Robert Swiecki
082b3821bb
Makefile/indent: add clang-format for proto
2017-10-26 00:34:32 +02:00
Robert Swiecki
e2529ce04f
Makefile/indent: base it on the google template with modifications
2017-10-26 00:26:02 +02:00
Robert Swiecki
5b593d33b4
Update kafel to 33d7970ba0d5a1939371f3448e13ede833b32afd
2017-10-25 16:04:28 +02:00
Robert Swiecki
e309e11f55
cgroup: remove duplicated check for values
2017-10-25 15:57:17 +02:00
Robert Swiecki
697b8698b4
nsjail: make njsconf::cgroup_pids_max unsigned int #2
2017-10-25 15:51:06 +02:00
Robert Swiecki
61727949ca
nsjail: make njsconf::cgroup_pids_max unsigned int
2017-10-25 15:50:24 +02:00
Robert Swiecki
a1260e49f3
Use uint64_t instead of __rlim64_t
2017-10-25 15:44:35 +02:00
robertswiecki
9f1639fa9c
Merge pull request #58 from pandax381/support-cgroup-net-cls
...
Support cgroup net_cls subsystem
2017-10-25 15:35:35 +02:00
YAMAMOTO Masaya
6338c77636
Update documents
2017-10-25 17:56:14 +09:00
YAMAMOTO Masaya
315b3837b4
Support cgroup net_cls subsystem
2017-10-25 17:15:03 +09:00
Robert Swiecki
3b3ec6c623
mount: don't complain about ability to create mount dirs
2017-10-25 01:45:39 +02:00
Robert Swiecki
6dc0808914
pid: Don't start new ns-init id CLONE_NEWPID is not requested
2017-10-25 01:34:10 +02:00
Robert Swiecki
b6f703629e
log: do isatty(log_fd) in log constructor
2017-10-24 16:20:51 +02:00
Robert Swiecki
80f902fc06
subproc: use SIG_SETMASK to unblock all signals
2017-10-20 15:56:32 +02:00
Robert Swiecki
a415506619
configs/busybox: indicate that the busybox must be statically compiled
2017-10-20 14:46:43 +02:00
Robert Swiecki
86f444d00b
Merge branch 'master' of ssh://github.com/google/nsjail
2017-10-20 14:44:07 +02:00
Robert Swiecki
d990777261
subproc: unblock all signals before executing a process
2017-10-20 14:43:56 +02:00
Robert Swiecki
ec789a4d64
mount: use NS_DIR_TRUE instead of true in cmdline
2017-10-20 13:02:15 +02:00
Robert Swiecki
7e49be4dc3
mount: try creating starting tmpfs's in /run/user/<uid> first
2017-10-19 22:39:37 +02:00
Robert Swiecki
4152f3ea93
mount: merge string line in log
2017-10-19 15:58:57 +02:00
Robert Swiecki
29ff5e49b5
mount: missing 'return false' if the mount fails
2017-10-19 15:46:31 +02:00
Robert Swiecki
4c5aebf23b
nsjail: use CTRL+\ (SIGQUIT) to display active sessions
2017-10-19 15:25:20 +02:00
Robert Swiecki
2687f33a07
use O_CLOEXEC with utilWriteBufToFile wherever possible
2017-10-19 14:56:45 +02:00
Robert Swiecki
94e593eb68
subproc: comments around new proc stack
2017-10-19 13:11:41 +02:00
Robert Swiecki
c33b1c87af
subproc: typos
2017-10-19 02:32:55 +02:00
Robert Swiecki
123ef0b46b
make indent
2017-10-19 02:24:34 +02:00
robertswiecki
064d024f6d
Merge pull request #56 from VCTLabs/stack-alignment
...
align stack for child process
2017-10-19 02:22:08 +02:00
Robert Swiecki
00fa26f696
user: avoid calling setresgid twice on machines that support setres(g|u)id32
2017-10-19 02:14:58 +02:00
robertswiecki
5870d6bb00
Merge pull request #55 from jvvv/master
...
manpage: add --execute_fd option
2017-10-18 23:32:13 +02:00
John Vogel
221b53f8d2
manpage: add --execute_fd option
2017-10-18 14:48:24 -04:00
Robert Swiecki
9fbe753a6a
cmdline: typo
2017-10-18 18:02:23 +02:00
Robert Swiecki
9c2f19b972
cmdline: add option --execute_fd and support for it, in order to use execveat()
2017-10-18 17:57:52 +02:00
Robert Swiecki
5ef11f65a4
No need to use '== true'
2017-10-18 15:41:16 +02:00
Robert Swiecki
9465e794eb
No need to add custom flags when remounting RO
2017-10-18 15:41:02 +02:00
Robert Swiecki
e67710005d
mount: mountFlagsToStr cannot be repeated as it uses TLS buffer
2017-10-18 15:31:15 +02:00
Robert Swiecki
152d6d68ae
simplify includes, remove unneeded, add needed
2017-10-18 14:46:17 +02:00
Robert Swiecki
58d6b3075c
Move struct nsjail_t definition to nsjail.h and leave only macros in common.h
2017-10-18 14:27:34 +02:00
Robert Swiecki
1b4577e53f
subproc: clear signal handlers in the child process
2017-10-18 12:33:24 +02:00
robertswiecki
5f3b511e3f
Merge pull request #54 from VCTLabs/compat-3.x-kernel
...
Revert "caps: define CAP_AUDIT_READ if not defined"
2017-10-17 15:40:48 +02:00
Robert Swiecki
4ffec405de
Makefile: add columnt limit to the indent
2017-10-17 15:22:23 +02:00
Robert Swiecki
fb018c2596
user: use setresuid32 where available first (on some 32bit platforms:
2017-10-17 15:16:27 +02:00
Ron Lockwood-Childs
07b5a2a90c
align stack for child process
...
Fixes "bus error" crashes on aarch64 caused by alignment faults.
On aarch64, the stack pointer needs to be 16-byte aligned; use gcc
builtin macro __BIGGEST_ALIGNMENT__ to specify a stack alignment
suitable for each platform.
2017-10-17 02:22:58 -07:00
Ron Lockwood-Childs
5ff0de7454
Revert "caps: define CAP_AUDIT_READ if not defined"
...
Restore compatibility with 3.x kernels by not requiring CAP_AUDIT_READ
if not defined in kernel header file
This reverts commit 7820553cb9
.
Conflicts:
caps.c
contain.h
2017-10-16 14:05:02 -07:00
Robert Swiecki
411955c5ae
nsjail: add missing commans in nested structs and make indent
2017-10-16 15:31:14 +02:00
Robert Swiecki
64325b3862
user: remove static from idx vars, it causes crash after many iterations of nsjail
2017-10-16 15:19:07 +02:00
robertswiecki
6a9cbc02d7
Merge pull request #51 from jvvv/master
...
manpage: update for recent option changes
2017-10-12 14:11:45 +02:00
John Vogel
0c939cd2a5
manpage: update for recent option changes
...
Add --proc_path and --proc_rw options.
Also clean up --mode|-M option layout.
2017-10-12 02:53:10 -04:00
Robert Swiecki
819671ec9b
net: prettier logging in bind
2017-10-11 15:43:59 +02:00
Robert Swiecki
921bdba937
cmdline: better --rw description
2017-10-11 02:16:14 +02:00
Robert Swiecki
2df017ec56
cmdline: add --proc_path and --proc_rw options
2017-10-11 02:10:52 +02:00