woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
853 Commits 2 Branches 0 Tags 1.5 MiB
006270746d
Commit Graph

58 Commits

Author SHA1 Message Date
Robert Swiecki
48e8634ba5 config: add support for seccomp_log 2018-05-23 15:38:45 +02:00
Robert Swiecki
0e4f623456 config.proto: deprecated --chroot and friends 2018-04-29 00:51:55 +02:00
Robert Swiecki
5a35f00e28 mnt: move mnt_t to std::string 2018-02-11 23:44:43 +01:00
Robert Swiecki
3ee825c4aa cgroups: add support for CPU cgroup 2018-02-04 04:15:19 +01:00
Robert Swiecki
e2f96f6019 config.proto: comment on skip_setsid 2017-11-02 13:08:08 +01:00
Robert Swiecki
3734b8801f cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config 2017-10-26 16:16:05 +02:00
Robert Swiecki
659bbd1b4a config.proto: reflow field numbering 2017-10-26 00:35:59 +02:00
Robert Swiecki
082b3821bb Makefile/indent: add clang-format for proto 2017-10-26 00:34:32 +02:00
YAMAMOTO Masaya
315b3837b4 Support cgroup net_cls subsystem 2017-10-25 17:15:03 +09:00
Robert Swiecki
9c2f19b972 cmdline: add option --execute_fd and support for it, in order to use execveat() 2017-10-18 17:57:52 +02:00
Robert Swiecki
c56ec493fb config.proto: reflow numbering of fields 2017-10-08 22:50:06 +02:00
Robert Swiecki
a5c3a1823f config.proto: comments 2017-10-06 22:50:32 +02:00
Robert Swiecki
25c6272b56 config: indent 2017-10-06 22:44:55 +02:00
Robert Swiecki
dbc6fab582 config: allow to use soft/hard/inf limits for rlimits 2017-10-06 22:44:27 +02:00
Robert Swiecki
88703c9ab5 config: make defaults work correctly 2017-09-27 15:36:05 +02:00
Robert Swiecki
374f6cc4f0 config: Initial work on converting config.c to c++ protobuf lib 
config: Initial work on converting config.c to c++ protobuf lib #2

config: Initial work on converting config.c to c++ protobuf lib #3

config: Initial work on converting config.c to c++ protobuf lib #4

config: Initial work on converting config.c to c++ protobuf lib #5

config: Initial work on converting config.c to c++ protobuf lib #6
 2017-09-14 21:17:38 +02:00
Robert Swiecki
7226893b12 config: bind caps 2017-07-06 01:12:13 +02:00
Robert Swiecki
39ce9d22a7 caps: just local caps 2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f caps: simplify capability operations 2017-07-05 15:57:07 +02:00
Robert Swiecki
e86598c544 config.proto: reflow field numbering to make it sequential 2017-07-02 00:20:35 +02:00
Robert Swiecki
e4aba73385 Allow to create symlinks 2017-06-29 00:32:20 +02:00
Robert Swiecki
69783dc200 config: max_cpu_num -> max_cpus 2017-06-21 17:52:16 +02:00
Robert Swiecki
ceaed43133 config: implement max_cpu_num in PB 2017-06-19 17:05:01 +02:00
Robert Swiecki
f203669d25 config: give ability to override argv[0] 2017-06-12 02:14:18 +02:00
Robert Swiecki
3e30c8e4d2 config.proto: clang-format 2017-06-12 02:08:16 +02:00
Robert Swiecki
63e4059f7a Slight fixes to log_fd 2017-06-12 00:27:27 +02:00
Tony Young
c55dc8cb12 Add an extra log_fd argument to specify an FD to log to. 
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
 2017-06-11 22:12:18 +00:00
Robert Swiecki
0271586e81 Get rid of pivot_root_only - achieve the same in different way 2017-05-29 03:11:32 +02:00
Robert Swiecki
9db01ec991 config: implement keep caps 2017-05-28 19:17:48 +02:00
Robert Swiecki
7b2fc9cdac add configs/firefox-with-cloned-net.cfg 2017-05-28 16:56:16 +02:00
Robert Swiecki
a2bbe667b9 config: switch is_ro to rw 2017-05-28 01:24:55 +02:00
Robert Swiecki
e68acd68eb Support envvars on mount path definitions 2017-05-28 00:15:53 +02:00
Robert Swiecki
b712afa1fc config: add name and description 2017-05-27 19:05:42 +02:00
Robert Swiecki
71588194f3 config: smaller fixes (logging/comments) 2017-05-27 16:47:12 +02:00
Robert Swiecki
840f39bd5b config: indent 2017-05-27 15:40:24 +02:00
Robert Swiecki
ec50c1346d mount: nonmandatory mounts 2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89 config: allow skipping arguments in mount points 2017-05-27 15:01:34 +02:00
Robert Swiecki
d7a805ec47 config: support for envvars 2017-05-27 04:06:28 +02:00
Robert Swiecki
fc6680dda6 clang-format on config.proto 2017-05-27 03:59:02 +02:00
Robert Swiecki
1788ac7ce9 config: description 2017-05-27 03:29:40 +02:00
Robert Swiecki
4dadc15085 config: description 2017-05-27 03:29:06 +02:00
Robert Swiecki
33f597acab config: description 2017-05-27 03:23:08 +02:00
Robert Swiecki
e11548b5d9 config: description 2017-05-27 03:20:10 +02:00
Robert Swiecki
03e8578e79 config: executable in config 2017-05-27 02:24:41 +02:00
Robert Swiecki
4ba9555ca9 config: presumably all options 2017-05-27 02:09:21 +02:00
Robert Swiecki
0acd6155de config: support seccomp filters 2017-05-27 01:35:00 +02:00
Robert Swiecki
b5e37a6c4a config: support mounts 2017-05-27 01:16:12 +02:00
Robert Swiecki
20633b1f57 config: compact-ize uid/gid map options 2017-05-27 00:33:25 +02:00
Robert Swiecki
4d03afd10e config: make inside_id and outside_id default to '' 2017-05-27 00:16:28 +02:00
Robert Swiecki
fb8ce1ca90 config.proto: use string instead of bytes 2017-05-27 00:09:08 +02:00