Robert Swiecki
152d6d68ae
simplify includes, remove unneeded, add needed
2017-10-18 14:46:17 +02:00
Robert Swiecki
58d6b3075c
Move struct nsjail_t definition to nsjail.h and leave only macros in common.h
2017-10-18 14:27:34 +02:00
Robert Swiecki
4ffec405de
Makefile: add columnt limit to the indent
2017-10-17 15:22:23 +02:00
Robert Swiecki
fb018c2596
user: use setresuid32 where available first (on some 32bit platforms:
2017-10-17 15:16:27 +02:00
Robert Swiecki
64325b3862
user: remove static from idx vars, it causes crash after many iterations of nsjail
2017-10-16 15:19:07 +02:00
Robert Swiecki
74b43346bd
make indent
2017-10-08 23:00:45 +02:00
Robert Swiecki
37dcac6218
user: comments
2017-10-01 19:01:36 +02:00
Robert Swiecki
dfe3bac4ef
user: log message
2017-10-01 16:13:17 +02:00
Robert Swiecki
02951e0ac8
user: simplify login when running with --disable_clonew_newuser by using prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_NO_SETUID_FIXUP)
2017-10-01 16:11:46 +02:00
Robert Swiecki
be25a24b5b
user: more comments
2017-10-01 15:54:04 +02:00
Robert Swiecki
2b797a19fd
mount: allow to use --disable_newuser for root users
2017-10-01 05:16:01 +02:00
Robert Swiecki
374f6cc4f0
config: Initial work on converting config.c to c++ protobuf lib
...
config: Initial work on converting config.c to c++ protobuf lib #2
config: Initial work on converting config.c to c++ protobuf lib #3
config: Initial work on converting config.c to c++ protobuf lib #4
config: Initial work on converting config.c to c++ protobuf lib #5
config: Initial work on converting config.c to c++ protobuf lib #6
2017-09-14 21:17:38 +02:00
Robert Swiecki
b5b47938d9
user: better check for uids/gids existence
2017-05-28 01:16:48 +02:00
Robert Swiecki
d7ccf0c9d8
Simplify uids/gids maps
2017-05-28 01:05:27 +02:00
Robert Swiecki
53f825115f
More work on uid mappings
2017-05-26 23:26:07 +02:00
Robert Swiecki
4eaa6cc9d3
Rewrite uid mapping system
2017-05-26 23:07:47 +02:00
Robert Swiecki
6f6eb65522
make indent
2017-05-25 13:37:53 +02:00
Robert Swiecki
57f9a0f9db
Invalid count 2 -> 1
2017-02-10 02:24:35 +01:00
Robert Swiecki
d5a2130164
newuidmap: partial revert
2017-02-09 13:37:58 +01:00
Robert Swiecki
21982290e5
newuidmap: missing pid
2017-02-09 13:37:21 +01:00
Robert Swiecki
4a154733e0
Allow to specify multiple uid/gid maps
2017-02-08 00:36:32 +01:00
Robert Swiecki
f7b9fede69
More debug logging in user.c
2017-02-07 18:40:36 +01:00
Robert Swiecki
3b83267cfd
Init user-ns setresuid/setresgid before initializing other NSes
2017-02-07 18:31:50 +01:00
Robert Swiecki
fe7fe8591f
Use common subprocSystem for executing commands
2016-10-12 02:01:12 +02:00
Robert Swiecki
a30e2f107c
Make indent
2016-10-12 00:59:10 +02:00
Stephen Röttger
1c950391a1
Support more complex uid and gid mappings
...
Introduces the new options uid_mapping and gid_mapping that specify
arbitrary custom mappings. If these options are used, nsjail will
use newuidmap/newgidmap to write the map files.
2016-09-30 15:30:15 +02:00
Jagger
1e7e0f6303
Remove reduntant check
2016-03-04 01:30:56 +01:00
Jagger
65c3ca8a15
Check for specific clone flags before enabling functionality
2016-03-03 20:11:32 +01:00
Robert Swiecki
2652872fac
CLONE_NEWUSER routines in a separate module
2016-03-03 15:54:15 +01:00