nsjail/configs/config1.example

mode: ONCE
chroot_dir: "/"
is_root_rw: false
hostname: "TEST-NS"
cwd: "/lib"

bindhost: "::1"
max_conns_per_ip: 10
port: 31337

time_limit: 100
daemon: false
keep_env: false
silent: false
skip_setsid: false
pass_fd: 100
pass_fd: 3
pivot_root_only: false
disable_no_new_privs: false

rlimit_as: 128
rlimit_core: 0
rlimit_cpu: 10
rlimit_fsize: 0
rlimit_nofile: 5
rlimit_stack: 1

persona_addr_compat_layout: false
persona_mmap_page_zero: false
persona_read_implies_exec: false
persona_addr_limit_3gb: false
persona_addr_no_randomize: false

clone_newnet: true
clone_newuser: true
clone_newns: true
clone_newpid: true
clone_newipc: true
clone_newuts: true
clone_newcgroup: true

uidmap {
	inside_id: "999999"
	outside_id: ""
	count: 1
}

gidmap {
	inside_id: "999998"
	outside_id: ""
	count: 1
}

mount {
	src: ""
	dst: "/tmp"
	fstype: "tmpfs"
	options: ""
	is_ro: false
	is_bind: false
}

mount {
	src: ""
	dst: "/dev"
	fstype: "tmpfs"
	options: ""
	is_ro: false
	is_bind: false
}

mount {
	src: "/dev/null"
	dst: "/dev/null"
	fstype: ""
	options: ""
	is_ro: false
	is_bind: true
}

seccomp_string: "
	POLICY example {
		ERRNO(1337) { geteuid },
		KILL { syslog }
	}
	USE example DEFAULT ALLOW
"

exec_bin {
	path: "/usr/bin/id"
	arg: "root"
}
config: more options in the config 2017-05-26 10:37:50 +08:00			`mode: ONCE`
config: more options in the config #7 2017-05-26 23:50:28 +08:00			`chroot_dir: "/"`
config: more options in the config #2 2017-05-26 11:01:22 +08:00			`is_root_rw: false`
			`hostname: "TEST-NS"`
			`cwd: "/lib"`
config: more options in the config #7 2017-05-26 23:50:28 +08:00
config: more options in the config #2 2017-05-26 11:01:22 +08:00			`bindhost: "::1"`
			`max_conns_per_ip: 10`
config: more options in the config #7 2017-05-26 23:50:28 +08:00			`port: 31337`

config: more options in the config #3 2017-05-26 11:12:01 +08:00			`time_limit: 100`
			`daemon: false`
config: executable in config 2017-05-27 08:24:41 +08:00			`keep_env: false`
config: more options in the config #4 2017-05-26 20:08:09 +08:00			`silent: false`
			`skip_setsid: false`
config: more options in the config #5 2017-05-26 21:22:59 +08:00			`pass_fd: 100`
			`pass_fd: 3`
			`pivot_root_only: false`
			`disable_no_new_privs: false`
config: more options in the config #7 2017-05-26 23:50:28 +08:00
config: more options in the config #5 2017-05-26 21:22:59 +08:00			`rlimit_as: 128`
			`rlimit_core: 0`
			`rlimit_cpu: 10`
			`rlimit_fsize: 0`
			`rlimit_nofile: 5`
			`rlimit_stack: 1`
config: more options in the config #7 2017-05-26 23:50:28 +08:00
			`persona_addr_compat_layout: false`
			`persona_mmap_page_zero: false`
			`persona_read_implies_exec: false`
			`persona_addr_limit_3gb: false`
			`persona_addr_no_randomize: false`

			`clone_newnet: true`
			`clone_newuser: true`
			`clone_newns: true`
			`clone_newpid: true`
			`clone_newipc: true`
			`clone_newuts: true`
			`clone_newcgroup: true`
More work on uid mappings 2017-05-27 05:26:07 +08:00
			`uidmap {`
			`inside_id: "999999"`
			`outside_id: ""`
			`count: 1`
			`}`

			`gidmap {`
			`inside_id: "999998"`
			`outside_id: ""`
			`count: 1`
			`}`
config: support mounts 2017-05-27 07:16:12 +08:00
			`mount {`
			`src: ""`
			`dst: "/tmp"`
			`fstype: "tmpfs"`
			`options: ""`
			`is_ro: false`
			`is_bind: false`
			`}`

			`mount {`
			`src: ""`
			`dst: "/dev"`
			`fstype: "tmpfs"`
			`options: ""`
			`is_ro: false`
			`is_bind: false`
			`}`

			`mount {`
			`src: "/dev/null"`
			`dst: "/dev/null"`
			`fstype: ""`
			`options: ""`
			`is_ro: false`
			`is_bind: true`
			`}`
config: support seccomp filters 2017-05-27 07:35:00 +08:00
			`seccomp_string: "`
			`POLICY example {`
			`ERRNO(1337) { geteuid },`
			`KILL { syslog }`
			`}`
			`USE example DEFAULT ALLOW`
			`"`
config: executable in config 2017-05-27 08:24:41 +08:00
			`exec_bin {`
			`path: "/usr/bin/id"`
			`arg: "root"`
			`}`