Update docs

README.md

@@ -57,6 +57,8 @@ Or you can run the following command to download ruri automatically:
 wget -O - https://github.com/Moe-hacker/ruri/raw/refs/heads/main/get-ruri.sh | bash -s -- -s
 ```
 This will automatically download ruri binary to `./ruri`.      
+# Usage:    
+See [USAGE](doc/USAGE.md) to explore all features of ruri.         
 # WARNING:      
 > [!WARNING]
 > ruri should always be executed with root privileges(sudo), and do not set SUID or any capability on it!      
@@ -80,8 +82,6 @@ ruri is ready to integrate into other projects, with the MIT License, it is comp
 An example is ruri's own build action [build-all.sh](build/build-all.sh), it runs containers for 9 different architectures to build itself, that shows its broad application prospects.      
 Another example is [rurima](https://github.com/Moe-hacker/rurima), I made ruri built-in into it, so it can be run as a subcommand.      
 See [Integration](doc/Integration.md) for a guide to integrate ruri into your projects.    
-# Usage:    
-See [USAGE](doc/USAGE.md)      
 # Behavior of rurienv:
 After initing the container, ruri will create a file /.rurienv by default, this config can unify container config, but it will also cover some of the command-line args, you can use `--no-rurienv` to disable it, or see [rurienv.md](doc/rurienv.md) to see its behavior.     
 If you want to change the container config, just use -U to umount it and re-run the container.      

doc/USAGE.md

@@ -70,12 +70,14 @@ For example:
 ruri -q /usr/bin/qemu-x86_64-static -a x86_64 ./test-x86_64
 ```
 But remember that do not use this feature to simulate host architecture.      
+Note: This option need kernel support for binfmt_misc.      
 *******************************************************************
 ```
 -u, --unshare ...............................: Enable unshare feature
 ```
 ruri supports unshare container, but NET and USER namespace is not supported.        
 Note: when PID 1 died in PID NS, the ns will be cleared, so all process in it will die.      
+Note: This option need kernel support for namespaces, it will try to enable supported ns, but if failed, it will only show warnings.     
 *****************************************
 ```
 -n, --no-new-privs ..........................: Set NO_NEW_PRIVS flag
@@ -91,6 +93,7 @@ ruri will create /.rurienv in container to save container config by default, you
 -s, --enable-seccomp ........................: Enable built-in Seccomp profile
 ```
 ruri provides a built-in seccomp profile, but if you really need to use seccomp, you might need to edit src/seccomp.c with your own rules and recompile it.      
+Note: This option need kernel support seccomp.
 ****************************************
 ```
 -p, --privileged ............................: Run privileged container
@@ -102,6 +105,7 @@ This argument will give all capabilities to container, but you can also use `-d`
 ```
 This option should be run with common user, so you can run rootless container with user ns.      
 This option require `uidmap` package and user namespace support.      
+Note: This option need user ns support, and need kernel to allow create user ns with common user.      
 *********************************************
 ```
 -k, --keep [cap] ............................: Keep the specified capability
@@ -153,6 +157,7 @@ for example:
 ```
 ruri -l memory=1M -l cpuset=1 /test
 ```
+Note: This option need kernel support for specified cgroup.      
 **************************************************
 ```
 -w, --no-warnings ...........................: Disable warnings