diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2018-09-07 12:27:44 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-09-07 12:28:48 -0700 |
| commit | bc81f3fe4a042a15343d2eab44da32d818ac1ade (patch) | |
| tree | 808e8e3ebfdf7e43b9f279032cd39e28fb75de98 /runsc/main.go | |
| parent | f895cb4d8b4b37a563b7a5b9dc92eae552084b44 (diff) | |
Remove '--file-access=direct' option
It was used before gofer was implemented and it's not
supported anymore.
BREAKING CHANGE: proxy-shared and proxy-exclusive options
are now: shared and exclusive.
PiperOrigin-RevId: 212017643
Change-Id: If029d4073fe60583e5ca25f98abb2953de0d78fd
Diffstat (limited to 'runsc/main.go')
| -rw-r--r-- | runsc/main.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/runsc/main.go b/runsc/main.go index c51b199aa..c30b29b81 100644 --- a/runsc/main.go +++ b/runsc/main.go @@ -58,7 +58,7 @@ var ( // Flags that control sandbox runtime behavior. platform = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm") network = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.") - fileAccess = flag.String("file-access", "proxy-exclusive", "specifies which filesystem to use: proxy-exclusive (default), proxy-shared, or direct. Using a proxy is more secure because it disallows the sandbox from opening files directly in the host. Setting 'proxy-shared' will disable caches and should be used if external modifications to the filesystem are expected.") + fileAccess = flag.String("file-access", "exclusive", "specifies which filesystem to use: exclusive (default), shared. Setting 'shared' will disable caches and should be used if external modifications to the filesystem are expected.") overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.") multiContainer = flag.Bool("multi-container", false, "enable *experimental* multi-container support.") watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.") @@ -112,8 +112,8 @@ func main() { cmd.Fatalf("%v", err) } - if fsAccess == boot.FileAccessProxy && *overlay { - cmd.Fatalf("overlay flag is incompatible with proxy-shared file access") + if fsAccess == boot.FileAccessShared && *overlay { + cmd.Fatalf("overlay flag is incompatible with shared file access") } netType, err := boot.MakeNetworkType(*network) |