Commit 13f500e7 authored by Colin Walters's avatar Colin Walters

doc: Add --mount-devapi, some typo fixes

parent d5d3074a
......@@ -77,6 +77,10 @@ including loopback.
Mount the proc filesystem at
.BI \-\-mount\-devapi " DIR"
Mount just the API devices (null, full, urandom etc) at
.BI \-\-mount\-readonly " DIR"
......@@ -90,16 +94,15 @@ After setting the new root directory for the command,
change the current working directory to be
.BI \-\-seccomp-profile-version " DIR"
.BI \-\-seccomp-profile-version " VERSION"
Seccomp is a tool to restrict the system calls applications
can make. As linux-user-chroot is designed for build systems,
we do not need to expose the entire system to build processes;
things like profiling should not happen during builds.
we do not need to expose the entire kernel system call interface.
Currently a number of
This argument is an integer, where -1 means "no seccomp",
and "0" enables the first profile version. This is an
opt-in system to any future versions.
The exit status is the exit status of the executed command,
or 1 if
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment