aboutsummaryrefslogtreecommitdiffstats
path: root/minijail0.1
diff options
context:
space:
mode:
Diffstat (limited to 'minijail0.1')
-rw-r--r--minijail0.119
1 files changed, 5 insertions, 14 deletions
diff --git a/minijail0.1 b/minijail0.1
index b8a7752b..0fbf38e0 100644
--- a/minijail0.1
+++ b/minijail0.1
@@ -18,8 +18,6 @@ The \fIsrc\fR path must be an absolute path.
If \fIdest\fR is not specified, it will default to \fIsrc\fR.
If the destination does not exist, it will be created as a file or directory
based on the \fIsrc\fR type (including missing parent directories).
-To create a writable bind-mount set \fIwritable\fR to \fB1\fR. If not specified
-it will default to \fB0\fR (read-only).
.TP
\fB-B <mask>\fR
Skip setting securebits in \fImask\fR when restricting capabilities (\fB-c\fR).
@@ -157,13 +155,9 @@ Run inside a new IPC namespace. This option makes the program's System V IPC
namespace independent.
.TP
\fB-L\fR
-Report blocked syscalls when using a seccomp filter. On kernels with support for
-SECCOMP_RET_LOG, every blocked syscall will be reported through the audit
-subsystem (see \fBseccomp\fR(2) for more details on SECCOMP_RET_LOG
-availability.) On all other kernels, the first failing syscall will be logged to
-syslog. This latter case will also force certain syscalls to be allowed in order
-to write to syslog. Note: this option is disabled and ignored for release
-builds.
+Report blocked syscalls to syslog when using seccomp filter. This option will
+force certain syscalls to be allowed in order to achieve this, depending on the
+system.
.TP
\fB-m[<uid> <loweruid> <count>[,<uid> <loweruid> <count>]]\fR
Set the uid mapping of a user namespace (implies \fB-pU\fR). Same arguments as
@@ -282,10 +276,7 @@ namespace to \fIhostname\fR.
.TP
\fB--logging=<system>\fR
Use \fIsystem\fR as the logging system. \fIsystem\fR must be one of
-\fBauto\fR (the default), \fBsyslog\fR, or \fBstderr\fR.
-
-\fBauto\fR will use \fBstderr\fR if connected to a tty (e.g. run directly by a
-user), otherwise it will use \fBsyslog\fR.
+\fBsyslog\fR (the default) or \fBstderr\fR.
.TP
\fB--profile <profile>\fR
Choose from one of the available sandboxing profiles, which are simple way to
@@ -352,4 +343,4 @@ The Chromium OS Authors <chromiumos-dev@chromium.org>
Copyright \(co 2011 The Chromium OS Authors
License BSD-like.
.SH "SEE ALSO"
-\fBlibminijail.h\fR \fBminijail0\fR(5) \fBseccomp\fR(2)
+\fBlibminijail.h\fR \fBminijail0\fR(5)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 20:11:34 +0000