Document the -u switch

author: erdgeist <> 2013-03-28 18:46:23 +0000
committer: erdgeist <> 2013-03-28 18:46:23 +0000
commit: deece32718b2103d9230134a6ee9082f86eeee70 (patch)
tree: 8833bc753420b751f8a34944922052f2402d04f0
parent: 28fcbc589634cf68e233cbfb407a1eb19db32bcd (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/man1/jaildaemon.1 b/man1/jaildaemon.1
index 2d5f654..b8f15cc 100644
--- a/man1/jaildaemon.1
+++ b/man1/jaildaemon.1
@@ -12,6 +12,7 @@
 .Nm
 .Cm Fl c Ar command Fl j Ar jid
 .Op Fl rR
+.Op Fl u Ar uid
 .Op Fl t Ar proctitle
 .Op Fl f Ar ipcsockpath
 .Sh DESCRIPTION
@@ -96,6 +97,17 @@ to complete before re-spawning the probe process.
 Use this option only if you know, what you're doing. Most shell scripts are
 not re-entrant, even if their authors think so and most programs that run
 long enough should not be started twice with identical parameters.
+.It Fl u Ar uid
+Probes normally run as user root and thus can only be signalled by root
+inside the jail. For some use cases it is desirable to allow non-privileged
+processes inside the jail to signal the probe. You can use this switch to
+tell
+.Nm
+what uid to drop to after being jailed away. (Note that uids inside and
+outside the jail are never guaranteed to match.)
+.Pp
+Use this option only if you know, what you're doing. For most occasions it
+is a good idea to restrict signalling probes to the root user.
 .El
 .Pp
 Exactly one of the
author	erdgeist <>	2013-03-28 18:46:23 +0000
committer	erdgeist <>	2013-03-28 18:46:23 +0000
commit	deece32718b2103d9230134a6ee9082f86eeee70 (patch)
tree	8833bc753420b751f8a34944922052f2402d04f0
parent	28fcbc589634cf68e233cbfb407a1eb19db32bcd (diff)

diff --git a/man1/jaildaemon.1 b/man1/jaildaemon.1 index 2d5f654..b8f15cc 100644 --- a/man1/jaildaemon.1 +++ b/man1/jaildaemon.1
@@ -12,6 +12,7 @@
12	.Nm	12	.Nm
13	.Cm Fl c Ar command Fl j Ar jid	13	.Cm Fl c Ar command Fl j Ar jid
14	.Op Fl rR	14	.Op Fl rR
		15	.Op Fl u Ar uid
15	.Op Fl t Ar proctitle	16	.Op Fl t Ar proctitle
16	.Op Fl f Ar ipcsockpath	17	.Op Fl f Ar ipcsockpath
17	.Sh DESCRIPTION	18	.Sh DESCRIPTION
@@ -96,6 +97,17 @@ to complete before re-spawning the probe process.
96	Use this option only if you know, what you're doing. Most shell scripts are	97	Use this option only if you know, what you're doing. Most shell scripts are
97	not re-entrant, even if their authors think so and most programs that run	98	not re-entrant, even if their authors think so and most programs that run
98	long enough should not be started twice with identical parameters.	99	long enough should not be started twice with identical parameters.
		100	.It Fl u Ar uid
		101	Probes normally run as user root and thus can only be signalled by root
		102	inside the jail. For some use cases it is desirable to allow non-privileged
		103	processes inside the jail to signal the probe. You can use this switch to
		104	tell
		105	.Nm
		106	what uid to drop to after being jailed away. (Note that uids inside and
		107	outside the jail are never guaranteed to match.)
		108	.Pp
		109	Use this option only if you know, what you're doing. For most occasions it
		110	is a good idea to restrict signalling probes to the root user.
99	.El	111	.El
100	.Pp	112	.Pp
101	Exactly one of the	113	Exactly one of the