Robert Swiecki
9b73eaa289
subproc: print correct si fields for SIGCHLD
2022-02-08 12:17:59 +01:00
Robert Swiecki
aa0becd547
make indent
2021-11-12 20:24:33 +01:00
ndrewh
b248125c5f
Fix compile using FROM ubuntu:20.04
...
Remove clone_args members that are only present in 5.5+ and 5.7+
2021-11-08 11:52:23 +01:00
Robert Swiecki
246d4721b1
macros: make NS_VALSTR_STRUCT accept unsigned/64-bit vals
2021-09-30 16:44:48 +02:00
Robert Swiecki
db9e34ebd3
subproc: warn about CLONE_NEWTIME and clone(), and remove notice about CLONE_NEWCGROUP as the kernel versions should be now new enough for its support
2021-07-16 22:53:40 +02:00
Robert Swiecki
737b300609
subproc: debug log for unshare()
2021-07-16 22:47:18 +02:00
Robert Swiecki
d1f332b911
Enable support for clone3() and for CLONE_NEWTIME
2021-05-18 14:38:01 +02:00
Mehul Arora
b09ad5e91c
Fixed macro in subproc.cc
2021-05-12 12:13:06 +05:30
Robert Swiecki
056809ed3b
Initial support for CLONE_NEWTIME
2021-05-11 14:48:45 +02:00
Robert Swiecki
e1e80e8efa
subproc: refer users to dmesg in case si_syscall==31 (SIGSYS)
2021-02-01 23:22:43 +01:00
Robert Swiecki
608618ea7b
subproc: kill a process once in the -Ml mode once the TCP connection has ended
2020-08-30 22:02:08 +02:00
Robert Swiecki
fc02a3911c
make indent
2020-08-26 16:09:55 +02:00
Christian Blichmann
910fb5498c
Fix a few typos.
...
These were found by external tooling while preparing the Debian package.
* Uknown -> Unknown
* Writting -> Writing
* commited -> committed
* processess -> processes
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-07-07 14:07:22 +02:00
Piotr Krysiuk
b582491e02
fix non-functional max_conns_per_ip
...
Starting with nsjail::listenMode update to pipe socket traffic [commit 273ce6bc84
], a pipe file descriptor is passed as connsock parameter when calling net::limitConns and also as sock parameter when calling addProc in subproc::runChild.
This breaks net::limitConns because pid.remote_addr and also local variable addr are left uninitialized despite net::connToText calls when counting number of existing network connections from the same peer.
The subsequent correction to fetch remote address [commit 2cf562160d
] made the bug even more interesting, since the loop in net::limitConns now compares unsanitized content of stack with network addresses of already connected clients.
2020-03-19 00:13:28 +00:00
Robert Swiecki
59abcc476e
subproc: debug log when hotting SIHQUIT (Ctrl+\) #2 - better check
2020-02-17 14:13:17 +01:00
Robert Swiecki
e0b941565d
subproc: debug log when hotting SIHQUIT (Ctrl+\)
2020-02-17 14:11:58 +01:00
Robert Swiecki
ab8b319c13
subproc: verify that a pid in a pid map doesn't exist before inserting
2020-02-17 14:07:25 +01:00
Robert Swiecki
2cf562160d
nsjail/pid/subproc: a). keep childrens' PIDs in a map indexed by pid b). correctly fetch remote IPv6 address text
2020-02-16 22:34:19 +01:00
Robert Swiecki
04e5fae0e3
subproc: recognize CLONE_PIDFD
2019-12-10 11:09:14 +01:00
Robert Swiecki
0773b75900
subproc: fix invalid conversions from util::syscall to syscall
2019-09-02 16:10:19 +02:00
Jay Lees
08f62b6f76
[cgroup-v2] support cgroup v2 for mem, cpu and pids
2019-07-26 07:02:17 -07:00
Robert Swiecki
8059747016
subproc: save/restore errno when printing error message twice
2019-03-12 17:07:24 +01:00
Robert Swiecki
061e32839f
use util::syscall whenever possible
2019-01-21 22:37:30 +01:00
Robert Swiecki
83fc152d7c
Make netlink3-route mandatory
2019-01-20 18:37:47 +01:00
Robert Swiecki
48f67f131a
subproc: PLOG -> LOG
2019-01-04 01:41:26 +01:00
Robert Swiecki
864aa72a2a
subproc: print more data on sigsys
2018-12-05 10:10:21 +01:00
disconnect3d
25a7791d34
Fix utils::writeToFd return type
...
The `writeToFd` function in `util.cc` returns `ssize_t` but the only
returned values are either `false` or `true`.
```
ssize_t writeToFd(int fd, const void* buf, size_t len) {
(...) return false;
(...) return true;
```
2018-11-24 16:40:30 +01:00
Robert Swiecki
5a8a178290
configs/bash: add noexec/nodev/nosuid to a mount
2018-07-27 22:54:28 +02:00
Wiktor Garbacz
bb4e77686d
subproc: reap processes after killing
...
Always try to release resources if possible.
Fixes #69
2018-07-27 13:33:39 +02:00
Robert Swiecki
d355e1dc08
subproc: better log messages
2018-07-23 23:35:01 +02:00
Robert Swiecki
4c87531bcc
Don't re-run process if previous execution failed
2018-07-23 17:13:17 +02:00
Robert Swiecki
4ef480546d
subproc: correct casting for nsjconf->tlimit in printf
2018-07-05 14:32:07 +02:00
Robert Swiecki
5176140e3f
Merge branch 'master' of github.com:google/nsjail
2018-06-07 14:59:32 +02:00
Robert Swiecki
ffd836018d
subproc: replicate bash behavior on exit values
2018-06-07 14:59:12 +02:00
Robert Swiecki
fc0e98b6b4
subproc: better log messages
2018-06-03 03:22:50 +02:00
Robert Swiecki
ff63b2ed4f
nsjail: better return values
2018-05-28 01:40:02 +02:00
Robert Swiecki
b8798fc9a7
use strtoimax when needed
2018-05-26 13:54:17 +02:00
Robert Swiecki
2b6955e48c
A few c++isms more
2018-05-23 18:19:17 +02:00
Robert Swiecki
c365eb1766
More c++ isms
2018-05-22 14:27:18 +02:00
Robert Swiecki
1b3e42d65a
more C++-izations over places #2
2018-04-29 01:15:44 +02:00
Robert Swiecki
a346634ec3
more C++-izations over places
2018-04-29 01:10:09 +02:00
Robert Swiecki
11195999a3
rename ARRAYSIZE to ARR_SZ due to clash with protobufs headers
2018-02-13 16:53:45 +01:00
Robert Swiecki
8a22a4abb6
convert exec file and argv to string/vector
2018-02-12 16:52:05 +01:00
Robert Swiecki
810394cf16
switc all == false cmps to !
2018-02-12 15:17:33 +01:00
Robert Swiecki
7b9178f5d7
make indent depend
2018-02-11 04:02:43 +01:00
Robert Swiecki
ac89fbb44f
user: simplify creation of uid/gid maps
2018-02-11 04:02:14 +01:00
Robert Swiecki
0513124b4f
mnt: convert describeMountPt from const char* to std::string
2018-02-11 00:24:43 +01:00
Robert Swiecki
55e8e09c4a
net: convert net::connToText to std::string
2018-02-11 00:17:44 +01:00
Robert Swiecki
f2a52533be
convert some funcs returning pointers to to TLS to std::string
2018-02-10 21:19:47 +01:00
Robert Swiecki
0efa230cdd
change global vars to _ prefix
2018-02-10 20:32:04 +01:00