From deece32718b2103d9230134a6ee9082f86eeee70 Mon Sep 17 00:00:00 2001
From: erdgeist <>
Date: Thu, 28 Mar 2013 18:46:23 +0000
Subject: Document the -u switch

---
 man1/jaildaemon.1 | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/man1/jaildaemon.1 b/man1/jaildaemon.1
index 2d5f654..b8f15cc 100644
--- a/man1/jaildaemon.1
+++ b/man1/jaildaemon.1
@@ -12,6 +12,7 @@
 .Nm
 .Cm Fl c Ar command Fl j Ar jid
 .Op Fl rR
+.Op Fl u Ar uid
 .Op Fl t Ar proctitle
 .Op Fl f Ar ipcsockpath
 .Sh DESCRIPTION
@@ -96,6 +97,17 @@ to complete before re-spawning the probe process.
 Use this option only if you know, what you're doing. Most shell scripts are
 not re-entrant, even if their authors think so and most programs that run
 long enough should not be started twice with identical parameters.
+.It Fl u Ar uid
+Probes normally run as user root and thus can only be signalled by root
+inside the jail. For some use cases it is desirable to allow non-privileged
+processes inside the jail to signal the probe. You can use this switch to
+tell
+.Nm
+what uid to drop to after being jailed away. (Note that uids inside and
+outside the jail are never guaranteed to match.)
+.Pp
+Use this option only if you know, what you're doing. For most occasions it
+is a good idea to restrict signalling probes to the root user.
 .El
 .Pp
 Exactly one of the
-- 
cgit v1.2.3