From 37c0b9b37a4df60f4cf171aca8edd6e6cdc89c75 Mon Sep 17 00:00:00 2001
From: John Vogel <jvogel4@stny.rr.com>
Date: Sat, 14 Jul 2018 10:20:34 -0400
Subject: [PATCH] README.md, nsjail.1: add --stderr_to_null option

---
 README.md | 2 ++
 nsjail.1  | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 1a4568c..90f2dbb 100644
--- a/README.md
+++ b/README.md
@@ -396,6 +396,8 @@ Options:
 	Retain this capability, e.g. CAP_PTRACE (can be specified multiple times)
  --silent 
 	Redirect child process' fd:0/1/2 to /dev/null
+ --stderr_to_null
+	Redirect FD=2 (STDERR_FILENO) to /dev/null
  --skip_setsid 
 	Don't call setsid(), allows for terminal signal handling in the sandboxed process. Dangerous
  --pass_fd VALUE
diff --git a/nsjail.1 b/nsjail.1
index 2ca03c8..6e08ecf 100644
--- a/nsjail.1
+++ b/nsjail.1
@@ -103,6 +103,9 @@ Retain this capability, e.g. CAP_PTRACE (can be specified multiple times)
 \fB\-\-silent\fR
 Redirect child process' fd:0/1/2 to /dev/null
 .TP
+\fB\-\-stderr_to_null\fR
+Redirect FD=2 (STDERR_FILENO) to /dev/null
+.TP
 \fB\-\-skip_setsid\fR
 Don't call setsid(), allows for terminal signal handling in the sandboxed process. Dangerous
 .TP