diff --git a/cmd/ocitools/generate.go b/cmd/ocitools/generate.go index fca5d6fcb..d6dcd3d66 100644 --- a/cmd/ocitools/generate.go +++ b/cmd/ocitools/generate.go @@ -13,15 +13,15 @@ var generateFlags = []cli.Flag{ cli.StringFlag{Name: "output", Usage: "output file (defaults to stdout)"}, cli.StringFlag{Name: "rootfs", Value: "rootfs", Usage: "path to the rootfs"}, cli.BoolFlag{Name: "read-only", Usage: "make the container's rootfs read-only"}, - cli.BoolFlag{Name: "privileged", Usage: "enabled privileged container settings"}, + cli.BoolFlag{Name: "privileged", Usage: "enable privileged container settings"}, cli.BoolFlag{Name: "no-new-privileges", Usage: "set no new privileges bit for the container process"}, cli.BoolFlag{Name: "tty", Usage: "allocate a new tty for the container process"}, cli.StringFlag{Name: "hostname", Usage: "hostname value for the container"}, cli.IntFlag{Name: "uid", Usage: "uid for the process"}, cli.IntFlag{Name: "gid", Usage: "gid for the process"}, cli.StringSliceFlag{Name: "groups", Usage: "supplementary groups for the process"}, - cli.StringSliceFlag{Name: "cap-add", Usage: "add capabilities"}, - cli.StringSliceFlag{Name: "cap-drop", Usage: "drop capabilities"}, + cli.StringSliceFlag{Name: "cap-add", Usage: "add Linux capabilities"}, + cli.StringSliceFlag{Name: "cap-drop", Usage: "drop Linux capabilities"}, cli.StringFlag{Name: "cgroup", Usage: "cgroup namespace"}, cli.StringFlag{Name: "network", Usage: "network namespace"}, cli.StringFlag{Name: "mount", Usage: "mount namespace"}, diff --git a/man/ocitools-generate.1.md b/man/ocitools-generate.1.md index eb79b74ee..476260a59 100644 --- a/man/ocitools-generate.1.md +++ b/man/ocitools-generate.1.md @@ -107,7 +107,7 @@ inside of the container. it is unset, create a new namespace. The special *PATH* `host` removes any existing network namespace from the configuration. -**--no-new-privileges** +**--no-new-privileges**=true|false Set no new privileges bit for the container process. Setting this flag will block the container processes from gaining any additional privileges using tools like setuid apps. It is a good idea to run unprivileged @@ -208,6 +208,9 @@ inside of the container. This command mounts a `tmpfs` at `/tmp` within the container. The supported mount options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. +**--tty**=true|false + Allocate a new tty for the container process. The default is *false*. + **--uid**=UID Sets the UID used within the container.