[1.0.0.rc1] man: add tty option and tfix

Makefile

@@ -23,7 +23,7 @@ install: man
 	install -m 644 completions/bash/ocitools $(PREFIX)/share/bash-completion/completions
 
 clean:
-	rm -f ocitools runtimetest
+	rm -f ocitools runtimetest *.1
 
 .PHONY: test .gofmt .govet .golint
 

cmd/ocitools/generate.go

@@ -10,18 +10,18 @@ import (
 )
 
 var generateFlags = []cli.Flag{
-	cli.StringFlag{Name: "output", Value: "output", Usage: "output file (defaults to stdout)"},
+	cli.StringFlag{Name: "output", Usage: "output file (defaults to stdout)"},
 	cli.StringFlag{Name: "rootfs", Value: "rootfs", Usage: "path to the rootfs"},
 	cli.BoolFlag{Name: "read-only", Usage: "make the container's rootfs read-only"},
-	cli.BoolFlag{Name: "privileged", Usage: "enabled privileged container settings"},
+	cli.BoolFlag{Name: "privileged", Usage: "enable privileged container settings"},
 	cli.BoolFlag{Name: "no-new-privileges", Usage: "set no new privileges bit for the container process"},
 	cli.BoolFlag{Name: "tty", Usage: "allocate a new tty for the container process"},
 	cli.StringFlag{Name: "hostname", Usage: "hostname value for the container"},
 	cli.IntFlag{Name: "uid", Usage: "uid for the process"},
 	cli.IntFlag{Name: "gid", Usage: "gid for the process"},
 	cli.StringSliceFlag{Name: "groups", Usage: "supplementary groups for the process"},
-	cli.StringSliceFlag{Name: "cap-add", Usage: "add capabilities"},
-	cli.StringSliceFlag{Name: "cap-drop", Usage: "drop capabilities"},
+	cli.StringSliceFlag{Name: "cap-add", Usage: "add Linux capabilities"},
+	cli.StringSliceFlag{Name: "cap-drop", Usage: "drop Linux capabilities"},
 	cli.StringFlag{Name: "cgroup", Usage: "cgroup namespace"},
 	cli.StringFlag{Name: "network", Usage: "network namespace"},
 	cli.StringFlag{Name: "mount", Usage: "mount namespace"},

cmd/ocitools/validate.go

@@ -16,7 +16,6 @@ import (
 
 	"github.com/Sirupsen/logrus"
 	"github.com/blang/semver"
-	"github.com/opencontainers/ocitools/generate"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/urfave/cli"
 )
@@ -47,6 +46,22 @@ var (
 		"RLIMIT_RTPRIO",
 		"RLIMIT_RTTIME",
 	}
+	defaultCaps = []string{
+		"CAP_CHOWN",
+		"CAP_DAC_OVERRIDE",
+		"CAP_FSETID",
+		"CAP_FOWNER",
+		"CAP_MKNOD",
+		"CAP_NET_RAW",
+		"CAP_SETGID",
+		"CAP_SETUID",
+		"CAP_SETFCAP",
+		"CAP_SETPCAP",
+		"CAP_NET_BIND_SERVICE",
+		"CAP_SYS_CHROOT",
+		"CAP_KILL",
+		"CAP_AUDIT_WRITE",
+	}
 )
 
 var bundleValidateCommand = cli.Command{
@@ -421,7 +436,7 @@ func envValid(env string) bool {
 }
 
 func capValid(capability string) bool {
-	for _, val := range generate.DefaultCaps {
+	for _, val := range defaultCaps {
 		if val == capability {
 			return true
 		}

man/ocitools-generate.1.md

@@ -107,7 +107,7 @@ inside of the container.
   it is unset, create a new namespace.  The special *PATH* `host`
   removes any existing network namespace from the configuration.
 
-**--no-new-privileges**
+**--no-new-privileges**=true|false
   Set no new privileges bit for the container process.  Setting this flag
   will block the container processes from gaining any additional privileges
   using tools like setuid apps.  It is a good idea to run unprivileged
@@ -208,6 +208,9 @@ inside of the container.
     This command mounts a `tmpfs` at `/tmp` within the container.  The supported mount options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options:
     `rw,noexec,nosuid,nodev,size=65536k`.
 
+**--tty**=true|false
+  Allocate a new tty for the container process. The default is *false*.
+
 **--uid**=UID
   Sets the UID used within the container.