woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,227 Commits 2 Branches 0 Tags 1.5 MiB
0c9f755764
Commit Graph

1227 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wiktor Garbacz
2e62649b4c Update kafel 2022-10-14 11:54:25 +02:00
Robert Swiecki
dc42a5d003 configs/bash: remove tmpfs mount over /dev as it makes /dev/null non-writeable 2022-09-15 16:12:13 +02:00
Robert Swiecki
454b051599 configs/firefox-with-net-wayland: x11 socket is not needed here 2022-09-10 16:32:06 +02:00
Robert Swiecki
80b26e7554 caps: shorter std::string::append 2022-09-06 17:44:55 +02:00
Robert Swiecki
b87f983463 configs: make configs using X11 more versatile 2022-09-04 12:07:55 +02:00
Robert Swiecki
a22bb2e437 make indent 2022-08-27 21:17:43 +02:00
Robert Swiecki
595cdc8916 nsjail: use atomic in sighandlers 2022-08-26 14:40:46 +02:00
Robert Swiecki
9a8d440a7c configs/xchat-with-net: use 8.8.8.8 in resolv.conf unconditionally 2022-08-26 00:44:21 +02:00
Robert Swiecki
c63e5b39e8 use QC() across the code 2022-08-10 15:23:53 +02:00
Robert Swiecki
730b890ded cpu: more debug messaging 2022-08-10 15:02:53 +02:00
Robert Swiecki
30c81ce01f configs: block sched_setaffinity where max_cpus is used 2022-08-09 16:40:07 +02:00
Robert Swiecki
b3fcc30aec cpu: more debugging messages 2022-08-09 16:13:03 +02:00
Robert Swiecki
f628f74b00 mnt: quote paths in log messages 2022-08-09 12:06:42 +02:00
Robert Swiecki
e98dc415fc Switch C++ standard to C++14 - it'll allow to use new features, like std::quoted 2022-08-09 11:34:18 +02:00
Robert Swiecki
4128a7cbd9 mnt: remove unnecessary quote in a debug message 2022-08-09 11:32:49 +02:00
Robert Swiecki
38fcf4f752 subproc: type + const string& in the iterator 2022-08-09 10:44:25 +02:00
Robert Swiecki
8e3ca99c3f cpu/subproc: better debugging strings 2022-08-09 00:03:20 +02:00
Robert Swiecki
0d292e7be7 cpu: even better LOG_Ds 2022-08-06 09:20:11 +02:00
Robert Swiecki
a33f3a81ca cpu: Add more debugging messages 2022-08-05 08:43:39 +02:00
Robert Swiecki
9aee3dd831 Make logs more efficient by avoiding argument evaluation for LOG* if 
it's not needed at the current level
 2022-08-05 08:42:37 +02:00
Robert Swiecki
856cb0f2ec When setting CPU affinity, take into consideration the current CPU 
affinity set. Use only CPU numbers, which exist in the current affinity
set. Maybe fixes https://github.com/google/nsjail/issues/200
 2022-08-04 19:22:33 +02:00
Robert Swiecki
57ed22dfdf make indent 2022-06-11 12:08:50 +02:00
robertswiecki
d88be25986
Merge pull request #197 from pks-t/pks-forward-signals 
Optionally forward fatal signals
 2022-06-11 12:08:21 +02:00
Patrick Steinhardt
df21a972b6 nsjail: Optionally forward fatal signals 
Currently, we always kill children by sending them a SIGKILL signal in
case we've got a fatal signal. This is rather inflexible and forbids
some usecases where e.g. child process listen for specific signals to
shut down gracefully.

Add a new command configuration `--forward_signals` that allows the user
to opt-in to forwarding fatal signals to the child process.
 2022-06-05 19:38:32 +02:00
Patrick Steinhardt
a517934aba subproc: Allow killing subprocesses with different signal 
`subproc::killAndReapAll()` is always killing the child process with the
SIGKILL signal. We're about to make this configurable though so that we
may optionally forward signals received by nsjail to the child process.

