diff options
Diffstat (limited to 'runsc')
-rw-r--r-- | runsc/boot/config.go | 2 | ||||
-rw-r--r-- | runsc/main.go | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go index 4276a4cc4..3c0f72e9f 100644 --- a/runsc/boot/config.go +++ b/runsc/boot/config.go @@ -120,6 +120,8 @@ func MakeRefsLeakMode(s string) (refs.LeakMode, error) { return refs.NoLeakChecking, nil case "warning": return refs.LeaksLogWarning, nil + case "traces": + return refs.LeaksLogTraces, nil default: return 0, fmt.Errorf("invalid refs leakmode %q", s) } diff --git a/runsc/main.go b/runsc/main.go index 8857b96ac..1b7c1c4b7 100644 --- a/runsc/main.go +++ b/runsc/main.go @@ -73,7 +73,7 @@ var ( netRaw = flag.Bool("net-raw", false, "enable raw sockets. When false, raw sockets are disabled by removing CAP_NET_RAW from containers (`runsc exec` will still be able to utilize raw sockets). Raw sockets allow malicious containers to craft packets and potentially attack the network.") numNetworkChannels = flag.Int("num-network-channels", 1, "number of underlying channels(FDs) to use for network link endpoints.") rootless = flag.Bool("rootless", false, "it allows the sandbox to be started with a user that is not root. Sandbox and Gofer processes may run with same privileges as current user.") - referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), warning.") + referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), warning, traces.") // Test flags, not to be used outside tests, ever. testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.") |