summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
Diffstat (limited to 'runsc')
-rw-r--r--runsc/boot/config.go2
-rw-r--r--runsc/main.go2
2 files changed, 3 insertions, 1 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 4276a4cc4..3c0f72e9f 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -120,6 +120,8 @@ func MakeRefsLeakMode(s string) (refs.LeakMode, error) {
return refs.NoLeakChecking, nil
case "warning":
return refs.LeaksLogWarning, nil
+ case "traces":
+ return refs.LeaksLogTraces, nil
default:
return 0, fmt.Errorf("invalid refs leakmode %q", s)
}
diff --git a/runsc/main.go b/runsc/main.go
index 8857b96ac..1b7c1c4b7 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -73,7 +73,7 @@ var (
netRaw = flag.Bool("net-raw", false, "enable raw sockets. When false, raw sockets are disabled by removing CAP_NET_RAW from containers (`runsc exec` will still be able to utilize raw sockets). Raw sockets allow malicious containers to craft packets and potentially attack the network.")
numNetworkChannels = flag.Int("num-network-channels", 1, "number of underlying channels(FDs) to use for network link endpoints.")
rootless = flag.Bool("rootless", false, "it allows the sandbox to be started with a user that is not root. Sandbox and Gofer processes may run with same privileges as current user.")
- referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), warning.")
+ referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), warning, traces.")
// Test flags, not to be used outside tests, ever.
testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")