Add a new parameter to `killAndReapAll()` to prepare for this change.
 2022-06-05 19:36:50 +02:00
Robert Swiecki
6483728e24 config: better config parsing debugging 2022-03-15 00:44:33 +01:00
robertswiecki
e678c25b32
Merge pull request #193 from 243f6a8885a308d313198a2e037/fix/20220223_typo_siutime 
subproc.cc: fix typo: SiUime -> SiUtime
 2022-02-26 19:51:23 +01:00
243f6a8885a308d313198a2e037
472932c6f0 subproc.cc: fix typo: SiUime -> SiUtime 2022-02-23 14:41:23 +09:00
Robert Swiecki
91d5c9871a log.h: no need to use __PRETTY_FUNCTION__ as it makes it harder to read log messages, just __FUNCTION__ should be 'good enough' for debugging 2022-02-18 20:26:52 +01:00
Robert Swiecki
02458084fe contain: call prctl(PR_SET_TSC) under x86/x86-64 only 2022-02-18 16:12:27 +01:00
robertswiecki
8e4cc83eb2
Merge pull request #192 from mkow/mkow/disable-tsc-docs 
Add more docs for disable_tsc + update README
 2022-02-18 01:28:39 +01:00
Michał Kowalczyk
e9d00e3d7e README.md: Update usage to the current version 2022-02-18 00:42:34 +01:00
Michał Kowalczyk
f4abf7b726 config: Add more docs for disable_tsc 2022-02-18 00:33:52 +01:00
Robert Swiecki
cdf8e8f14c config: info about prctl(PR_SET_TSC, PR_TSC_ENABLE) being intel-only 2022-02-18 00:15:12 +01:00
robertswiecki
328ae491a7
Merge pull request #191 from mkow/mkow/add-disable-tsc 
Add `disable_tsc` option
 2022-02-18 00:10:49 +01:00
Michał Kowalczyk
16b4416d75 Add disable_tsc option 
Implemented via prctl(PR_SET_TSC, PR_TSC_SIGSEGV, ...).
 2022-02-17 23:53:13 +01:00
Robert Swiecki
999d4631f3 mnt: better error messages with mandatory mount points 2022-02-10 09:51:13 +01:00
Robert Swiecki
9b73eaa289 subproc: print correct si fields for SIGCHLD 2022-02-08 12:17:59 +01:00
Robert Swiecki
3c03973f1f configs/*: use KILL_PROCESS instead of KILL(_THREAD) when posssible 2022-02-07 17:23:31 +01:00
Robert Swiecki
6a99755e43 configs/imagemagick-convert: missing quote 2022-02-07 01:08:35 +01:00
Robert Swiecki
dccf911fd2 log: use TEMP_FAILURE_RETRY instead of fallback to dprintf 2021-11-24 22:25:57 +01:00
Robert Swiecki
aa0becd547 make indent 2021-11-12 20:24:33 +01:00
ndrewh
b248125c5f Fix compile using FROM ubuntu:20.04 
Remove clone_args members that are only present in 5.5+ and 5.7+
 2021-11-08 11:52:23 +01:00
Philip
bf93e8a25d cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max 2021-11-01 10:28:41 +01:00
Philip
5a8ad82311 cgroup2: support cgroup_mem_memsw_max 2021-11-01 10:28:41 +01:00
robertswiecki
cf4cfd5499
Merge pull request #185 from flaryer/fix-memsw 
Fix mem clean in finishFromParent
 2021-10-18 15:50:56 +02:00
flaeyer
26869e8956 fix mem clean in finishFromParent 2021-10-14 12:12:46 +08:00
Wiktor Garbacz
5b82f51b8a Fix whitespace in kafel 2021-10-11 16:20:09 +02:00
Wiktor Garbacz
acf3bf8de5 Fix build 2021-10-11 16:11:50 +02:00
Wiktor Garbacz
a21bb242b1 Update kafel for RISC-V support 2021-10-11 15:49:16 +02:00