POTD skeleton #102.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2018-06-11 17:33:31 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2018-06-11 17:33:31 +0200
commit: aa8fb9511c8efb70952ef6b01fcd803847d6704c (patch)
tree: fe378dc5162eaa99ee2a03f724c5873553d42cba /src/options.c
parent: 6faf24d6a8985d721e989f75505dae83c7dda20b (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/options.c b/src/options.c
index 7b83909..0f23f4d 100644
--- a/src/options.c
+++ b/src/options.c
@@ -79,6 +79,12 @@ static struct opt options[OPT_MAX+1] = {
         "path to root directory/image\n", NULL),
     OPT(OT_PATH, .str = POTD_NETNS_RUN_DIR, "netns-rundir",
         "set the network namespace run directory\n", NULL),
+    OPT_NOARG("seccomp-minimal", "use a minimal seccomp ruleset\n",
+        "instead of setting an allowed syscall ruleset\n"
+        "use a minimal set of blocked syscalls e.g.\n"
+        "mount, umount, ptrace, kernel module syscalls\n"
+        "and some io syscalls\n"
+        "(use this if you acknowledge errors on some platforms)\n"),
 
     OPT_NOARG("help", "this\n", NULL),
     OPT(OT_INVALID, .ll = 0, NULL, NULL, NULL)
author	Toni Uhlig <matzeton@googlemail.com>	2018-06-11 17:33:31 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2018-06-11 17:33:31 +0200
commit	aa8fb9511c8efb70952ef6b01fcd803847d6704c (patch)
tree	fe378dc5162eaa99ee2a03f724c5873553d42cba /src/options.c
parent	6faf24d6a8985d721e989f75505dae83c7dda20b (diff)