- fprintf(stderr, " -p\t\tjail has /proc\t\n");
- fprintf(stderr, " -s\t\tjail has /sys\t\n");
- fprintf(stderr, " -l\t\tjail has /dev/log\t\n");
- fprintf(stderr, " -u\t\tjail has a ubus socket\t\n");
-
- return -1;
+ fprintf(stderr, " -p\t\tjail has /proc\n");
+ fprintf(stderr, " -s\t\tjail has /sys\n");
+ fprintf(stderr, " -l\t\tjail has /dev/log\n");
+ fprintf(stderr, " -u\t\tjail has a ubus socket\n");
+ fprintf(stderr, " -o\t\tremont jail root (/) read only\n");
+ fprintf(stderr, "\nWarning: by default root inside the jail is the same\n\
+and he has the same powers as root outside the jail,\n\
+thus he can escape the jail and/or break stuff.\n\
+Please use seccomp/capabilities (-S/-C) to restrict his powers\n\n\
+If you use none of the namespace jail options,\n\
+ujail will not use namespace/build a jail,\n\
+and will only drop capabilities/apply seccomp filter.\n\n");