff options
Diffstat (limited to 'minijail0.1')
-rw-r--r-- | minijail0.1 | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/minijail0.1 b/minijail0.1 index b8a7752b..0fbf38e0 100644 --- a/minijail0.1 +++ b/minijail0.1 @@ -18,8 +18,6 @@ The \fIsrc\fR path must be an absolute path. If \fIdest\fR is not specified, it will default to \fIsrc\fR. If the destination does not exist, it will be created as a file or directory based on the \fIsrc\fR type (including missing parent directories). -To create a writable bind-mount set \fIwritable\fR to \fB1\fR. If not specified -it will default to \fB0\fR (read-only). .TP \fB-B <mask>\fR Skip setting securebits in \fImask\fR when restricting capabilities (\fB-c\fR). @@ -157,13 +155,9 @@ Run inside a new IPC namespace. This option makes the program's System V IPC namespace independent. .TP \fB-L\fR -Report blocked syscalls when using a seccomp filter. On kernels with support for -SECCOMP_RET_LOG, every blocked syscall will be reported through the audit -subsystem (see \fBseccomp\fR(2) for more details on SECCOMP_RET_LOG -availability.) On all other kernels, the first failing syscall will be logged to -syslog. This latter case will also force certain syscalls to be allowed in order -to write to syslog. Note: this option is disabled and ignored for release -builds. +Report blocked syscalls to syslog when using seccomp filter. This option will +force certain syscalls to be allowed in order to achieve this, depending on the +system. .TP \fB-m[<uid> <loweruid> <count>[,<uid> <loweruid> <count>]]\fR Set the uid mapping of a user namespace (implies \fB-pU\fR). Same arguments as @@ -282,10 +276,7 @@ namespace to \fIhostname\fR. .TP \fB--logging=<system>\fR Use \fIsystem\fR as the logging system. \fIsystem\fR must be one of -\fBauto\fR (the default), \fBsyslog\fR, or \fBstderr\fR. - -\fBauto\fR will use \fBstderr\fR if connected to a tty (e.g. run directly by a -user), otherwise it will use \fBsyslog\fR. +\fBsyslog\fR (the default) or \fBstderr\fR. .TP \fB--profile <profile>\fR Choose from one of the available sandboxing profiles, which are simple way to @@ -352,4 +343,4 @@ The Chromium OS Authors <chromiumos-dev@chromium.org> Copyright \(co 2011 The Chromium OS Authors License BSD-like. .SH "SEE ALSO" -\fBlibminijail.h\fR \fBminijail0\fR(5) \fBseccomp\fR(2) +\fBlibminijail.h\fR \fBminijail0\fR(5) |