cmdline: better description for --seccomp_log

diff --git a/README.md b/README.md
index ac48d56d2c93ca66384050c63d2ec3af3a150d5a..b0f44246f27ad04337796307fb225b2ca3e14cf9 100644 (file)
--- a/README.md
+++ b/README.md
@@ -463,7 +463,7 @@ Options:
  --seccomp_string VALUE
        String with kafel seccomp-bpf policy (see kafel/)
  --seccomp_log
-       Use SECCOMP_FILTER_FLAG_LOG. Log all actions except SECCOMP_RET_ALLOW
+       Use SECCOMP_FILTER_FLAG_LOG. Log all actions except SECCOMP_RET_ALLOW. Supported since kernel version 4.14
  --cgroup_mem_max VALUE
        Maximum number of bytes to use in the group (default: '0' - disabled)
  --cgroup_mem_mount VALUE

diff --git a/cmdline.cc b/cmdline.cc
index ca47468901aadc59f611efd335b14757a8869675..33b55910e46b5c7712e8a1dcf350f42c0b39ace3 100644 (file)
--- a/cmdline.cc
+++ b/cmdline.cc
@@ -131,7 +131,7 @@ struct custom_option custom_opts[] = {
     { { "proc_rw", no_argument, NULL, 0x0606 }, "Is procfs mounted as R/W (default: R/O)" },
     { { "seccomp_policy", required_argument, NULL, 'P' }, "Path to file containing seccomp-bpf policy (see kafel/)" },
     { { "seccomp_string", required_argument, NULL, 0x0901 }, "String with kafel seccomp-bpf policy (see kafel/)" },
-    { { "seccomp_log", no_argument, NULL, 0x0902 }, "Use SECCOMP_FILTER_FLAG_LOG. Log all actions except SECCOMP_RET_ALLOW)" },
+    { { "seccomp_log", no_argument, NULL, 0x0902 }, "Use SECCOMP_FILTER_FLAG_LOG. Log all actions except SECCOMP_RET_ALLOW). Supported since kernel version 4.14" },
     { { "cgroup_mem_max", required_argument, NULL, 0x0801 }, "Maximum number of bytes to use in the group (default: '0' - disabled)" },
     { { "cgroup_mem_mount", required_argument, NULL, 0x0802 }, "Location of memory cgroup FS (default: '/sys/fs/cgroup/memory')" },
     { { "cgroup_mem_parent", required_argument, NULL, 0x0803 }, "Which pre-existing memory cgroup to use as a parent (default: 'NSJAIL')" },