diff options
author | Colin Walters <walters@verbum.org> | 2015-09-06 12:00:26 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2015-09-06 12:00:49 -0400 |
commit | 13f500e7ed01933fd8af4614dc979eff6df77678 (patch) | |
tree | d814619d6142f0b1b3cf30a9271fb792b6206131 | |
parent | d5d3074a8278796eeafd5e218811548447affe06 (diff) | |
download | linux-user-chroot-13f500e7ed01933fd8af4614dc979eff6df77678.tar.gz |
doc: Add --mount-devapi, some typo fixes
-rw-r--r-- | doc/linux-user-chroot.8 | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/doc/linux-user-chroot.8 b/doc/linux-user-chroot.8 index 1b64d50..dfd420b 100644 --- a/doc/linux-user-chroot.8 +++ b/doc/linux-user-chroot.8 @@ -77,6 +77,10 @@ including loopback. Mount the proc filesystem at .IR DIR . .TP +.BI \-\-mount\-devapi " DIR" +Mount just the API devices (null, full, urandom etc) at +.IR DIR . +.TP .BI \-\-mount\-readonly " DIR" Make .I DIR @@ -90,16 +94,15 @@ After setting the new root directory for the command, change the current working directory to be .IR DIR . .TP -.BI \-\-seccomp-profile-version " DIR" +.BI \-\-seccomp-profile-version " VERSION" Seccomp is a tool to restrict the system calls applications can make. As linux-user-chroot is designed for build systems, -we do not need to expose the entire system to build processes; -things like profiling should not happen during builds. +we do not need to expose the entire kernel system call interface. +Currently a number of This argument is an integer, where -1 means "no seccomp", and "0" enables the first profile version. This is an opt-in system to any future versions. -.IR DIR . .SH "EXIT STATUS" The exit status is the exit status of the executed command, or 1 if |