Robert Swiecki
84f6d75d26
convert strcmp() to util::StrEq
2023-10-21 18:37:57 +02:00
Robert Swiecki
94b022fece
util: implement rLimName() to use in cmdline/config
2023-10-10 01:23:52 +02:00
Robert Swiecki
f388cad3e0
contain: use prlimit64 instead of setrlimit64 which seems to be glibc-specific, so it compiles with musl too
2023-09-29 18:11:40 +02:00
Robert Swiecki
275de833ba
indent: use 'AlignEscapedNewlines: Right' to put backslashed in macros at ends of lines
2023-09-22 16:43:40 +02:00
Robert Swiecki
d1b74c2238
util: put QC() in ()
2023-09-22 16:40:56 +02:00
Robert Swiecki
cc4245d23a
make indent depend + style of comments
2022-11-22 22:15:01 +01:00
Andrew Haberlandt
12df56b9f1
Setup cgroup.subtree_control controllers when necessary in cgroupsv2
...
This commit adds extra setup when cgroupsv2 is enabled. In particular,
we make sure that the root namespace has setup cgroup.subtree_control
with the controllers we need.
If the necessary controller are not listed, we have to move all
processes out of the root namespace before we can change this
(the 'no internal processes' rule:
https://unix.stackexchange.com/a/713343 ). Currently we only
handle the case where the nsjail process is the only process in
the cgroup. It seems like this would be relatively rare, but since
nsjail is frequently the root process in a Docker container (e.g.
for hosting CTF challenges), I think this case is common enough to
make it worth implementing.
This also adds `--detect_cgroupv2`, which will attempt to detect
whether `--cgroupv2_mount` is a valid cgroupv2 mount, and if so
it will set `use_cgroupv2`. This is useful in containerized
environments where you may not know the kernel version ahead of time.
References:
https://github.com/redpwn/jail/blob/master/internal/cgroup/cgroup2.go
2022-11-17 17:09:40 -05:00
Robert Swiecki
c63e5b39e8
use QC() across the code
2022-08-10 15:23:53 +02:00
Robert Swiecki
f628f74b00
mnt: quote paths in log messages
2022-08-09 12:06:42 +02:00
Robert Swiecki
681fce1cc4
util: introduce syscall to avoid vararg argument parsing
2019-01-21 22:25:37 +01:00
Vladimir Rutsky
ec0d4174f1
fix writeToFD() return type in declaration
...
In 25a7791d
return type of writeToFD() was changed from `ssize_t` to `bool`, but header wasn't updated.
2018-11-25 18:26:52 +01:00
Wiktor Garbacz
26d086f986
cgroup: refactor cgroup code
...
Extract common functions, use c++ strings.
Fixes #83
2018-07-26 14:46:36 +02:00
Robert Swiecki
d6e825ddb3
util: c++ version of sprintf
2018-06-16 02:16:24 +02:00
Robert Swiecki
86b36088cf
util: remove unused sSnPrintf
2018-05-24 18:32:01 +02:00
Robert Swiecki
2b6955e48c
A few c++isms more
2018-05-23 18:19:17 +02:00
Robert Swiecki
c4a7af980f
util: simplify string splitting
2018-02-20 14:16:28 +01:00
Robert Swiecki
f1a6b08962
cmdline: simplify string splitting
2018-02-11 14:56:30 +01:00
Robert Swiecki
b7f0acb021
util: remove unused functions
2018-02-10 23:54:36 +01:00
Robert Swiecki
f2a52533be
convert some funcs returning pointers to to TLS to std::string
2018-02-10 21:19:47 +01:00
Robert Swiecki
a6c34999f2
util: move to C++
2018-02-09 18:45:50 +01:00
Robert Swiecki
0a311af2ad
nsjail: make nsjail.c nsjail.cc
2018-02-08 15:24:17 +01:00
Robert Swiecki
152d6d68ae
simplify includes, remove unneeded, add needed
2017-10-18 14:46:17 +02:00
Robert Swiecki
74b43346bd
make indent
2017-10-08 23:00:45 +02:00
Robert Swiecki
86b71f3d1a
util: implement utilTimeToStr
2017-06-21 18:46:19 +02:00
Robert Swiecki
fa2796fe65
util: Implement utilSigName()
2017-06-20 00:16:38 +02:00
Robert Swiecki
0e7393cccf
cmdline: implement affinity setting, to limit jailed process to n max cpus
2017-06-19 17:01:50 +02:00
Robert Swiecki
7b2fc9cdac
add configs/firefox-with-cloned-net.cfg
2017-05-28 16:56:16 +02:00
Robert Swiecki
f0cb243a89
config: allow skipping arguments in mount points
2017-05-27 15:01:34 +02:00
Robert Swiecki
b5e37a6c4a
config: support mounts
2017-05-27 01:16:12 +02:00
Robert Swiecki
4eaa6cc9d3
Rewrite uid mapping system
2017-05-26 23:07:47 +02:00
Robert Swiecki
46526d0873
config: basic parsing
2017-05-26 02:24:36 +02:00
Robert Swiecki
4a154733e0
Allow to specify multiple uid/gid maps
2017-02-08 00:36:32 +01:00
Robert Swiecki
d96f730631
Recursive dir creation
2016-08-18 18:59:06 +02:00
Jagger
73c847fc98
Print /proc/<pid>/syscall upon SIGSYS
2016-05-08 03:09:43 +02:00
Jagger
eff4796c95
Correct (non-resrved) header guards
2016-03-11 02:45:43 +01:00
Robert Swiecki
b89b8cfbc7
Fix common.h includes
2016-03-01 17:03:11 +01:00
Jagger
8d641169e3
Initialize user/group maps from the parent process
2016-02-28 02:34:43 +01:00
Robert Swiecki
0ac43cddf0
No need to include log.h in util.h
2016-01-20 18:05:42 +01:00
Robert Swiecki
4f90b612d0
correct guard macro comment
2016-01-20 18:00:13 +01:00
Robert Swiecki
19de49b375
Missing util.*
2016-01-20 17:55:40 +01:00