diff options
author | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-02-16 15:31:02 -0800 |
---|---|---|
committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-02-16 15:37:23 -0800 |
commit | 9dd256ea2a2a6c7faed026eb6f87f9677b7fc0fe (patch) | |
tree | ba7540604e433bb9fce9982a626716429d49113e | |
parent | 2ed0912e55994ec1bd1916f63f5cb0155c57bb65 (diff) | |
download | minijail-9dd256ea2a2a6c7faed026eb6f87f9677b7fc0fe.tar.gz |
Clean up 'minijail0' help message.
Make punctuation and capitalization consistent:
-The help text for a flag is always capitalized, unless it starts
with the name of a system call.
-The help text for a flag always ends with a period.
Bug: None
Change-Id: I8e3dc8bd27b901df4c8e1d15df85352430655f2e
-rw-r--r-- | minijail0.c | 89 |
1 files changed, 45 insertions, 44 deletions
diff --git a/minijail0.c b/minijail0.c index 0be0b6a..f55e0b3 100644 --- a/minijail0.c +++ b/minijail0.c @@ -93,59 +93,60 @@ static void usage(const char *progn) { size_t i; - printf("Usage: %s [-GhiInprsvtUl] [-b <src>,<dest>[,<writeable>]] [-f <file>]" - "[-c <caps>] [-C <dir>] [-g <group>] [-S <file>] [-u <user>] " - "[-k <src>,<dest>,<type>[,<flags>]] [-T <type>] " - "[-m \"<uid> <loweruid> <count>[,<uid> <loweruid> <count>]\"] " - "[-M \"<gid> <lowergid> <count>[,<uid> <loweruid> <count>]\"] " - "<program> [args...]\n" - " -a <table>: use alternate syscall table <table>\n" - " -b: binds <src> to <dest> in chroot. Multiple " - "instances allowed\n" - " -k: mount <src> to <dest> in chroot. Multiple " - "instances allowed, flags are passed to mount(2)\n" - " -c <caps>: restrict caps to <caps>\n" - " -C <dir>: chroot to <dir>\n" - " Not compatible with -P\n" - " -e[file]: enter new network namespace, or existing one if 'file' is provided\n" - " -f <file>: write the pid of the jailed process to <file>\n" - " -G: inherit secondary groups from uid\n" - " -g <group>: change gid to <group>\n" - " -h: help (this message)\n" - " -H: seccomp filter help message\n" - " -i: exit immediately after fork (do not act as init)\n" - " Not compatible with -p\n" - " -I: run <program> as init (pid 1) inside a new pid namespace (implies -p)\n" - " -l: enter new IPC namespace\n" - " -L: report blocked syscalls to syslog when using seccomp filter.\n" + printf("Usage: %s [-GhiIlnprstUv]\n" + " [-b <src>,<dest>[,<writeable>]] [-f <file>]" + " [-c <caps>] [-C <dir>] [-g <group>] [-u <user>]\n" + " [-S <file>] [-k <src>,<dest>,<type>[,<flags>]] [-T <type>]\n" + " [-m \"<uid> <loweruid> <count>[,<uid> <loweruid> <count>]\"]\n" + " [-M \"<gid> <lowergid> <count>[,<uid> <loweruid> <count>]\"]\n" + " <program> [args...]\n" + " -a <table>: Use alternate syscall table <table>.\n" + " -b: Binds <src> to <dest> in chroot.\n" + " Multiple instances allowed.\n" + " -k: Mount <src> to <dest> in chroot.\n" + " Multiple instances allowed, flags are passed to mount(2).\n" + " -c <caps>: Restrict caps to <caps>.\n" + " -C <dir>: chroot(2) to <dir>.\n" + " Not compatible with -P.\n" + " -e[file]: Enter new network namespace, or existing one if 'file' is provided.\n" + " -f <file>: Write the pid of the jailed process to <file>.\n" + " -G: Inherit supplementary groups from uid.\n" + " -g <group>: Change gid to <group>.\n" + " -h: Help (this message).\n" + " -H: Seccomp filter help message.\n" + " -i: Exit immediately after fork (do not act as init).\n" + " Not compatible with -p.\n" + " -I: Run <program> as init (pid 1) inside a new pid namespace (implies -p).\n" + " -l: Enter new IPC namespace.\n" + " -L: Report blocked syscalls to syslog when using seccomp filter.\n" " Forces the following syscalls to be allowed:\n" " ", progn); for (i = 0; i < log_syscalls_len; i++) printf("%s ", log_syscalls[i]); printf("\n" - " -m: set the uid mapping of a user namespace (implies -pU).\n" + " -m: Set the uid mapping of a user namespace (implies -pU).\n" " Same arguments as newuidmap(1), multiple mappings should be separated by ',' (comma).\n" - " Not compatible with -b without writable\n" - " -M: set the gid mapping of a user namespace (implies -pU).\n" + " Not compatible with -b without the 'writable' option.\n" + " -M: Set the gid mapping of a user namespace (implies -pU).\n" " Same arguments as newgidmap(1), multiple mappings should be separated by ',' (comma).\n" - " Not compatible with -b without writable\n" - " -n: set no_new_privs\n" - " -p: enter new pid namespace (implies -vr)\n" - " -P <dir>: pivot_root to <dir> (implies -v)\n" - " Not compatible with -C\n" - " -r: remount /proc read-only (implies -v)\n" - " -s: use seccomp\n" - " -S <file>: set seccomp filter using <file>\n" - " E.g., -S /usr/share/filters/<prog>.$(uname -m)\n" - " Requires -n when not running as root\n" - " -t: mount tmpfs at /tmp inside chroot\n" - " -T <type>: assume <program> is a <type> ELF binary.\n" + " Not compatible with -b without the 'writable' option.\n" + " -n: Set no_new_privs.\n" + " -p: Enter new pid namespace (implies -vr).\n" + " -P <dir>: pivot_root(2) to <dir> (implies -v).\n" + " Not compatible with -C.\n" + " -r: Remount /proc read-only (implies -v).\n" + " -s: Use seccomp.\n" + " -S <file>: Set seccomp filter using <file>.\n" + " E.g., '-S /usr/share/filters/<prog>.$(uname -m)'.\n" + " Requires -n when not running as root.\n" + " -t: Mount tmpfs at /tmp inside chroot.\n" + " -T <type>: Assume <program> is a <type> ELF binary.\n" " Must be 'static' or 'dynamic'.\n" - " -u <user>: change uid to <user>\n" - " -U enter new user namespace (implies -p)\n" - " -v: enter new mount namespace\n" - " -V <file>: enter specified mount namespace\n"); + " -u <user>: Change uid to <user>.\n" + " -U Enter new user namespace (implies -p).\n" + " -v: Enter new mount namespace.\n" + " -V <file>: Enter specified mount namespace.\n"); } static void seccomp_filter_usage(const char *progn) |