minijail: Update man page

When adding options recently, the man page had not been updated.  Add
the new options and fix a few issues such as -C and -t being inserted in
the middle of the description for -c.

BUG=none
TEST=man ./minijail0.1

Change-Id: I2fd9f30aba93a8a0db8e8c94a799ff96c672114e
Signed-off-by: Dylan Reid <dgreid@chromium.org>

1 files changed, 31 insertions, 10 deletions

diff --git a/minijail0.1 b/minijail0.1
index 122ecc5..dbec74d 100644
--- a/minijail0.1
+++ b/minijail0.1
@@ -17,21 +17,28 @@ Bind-mount <src> into the chroot directory at <dest>, optionally writeable.
 .TP
 \fB-c <caps>\fR
 Restrict capabilities to \fIcaps\fR. When used in conjunction with \fB-u\fR and
+\fB-g\fR, this allows a program to have access to only certain parts of root's
+default privileges while running as another user and group ID altogether. Note
+that these capabilities are not inherited by subprocesses of the process given
+capabilities unless those subprocesses have POSIX file capabilities. See
+\fBcapabilities\fR(7).
 .TP
 \fB-C <dir>\fR
 Change root (using chroot(2)) to <dir>.
 .TP
+\fB-e[file]\fR
+Enter a new network namespace, or if \fIfile\fR is specified, Enter an existing
+network namespace specified by \fIfile\fR which is typically of the form
+/proc/<pid>/ns/net.
+.TP
+\fB-f <file>\fR
+Write the pid of the jailed process to \fIfile\fR.
+.TP
 \fB-t\fR
 Mounts a tmpfs filesystem on /tmp. /tmp must exist in the chroot.
 This must be used with -C. The default filesystem has a max size of 128M
 and has standard /tmp permissions (777).
 .TP
-\fB-g\fR, this allows a program to have access to only certain parts of root's
-default privileges while running as another user and group ID altogether. Note
-that these capabilities are not inherited by subprocesses of the process given
-capabilities unless those subprocesses have POSIX file capabilities. See
-\fBcapabilities\fR(7).
-.TP
 \fB-G\fR
 Inherit all the supplementary groups of the user specified with \fB-u\fR. It
 is an error to use this option without having specified a \fBuser name\fR to
@@ -53,17 +60,28 @@ Print a help message detailing supported system call names for seccomp_filter.
 Run inside a new IPC namespace. This option makes the program's System V IPC
 namespace independent.
 .TP
+\fB-m "<uid> <loweruid> <count>[,<uid> <loweruid> <count>]"\fR
+Set the uid mapping of a user namespace (implies \fB-pU\fR).  Same arguments as
+\fBnewuidmap(1)\fR.  Multiple mappings should be separated by ','.
+.TP
+\fB-M "<uid> <loweruid> <count>[,<uid> <loweruid> <count>]"\fR
+Set the gid mapping of a user namespace (implies \fB-pU\fR).  Same arguments as
+\fBnewgidmap(1)\fR.  Multiple mappings should be separated by ','.
+.TP
 \fB-p\fR
 Run inside a new PID namespace. This option will make it impossible for the
 program to see or affect processes that are not its descendants. This implies
 \fB-v\fR and \fB-r\fR, since otherwise the process can see outside its namespace
 by inspecting /proc.
 .TP
+\fB-P <dir>\fR
+Set \fIdir\fR as the root fs using \fBpivot_root\fR. Implies \fB-v\fR, not
+compatible with \fB-C\fR.
+.TP
 \fB-r\fR
-Remount certain filesystems readonly. Currently this only remounts /proc. This
-implies \fB-v\fR. Remounting /proc readonly means that even if the process has
-write access to a system config knob in /proc (e.g., in /sys/kernel), it cannot
-change the value.
+Remount /proc readonly. This implies \fB-v\fR. Remounting /proc readonly means
+that even if the process has write access to a system config knob in /proc
+(e.g., in /sys/kernel), it cannot change the value.
 .TP
 \fB-s\fR
 Enable seccomp(2) in mode 1, which restricts the child process to a very small
@@ -81,6 +99,9 @@ ID.
 \fB-v\fR
 Run inside a new VFS namespace. This option makes the program's mountpoints
 independent of the rest of the system's.
+.TP
+\fB-V <file>\fR
+Enter the VFS namespace specified by \fIfile\fR.
 .SH IMPLEMENTATION
 This program is broken up into two parts: \fBminijail0\fR (the frontend) and a helper
 library called \fBlibminijailpreload\fR. Some jailings can only be achieved from