diff options
author | Luis Hector Chavez <lhchavez@google.com> | 2018-04-19 20:14:47 -0700 |
---|---|---|
committer | Luis Hector Chavez <lhchavez@google.com> | 2018-04-20 10:24:29 -0700 |
commit | 9dd13fd059ffe080c55f60ab98fbecdc7a3ed7ec (patch) | |
tree | 33b2fe135371ed134c0a951ee6f949ffffb15f6a /minijail0.1 | |
parent | 413af658ee448c138830b3bc7eecb972f18fb6fc (diff) | |
download | minijail-9dd13fd059ffe080c55f60ab98fbecdc7a3ed7ec.tar.gz |
Update the manpagelinux-v5
A few entries were missing. Not anymore!
Bug: None
Test: Visual inspection
Change-Id: I232177d528e6fc5347c09740583d13971343b7db
Diffstat (limited to 'minijail0.1')
-rw-r--r-- | minijail0.1 | 39 |
1 files changed, 33 insertions, 6 deletions
diff --git a/minijail0.1 b/minijail0.1 index ce8e67c..0329997 100644 --- a/minijail0.1 +++ b/minijail0.1 @@ -19,13 +19,25 @@ If \fIdest\fR is not specified, it will default to \fIsrc\fR. If the destination does not exist, it will be created as a file or directory based on the \fIsrc\fR type (including missing parent directories). .TP +\fB-B <mask>\fR +Skip setting securebits in \fImask\fR when restricting capabilities (\fB-c\fR). +\fImask\fR is a hex constant that represents the mask of securebits that will +be preserved. See \fBcapabilities\fR(7) for the complete list. By default, +\fBSECURE_NOROOT\fR, \fBSECURE_NO_SETUID_FIXUP\fR, and \fBSECURE_KEEP_CAPS\fR +(together with their respective locks) are set. +\fBSECBIT_NO_CAP_AMBIENT_RAISE\fR (and its respective lock) is never set +because the permitted and inheritable capability sets have already been set +through \fB-c\fR. +.TP \fB-c <caps>\fR -Restrict capabilities to \fIcaps\fR. When used in conjunction with \fB-u\fR and -\fB-g\fR, this allows a program to have access to only certain parts of root's -default privileges while running as another user and group ID altogether. Note -that these capabilities are not inherited by subprocesses of the process given -capabilities unless those subprocesses have POSIX file capabilities. See -\fBcapabilities\fR(7). +Restrict capabilities to \fIcaps\fR, which is a hex constant that represents +the capability mask that will be used as the permitted, effective, and +inheritable sets. When used in conjunction with \fB-u\fR and \fB-g\fR, this +allows a program to have access to only certain parts of root's default +privileges while running as another user and group ID altogether. Note that +these capabilities are not inherited by subprocesses of the process given +capabilities unless those subprocesses have POSIX file capabilities or the +\fB--ambient\fR flag is also passed. See \fBcapabilities\fR(7). .TP \fB-C <dir>\fR Change root (using \fBchroot\fR(2)) to \fIdir\fR. @@ -61,6 +73,10 @@ Print a help message detailing supported system call names for seccomp_filter. (Other direct numbers may be specified if minijail0 is not in sync with the host kernel or something like 32/64-bit compatibility issues exist.) .TP +\fB-i\fR +Exit immediately after \fBfork\fR(2). The jailed process will keep running in +the background. +.TP \fB-I\fR Run \fIprogram\fR as init (pid 1) inside a new pid namespace (implies \fB-p\fR). .TP @@ -205,6 +221,17 @@ Keep the current user's supplementary groups. \fB-Y\fR Synchronize seccomp filters across thread group. .TP +\fB-z\fR +Don't forward any signals to the jailed process. For example, when not using +\fB-i\fR, sending \fBSIGINT\fR (e.g., CTRL-C on the terminal), will kill the +minijail0 process, not the jailed process. +.TP +\fB--ambient\fR +Raise ambient capabilities to match the mask specified by \fB-c\fR. Since +ambient capabilities are preserved across \fBexecve\fR(2), this allows for +process trees to have a restricted set of capabilities, even if they are +capability-dumb binaries. See \fBcapabilities\fR(7). +.TP \fB--uts[=hostname]\fR Create a new UTS/hostname namespace, and optionally set the hostname in the new namespace to \fIhostname\fR. |