diff options
author | Mike Frysinger <vapier@google.com> | 2017-06-21 13:39:26 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-06-21 13:39:26 +0000 |
commit | 30e73b95f1e56a62e1d5c08e52b9004e76b0dd91 (patch) | |
tree | ba48c8acdb1ed5f41f155dfa7c3ad2c930d9eb9e | |
parent | 4f8562358e56a3b0ebf68fc1f470d6919f1cd883 (diff) | |
parent | 0fe4e4f252b36866e01bfe46bb7d1c53874de1de (diff) | |
download | minijail-30e73b95f1e56a62e1d5c08e52b9004e76b0dd91.tar.gz |
man pages: standardize reference style
am: 0fe4e4f252
Change-Id: Ifb114ad1a1c0b544987207b5b44b31db916e9a99
-rw-r--r-- | minijail0.1 | 18 | ||||
-rw-r--r-- | minijail0.5 | 4 |
2 files changed, 11 insertions, 11 deletions
diff --git a/minijail0.1 b/minijail0.1 index 11579c2..26a0428 100644 --- a/minijail0.1 +++ b/minijail0.1 @@ -10,7 +10,7 @@ Runs PROGRAM inside a sandbox. .TP \fB-a <table>\fR Run using the alternate syscall table named \fItable\fR. Only available on kernels -and architectures that support the PR_ALT_SYSCALL option of prctl(2). +and architectures that support the \fBPR_ALT_SYSCALL\fR option of \fBprctl\fR(2). .TP \fB-b <src>,<dest>[,<writeable>] Bind-mount \fIsrc\fR into the chroot directory at \fIdest\fR, optionally writeable. @@ -24,7 +24,7 @@ capabilities unless those subprocesses have POSIX file capabilities. See \fBcapabilities\fR(7). .TP \fB-C <dir>\fR -Change root (using chroot(2)) to \fIdir\fR. +Change root (using \fBchroot\fR(2)) to \fIdir\fR. .TP \fB-e[file]\fR Enter a new network namespace, or if \fIfile\fR is specified, enter an existing @@ -73,16 +73,16 @@ system. .TP \fB-m[<uid> <loweruid> <count>[,<uid> <loweruid> <count>]]\fR Set the uid mapping of a user namespace (implies \fB-pU\fR). Same arguments as -\fBnewuidmap(1)\fR. Multiple mappings should be separated by ','. With no mapping, +\fBnewuidmap\fR(1). Multiple mappings should be separated by ','. With no mapping, map the current uid to root inside the user namespace. .TP \fB-M[<uid> <loweruid> <count>[,<uid> <loweruid> <count>]]\fR Set the gid mapping of a user namespace (implies \fB-pU\fR). Same arguments as -\fBnewgidmap(1)\fR. Multiple mappings should be separated by ','. With no mapping, +\fBnewgidmap\fR(1). Multiple mappings should be separated by ','. With no mapping, map the current gid to root inside the user namespace. .TP \fB-n\fR -Set the process's \fIno_new_privs\fR bit. See \fBprctl(2)\fR and the kernel +Set the process's \fIno_new_privs\fR bit. See \fBprctl\fR(2) and the kernel source file \fIDocumentation/prctl/no_new_privs.txt\fR for more info. .TP \fB-N\fR @@ -106,11 +106,11 @@ that even if the process has write access to a system config knob in /proc (e.g., in /sys/kernel), it cannot change the value. .TP \fB-s\fR -Enable seccomp(2) in mode 1, which restricts the child process to a very small -set of system calls. +Enable \fBseccomp\fR(2) in mode 1, which restricts the child process to a very +small set of system calls. .TP \fB-S <arch-specific seccomp_filter policy file>\fR -Enable seccomp(2) in mode 13 which restricts the child process to a set of +Enable \fBseccomp\fR(2) in mode 13 which restricts the child process to a set of system calls defined in the policy file. Note that system calls often change names based on the architecture or mode. (uname -m is your friend.) .TP @@ -171,4 +171,4 @@ The Chromium OS Authors <chromiumos-dev@chromium.org> Copyright \(co 2011 The Chromium OS Authors License BSD-like. .SH "SEE ALSO" -\fBlibminijail.h\fR \fBminijail0(5)\fR +\fBlibminijail.h\fR \fBminijail0\fR(5) diff --git a/minijail0.5 b/minijail0.5 index b9036b9..f5b1bd4 100644 --- a/minijail0.5 +++ b/minijail0.5 @@ -3,7 +3,7 @@ minijail0 \- sandbox a process .SH DESCRIPTION .PP -Runs PROGRAM inside a sandbox. See minijail(1) for details. +Runs PROGRAM inside a sandbox. See \fBminijail\fR(1) for details. .SH EXAMPLES Safely switch from root to nobody while dropping all capabilities and @@ -34,7 +34,7 @@ The policy file supplied to the \fB-S\fR argument supports the following syntax: \fB<empty line>\fR \fB# any single line comment\fR -A policy that emulates seccomp(2) in mode 1 may look like: +A policy that emulates \fBseccomp\fR(2) in mode 1 may look like: read: 1 write: 1 sig_return: 1 |