Robert Swiecki
|
5b07ba1d32
|
contain: capabilities
|
2017-02-12 16:54:39 +01:00 |
|
Robert Swiecki
|
341832d755
|
Duplicate logging fd, so it can be used from child process
|
2017-02-11 20:33:54 +01:00 |
|
Robert Swiecki
|
3b83267cfd
|
Init user-ns setresuid/setresgid before initializing other NSes
|
2017-02-07 18:31:50 +01:00 |
|
Robert Swiecki
|
7917aae84d
|
keep_caps: make effective caps eq to permitted
|
2017-01-23 12:02:48 +01:00 |
|
Robert Swiecki
|
20745a455d
|
Support for ambient capabilities
|
2017-01-21 00:15:03 +01:00 |
|
Stephen Röttger
|
6501357f98
|
new flag to skip no_new_privs: --disable_no_new_privs
|
2016-09-30 15:23:04 +02:00 |
|
Robert Swiecki
|
1dc33c7bcf
|
Remove defer{} calls
|
2016-07-29 15:38:22 +02:00 |
|
Robert Swiecki
|
f3b70cc314
|
Remove -lBlocksRuntime
|
2016-07-27 14:04:03 +02:00 |
|
Robert Swiecki
|
432c82bb34
|
Make it a bit more standards friendly
|
2016-07-21 15:48:47 +02:00 |
|
Jagger
|
4bc5632af4
|
Report failure of setting fcntl(FD_CLOEXEC) as error
|
2016-06-20 22:59:29 +02:00 |
|
Jagger
|
827e1a4e7d
|
Init cgroups from parent
|
2016-06-19 15:50:25 +02:00 |
|
Jagger
|
6223ccebf1
|
Rudimentary cgroup support
|
2016-06-19 12:47:28 +02:00 |
|
Jagger
|
da0f4c0695
|
Better logging for closing(fd)
|
2016-06-18 11:08:35 +02:00 |
|
Jagger
|
86ddf16279
|
Implement --pass_fd
|
2016-06-18 00:46:57 +02:00 |
|
Robert Swiecki
|
3edc8bf4a7
|
Move PID ns to a separate module
|
2016-05-13 17:07:44 +02:00 |
|
Jagger
|
a6062dd03a
|
Restart fcntl()
|
2016-05-09 23:45:56 +02:00 |
|
Robert Swiecki
|
6e25d47eba
|
Cover interruptible syscalls with TEMP_FAILURE_RETRY
|
2016-05-09 15:16:26 +02:00 |
|
Jagger
|
57a523dd08
|
Use defer {} instead of DEFER()
|
2016-04-23 04:22:31 +02:00 |
|
Robert Swiecki
|
3bc8cce90e
|
No need to redirect log fd anymore
|
2016-03-15 20:42:03 +01:00 |
|
Jagger
|
4ae2c027ac
|
Cleaner impl. of DEFER
|
2016-03-10 22:56:26 +01:00 |
|
Jagger
|
09e08a2c1f
|
More defers
|
2016-03-08 22:54:35 +01:00 |
|
Robert Swiecki
|
eb52ab9a2b
|
Move contain fnctions into contain.c
|
2016-03-08 15:57:09 +01:00 |
|
Robert Swiecki
|
8793dc4c9e
|
Remove caps from the bounding set
|
2016-03-08 15:10:21 +01:00 |
|
Robert Swiecki
|
9cc41e820f
|
Separate uts.* module
|
2016-03-03 16:09:25 +01:00 |
|
Robert Swiecki
|
2c1ff531e3
|
Clearer naming of net functions
|
2016-03-03 15:43:40 +01:00 |
|
Robert Swiecki
|
e02d4e4edf
|
Separate mount.c module
|
2016-03-03 15:37:04 +01:00 |
|
Robert Swiecki
|
b89b8cfbc7
|
Fix common.h includes
|
2016-03-01 17:03:11 +01:00 |
|
Robert Swiecki
|
b0c5baa45d
|
Comment on statvfs
|
2016-03-01 16:01:39 +01:00 |
|
Robert Swiecki
|
60ece3a192
|
Typo
|
2016-03-01 15:38:58 +01:00 |
|
Robert Swiecki
|
cc987ec775
|
Add locked mount flags during remounting
|
2016-03-01 15:36:32 +01:00 |
|
Robert Swiecki
|
f258316f5e
|
More specific error message for EACCES during mount()
|
2016-03-01 15:02:33 +01:00 |
|
Robert Swiecki
|
114ce7e976
|
Make it possible to compile with clang
|
2016-02-29 19:09:39 +01:00 |
|
Jagger
|
d2f47fff92
|
Add network configuration for the 'vs' interface
|
2016-02-29 02:51:55 +01:00 |
|
Jagger
|
43983cbb17
|
Add --iface_lo_up
|
2016-02-29 00:14:36 +01:00 |
|
Jagger
|
fb8eb88410
|
No need to update /proc/pid/setgroups if euid==0
|
2016-02-28 02:41:57 +01:00 |
|
Jagger
|
8d641169e3
|
Initialize user/group maps from the parent process
|
2016-02-28 02:34:43 +01:00 |
|
Jagger
|
ad4b0105a7
|
No need to add (default:none) in cmdline
|
2016-02-28 01:52:09 +01:00 |
|
Robert Swiecki
|
4ec7c12c99
|
Add MS_REC to MS_RDONLY
|
2016-02-25 18:27:42 +01:00 |
|
Robert Swiecki
|
87829e3f6e
|
Implement --skip_setsid
|
2016-01-25 18:09:32 +01:00 |
|
Jagger
|
d36deb5d0d
|
Use --user x:y notation (not working yet)
|
2016-01-23 07:05:24 +01:00 |
|
Robert Swiecki
|
307a6f0257
|
Create a file/dir inside jail beforemounting
|
2016-01-14 15:44:29 +01:00 |
|
Jagger
|
2765e58c4e
|
Use TAILQ instead of LIST to insert new mount entries at the end
|
2016-01-09 16:09:05 +01:00 |
|
Robert Swiecki
|
88e796e004
|
Set a separate session/process_group
|
2015-11-24 18:34:05 +01:00 |
|
Jamy Timmermans
|
bd5ed5ac63
|
Fix dereference in cwd option
|
2015-11-07 06:11:55 -06:00 |
|
Jamy Timmermans
|
93abc40dde
|
Add a cwd option
This way the process being spawned can be in a directory if the
spawner’s choosing (as ling as it’s available in the chroot)
|
2015-11-07 13:01:44 +01:00 |
|
Jagger
|
5f5e496179
|
Make it compile with -m32
|
2015-10-18 20:47:44 +02:00 |
|
Jagger
|
558ede7dfe
|
Make __user_cap_data_struct const
|
2015-10-18 20:39:06 +02:00 |
|
Jagger
|
49faea78b0
|
Use 0x%tx for uintptr_t
|
2015-10-17 19:14:57 +02:00 |
|
Jagger
|
59cedfe10f
|
Use just a single list for mount-points (RO, RW, chroot)
|
2015-10-17 16:48:30 +02:00 |
|
Robert Swiecki
|
5202a7fc07
|
Use rlimit64
|
2015-10-13 19:06:59 +02:00 |
|