summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
Diffstat (limited to 'runsc')
-rw-r--r--runsc/boot/config.go4
-rw-r--r--runsc/main.go2
2 files changed, 3 insertions, 3 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 3c0f72e9f..6a742f349 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -118,9 +118,9 @@ func MakeRefsLeakMode(s string) (refs.LeakMode, error) {
switch strings.ToLower(s) {
case "disabled":
return refs.NoLeakChecking, nil
- case "warning":
+ case "log-names":
return refs.LeaksLogWarning, nil
- case "traces":
+ case "log-traces":
return refs.LeaksLogTraces, nil
default:
return 0, fmt.Errorf("invalid refs leakmode %q", s)
diff --git a/runsc/main.go b/runsc/main.go
index 1b7c1c4b7..58e7dd8f3 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -73,7 +73,7 @@ var (
netRaw = flag.Bool("net-raw", false, "enable raw sockets. When false, raw sockets are disabled by removing CAP_NET_RAW from containers (`runsc exec` will still be able to utilize raw sockets). Raw sockets allow malicious containers to craft packets and potentially attack the network.")
numNetworkChannels = flag.Int("num-network-channels", 1, "number of underlying channels(FDs) to use for network link endpoints.")
rootless = flag.Bool("rootless", false, "it allows the sandbox to be started with a user that is not root. Sandbox and Gofer processes may run with same privileges as current user.")
- referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), warning, traces.")
+ referenceLeakMode = flag.String("ref-leak-mode", "disabled", "sets reference leak check mode: disabled (default), log-names, log-traces.")
// Test flags, not to be used outside tests, ever.
testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")