main: add "-o" option to enable "suid" and "dev"

Device files and suid binaries are often not needed when running gocryptfs as root. As they are potentially dangerous, let the user enable them explicitely via the new "-o" option instead of always enabling them when running as root.
author: Jakob Unterwurzacher 2016-06-26 23:03:18 +0200
committer: Jakob Unterwurzacher 2016-06-26 23:03:18 +0200
commit: 15b88756add78a065fd81120d9447ca1de80dbfe (patch)
tree: e20a255512b470a4f3f42b10d106c72db30e1440 /Documentation/MANPAGE.md
parent: 0115588680c1b00a24407c54d8f7c46a6fa3baf1 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 11d903d..66e8606 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -85,6 +85,15 @@ continue be printed to stdout and stderr.
 :	Send USR1 to the specified process after successful mount. This is
 used internally for daemonization.
 
+**-o**
+: Pass additonal mount options to the kernel (comma-separated list).
+FUSE filesystems are mounted with "nodev,nosuid" by default. If gocryptfs
+runs as root, you can enable device files by passing the opposite mount option,
+"dev", and if you want to enable suid-binaries, pass "suid".
+"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
+interesting. For a complete liste see the section
+`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8).
+
 **-openssl bool**
 :	Use OpenSSL instead of built-in Go crypto (default "auto"). Using
 built-in crypto is 4x slower unless your CPU has AES instructions and
author	Jakob Unterwurzacher	2016-06-26 23:03:18 +0200
committer	Jakob Unterwurzacher	2016-06-26 23:03:18 +0200
commit	15b88756add78a065fd81120d9447ca1de80dbfe (patch)
tree	e20a255512b470a4f3f42b10d106c72db30e1440 /Documentation/MANPAGE.md
parent	0115588680c1b00a24407c54d8f7c46a6fa3baf1 (diff)