Robert Swiecki
30e84f7add
cgroup: set cpu period as well
2018-02-04 04:23:45 +01:00
Robert Swiecki
3ee825c4aa
cgroups: add support for CPU cgroup
2018-02-04 04:15:19 +01:00
Robert Swiecki
19ea0703f2
sandbox: compile seccomp-bpf policy once only
2018-02-01 14:19:01 +01:00
Robert Swiecki
354c5ae47b
open kafel file in each kafel subproc individually to avoid file pos sharing
2018-01-31 16:04:39 +01:00
Robert Swiecki
6e63fd4115
rewind kafel file before using
2018-01-31 14:40:23 +01:00
Vladimir Rutsky
f8a8506996
fix tmpfs size setting
...
Broken since c35857cff2
commit.
Signed-off-by: Vladimir Rutsky <rutsky@google.com>
2018-01-08 02:02:19 +01:00
Robert Swiecki
a07ee95595
cmdline: comment on skip_setsid
2017-11-02 13:13:07 +01:00
Robert Swiecki
a87cd58bee
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config #2
2017-10-26 16:19:30 +02:00
Robert Swiecki
3734b8801f
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config
2017-10-26 16:16:05 +02:00
Robert Swiecki
e2529ce04f
Makefile/indent: base it on the google template with modifications
2017-10-26 00:26:02 +02:00
Robert Swiecki
61727949ca
nsjail: make njsconf::cgroup_pids_max unsigned int
2017-10-25 15:50:24 +02:00
Robert Swiecki
a1260e49f3
Use uint64_t instead of __rlim64_t
2017-10-25 15:44:35 +02:00
YAMAMOTO Masaya
315b3837b4
Support cgroup net_cls subsystem
2017-10-25 17:15:03 +09:00
Robert Swiecki
ec789a4d64
mount: use NS_DIR_TRUE instead of true in cmdline
2017-10-20 13:02:15 +02:00
Robert Swiecki
7e49be4dc3
mount: try creating starting tmpfs's in /run/user/<uid> first
2017-10-19 22:39:37 +02:00
Robert Swiecki
9fbe753a6a
cmdline: typo
2017-10-18 18:02:23 +02:00
Robert Swiecki
9c2f19b972
cmdline: add option --execute_fd and support for it, in order to use execveat()
2017-10-18 17:57:52 +02:00
Robert Swiecki
152d6d68ae
simplify includes, remove unneeded, add needed
2017-10-18 14:46:17 +02:00
Robert Swiecki
4ffec405de
Makefile: add columnt limit to the indent
2017-10-17 15:22:23 +02:00
Robert Swiecki
921bdba937
cmdline: better --rw description
2017-10-11 02:16:14 +02:00
Robert Swiecki
2df017ec56
cmdline: add --proc_path and --proc_rw options
2017-10-11 02:10:52 +02:00
Robert Swiecki
d0afb19431
allow for indentation of more structures (now with clang-format)
2017-10-08 23:03:02 +02:00
Robert Swiecki
74b43346bd
make indent
2017-10-08 23:00:45 +02:00
Robert Swiecki
414e999787
switch indent to clang-format completely
2017-10-08 22:52:52 +02:00
Robert Swiecki
85b0908dd8
cmdline: missing 'soft'/'hard' variants for RLIMIT_STACK in usage()
2017-10-08 13:00:37 +02:00
Robert Swiecki
d20ffb98f6
cmdline: missing comparison in cmdlineParseRLimit()
2017-10-08 12:57:43 +02:00
Robert Swiecki
809dbbb560
subproc: print si->si_syscall
2017-10-08 11:51:37 +02:00
Robert Swiecki
b7def79d90
mount: don't R/O remount mounts which were not mounted (not mandatory)
2017-10-08 01:28:45 +02:00
Robert Swiecki
6d29c196ac
common: less const argv
2017-10-08 00:36:13 +02:00
Robert Swiecki
f703d615d8
make indent
2017-10-08 00:17:47 +02:00
Robert Swiecki
c35857cff2
cmdline: use mountAddMountPt in the remaining calls
2017-10-08 00:14:24 +02:00
Robert Swiecki
0541d0dfc3
cmdline/mount: mount proc at the beginning
2017-10-07 23:32:25 +02:00
Robert Swiecki
dc2131cdd1
cmdline: use soft/hard literals instead of def/max for rlimits
2017-10-07 22:36:21 +02:00
Robert Swiecki
5d4f42a729
cmdline: missing flags for --chroot mount point
2017-10-07 22:33:46 +02:00
Robert Swiecki
a39f76924d
cmdline: use mountAddMountPt instead of adding structs explicitly
2017-10-07 22:30:19 +02:00
Robert Swiecki
6ada77d4cf
cmdline: better errors for setting rlimits
2017-10-07 12:37:26 +02:00
Robert Swiecki
e89a6f0c24
cmdline: 'inf' for rlimits
2017-10-07 12:33:19 +02:00
Robert Swiecki
aac3e112b4
cmdline: descriptions of flags
2017-10-07 12:31:54 +02:00
Robert Swiecki
5597783716
cmdline: implement --really_quiet option
2017-10-07 02:03:51 +02:00
Robert Swiecki
21d08eaa67
config: make config static so we can get rid of strdup()
2017-10-07 00:18:21 +02:00
Robert Swiecki
dbc6fab582
config: allow to use soft/hard/inf limits for rlimits
2017-10-06 22:44:27 +02:00
Robert Swiecki
c71c996143
Allow for running with --disable_newuser started as root
2017-10-01 05:32:07 +02:00
Robert Swiecki
5c3963e9a2
cmdline: various fixes of descriptions
2017-09-29 22:18:16 +02:00
Robert Swiecki
59657be88d
cmdline: correct description for rlimit_ values
2017-09-29 14:46:03 +02:00
Hamid Ebadi
cf2b7c78a6
rlimit64 to getrlimit64
2017-09-29 14:11:48 +02:00
Robert Swiecki
f0e38692a8
cmdline: print error after usage and before fatal
2017-09-27 00:47:57 +02:00
Robert Swiecki
7b2b2194ca
cmdline: configs/ for --config
2017-09-26 09:30:03 +02:00
Robert Swiecki
374f6cc4f0
config: Initial work on converting config.c to c++ protobuf lib
...
config: Initial work on converting config.c to c++ protobuf lib #2
config: Initial work on converting config.c to c++ protobuf lib #3
config: Initial work on converting config.c to c++ protobuf lib #4
config: Initial work on converting config.c to c++ protobuf lib #5
config: Initial work on converting config.c to c++ protobuf lib #6
2017-09-14 21:17:38 +02:00
Robert Swiecki
5683ea7e09
cmdline: better warning about uid/gid 0
2017-07-13 02:33:11 +02:00
Robert Swiecki
9cc85ad853
cmdline: remove unnecessary bracket
2017-07-07 15:05:22 +02:00