README.md, nsjail.1: add --stderr_to_null option

author John Vogel <jvogel4@stny.rr.com>

Sat, 14 Jul 2018 14:20:34 +0000 (10:20 -0400)

committer John Vogel <jvogel4@stny.rr.com>

Sat, 14 Jul 2018 14:20:34 +0000 (10:20 -0400)
author John Vogel <jvogel4@stny.rr.com>
Sat, 14 Jul 2018 14:20:34 +0000 (10:20 -0400)
committer John Vogel <jvogel4@stny.rr.com>
Sat, 14 Jul 2018 14:20:34 +0000 (10:20 -0400)
diff --git a/README.md b/README.md

index 1a4568c..90f2dbb 100644 (file)
--- a/README.md
+++ b/README.md
@@ -396,6 +396,8 @@ Options:
         Retain this capability, e.g. CAP_PTRACE (can be specified multiple times)
   --silent 
         Redirect child process' fd:0/1/2 to /dev/null
+ --stderr_to_null
+       Redirect FD=2 (STDERR_FILENO) to /dev/null
   --skip_setsid 
         Don't call setsid(), allows for terminal signal handling in the sandboxed process. Dangerous
   --pass_fd VALUE
diff --git a/nsjail.1 b/nsjail.1

index 2ca03c8..6e08ecf 100644 (file)
--- a/nsjail.1
+++ b/nsjail.1
@@ -103,6 +103,9 @@ Retain this capability, e.g. CAP_PTRACE (can be specified multiple times)
  \fB\-\-silent\fR
  Redirect child process' fd:0/1/2 to /dev/null
  .TP
+\fB\-\-stderr_to_null\fR
+Redirect FD=2 (STDERR_FILENO) to /dev/null
+.TP
  \fB\-\-skip_setsid\fR
  Don't call setsid(), allows for terminal signal handling in the sandboxed process. Dangerous
  .TP
author	John Vogel <jvogel4@stny.rr.com>
	Sat, 14 Jul 2018 14:20:34 +0000 (10:20 -0400)
committer	John Vogel <jvogel4@stny.rr.com>
	Sat, 14 Jul 2018 14:20:34 +0000 (10:20 -0400)
README.md		patch \| blob \| history
nsjail.1		patch \| blob \| history