From aa8fb9511c8efb70952ef6b01fcd803847d6704c Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Mon, 11 Jun 2018 17:33:31 +0200
Subject: POTD skeleton #102.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/options.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/options.c')

diff --git a/src/options.c b/src/options.c
index 7b83909..0f23f4d 100644
--- a/src/options.c
+++ b/src/options.c
@@ -79,6 +79,12 @@ static struct opt options[OPT_MAX+1] = {
         "path to root directory/image\n", NULL),
     OPT(OT_PATH, .str = POTD_NETNS_RUN_DIR, "netns-rundir",
         "set the network namespace run directory\n", NULL),
+    OPT_NOARG("seccomp-minimal", "use a minimal seccomp ruleset\n",
+        "instead of setting an allowed syscall ruleset\n"
+        "use a minimal set of blocked syscalls e.g.\n"
+        "mount, umount, ptrace, kernel module syscalls\n"
+        "and some io syscalls\n"
+        "(use this if you acknowledge errors on some platforms)\n"),
 
     OPT_NOARG("help", "this\n", NULL),
     OPT(OT_INVALID, .ll = 0, NULL, NULL, NULL)
-- 
cgit v1.2.3