woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
606 Commits 2 Branches 0 Tags 1.5 MiB
293a683b14
Commit Graph

135 Commits

Author SHA1 Message Date
Robert Swiecki
c71c996143 Allow for running with --disable_newuser started as root 2017-10-01 05:32:07 +02:00
Robert Swiecki
5c3963e9a2 cmdline: various fixes of descriptions 2017-09-29 22:18:16 +02:00
Robert Swiecki
59657be88d cmdline: correct description for rlimit_ values 2017-09-29 14:46:03 +02:00
Hamid Ebadi
cf2b7c78a6 rlimit64 to getrlimit64 2017-09-29 14:11:48 +02:00
Robert Swiecki
f0e38692a8 cmdline: print error after usage and before fatal 2017-09-27 00:47:57 +02:00
Robert Swiecki
7b2b2194ca cmdline: configs/ for --config 2017-09-26 09:30:03 +02:00
Robert Swiecki
374f6cc4f0 config: Initial work on converting config.c to c++ protobuf lib 
config: Initial work on converting config.c to c++ protobuf lib #2

config: Initial work on converting config.c to c++ protobuf lib #3

config: Initial work on converting config.c to c++ protobuf lib #4

config: Initial work on converting config.c to c++ protobuf lib #5

config: Initial work on converting config.c to c++ protobuf lib #6
 2017-09-14 21:17:38 +02:00
Robert Swiecki
5683ea7e09 cmdline: better warning about uid/gid 0 2017-07-13 02:33:11 +02:00
Robert Swiecki
9cc85ad853 cmdline: remove unnecessary bracket 2017-07-07 15:05:22 +02:00
Robert Swiecki
39ce9d22a7 caps: just local caps 2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f caps: simplify capability operations 2017-07-05 15:57:07 +02:00
Robert Swiecki
7ba602a6ed caps: move capability-setting code to caps.* 2017-07-05 13:03:14 +02:00
Robert Swiecki
b36c4fb26c make indent 2017-07-01 22:23:11 +02:00
Robert Swiecki
ac2928d1c2 cmdlink: use different name while printing symlinks/mount points 2017-06-29 00:38:20 +02:00
Robert Swiecki
e4aba73385 Allow to create symlinks 2017-06-29 00:32:20 +02:00
Robert Swiecki
7e0a4cdba8 Get number of CPUs early, as it's read from /proc 2017-06-22 03:06:53 +02:00
Robert Swiecki
7917222486 mount: Use /tmp/nsjail.[tmp|root].<orig_euid> 2017-06-21 18:29:02 +02:00
Robert Swiecki
69783dc200 config: max_cpu_num -> max_cpus 2017-06-21 17:52:16 +02:00
Robert Swiecki
f0d80bf435 cmdline: cast pid_t to unsigned long when using *rintf 2017-06-20 23:11:35 +02:00
Robert Swiecki
73f1d44c92 Allow to use IPv4 addr with --bindhost 2017-06-19 22:35:57 +02:00
Robert Swiecki
ceaed43133 config: implement max_cpu_num in PB 2017-06-19 17:05:01 +02:00
Robert Swiecki
0e7393cccf cmdline: implement affinity setting, to limit jailed process to n max cpus 2017-06-19 17:01:50 +02:00
Robert Swiecki
1dd3223b74 iface -> iface_vs 2017-06-12 22:20:21 +02:00
Robert Swiecki
63e4059f7a Slight fixes to log_fd 2017-06-12 00:27:27 +02:00
Tony Young
c55dc8cb12 Add an extra log_fd argument to specify an FD to log to. 
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
 2017-06-11 22:12:18 +00:00
Tony Young
d0261d281d Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd. 2017-06-09 00:00:12 +00:00
Robert Swiecki
9519f1038b mount: introduce mountDescribeMountPt 2017-05-29 16:52:24 +02:00
Robert Swiecki
0271586e81 Get rid of pivot_root_only - achieve the same in different way 2017-05-29 03:11:32 +02:00
Robert Swiecki
7b2fc9cdac add configs/firefox-with-cloned-net.cfg 2017-05-28 16:56:16 +02:00
Robert Swiecki
d7ccf0c9d8 Simplify uids/gids maps 2017-05-28 01:05:27 +02:00
Robert Swiecki
ed72ce3762 cmdline: avoid using %s with nullptr 2017-05-27 17:40:30 +02:00
Robert Swiecki
ec50c1346d mount: nonmandatory mounts 2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89 config: allow skipping arguments in mount points 2017-05-27 15:01:34 +02:00
Robert Swiecki
03e8578e79 config: executable in config 2017-05-27 02:24:41 +02:00
Robert Swiecki
53f825115f More work on uid mappings 2017-05-26 23:26:07 +02:00
Robert Swiecki
4eaa6cc9d3 Rewrite uid mapping system 2017-05-26 23:07:47 +02:00
Robert Swiecki
8e39afa25f config: more options in the config #5 2017-05-26 15:22:59 +02:00
Robert Swiecki
08de9db57c config: more options in the config #4 2017-05-26 14:08:09 +02:00
Robert Swiecki
92939c754e config: more options in the config #3 2017-05-26 05:12:01 +02:00
Robert Swiecki
1bf794f492 config: add basic config support 2017-05-26 01:44:16 +02:00
Robert Swiecki
591188910e cmdline/mount: use 'none' as src for tmpfs/proc 2017-05-24 17:09:24 +02:00
Robert Swiecki
c1165cf120 mount: simplify checking for whether source is dir or file 2017-05-24 14:46:44 +02:00
Robert Swiecki
054c4a3b4b Merge branch 'master' of github.com:google/nsjail 2017-05-24 14:32:45 +02:00
Robert Swiecki
9c4c278021 Warn about uid/gid 0 2017-05-24 14:32:39 +02:00
Robert Swiecki
0d5befbd6f TLS semantics for subprocCloneFlagsToStr and mountFlagsToStr 2017-05-22 01:10:49 +02:00
Robert Swiecki
525ba9e2dd Convert mount flags to str 2017-05-21 17:37:18 +02:00
Serge Bazanski
00f7944718 Merge branch 'master' of github.com:google/nsjail into deprecate-iface-flag-names 2017-05-11 16:18:07 +01:00
Serge Bazanski
3b05a70b6b Deprecate current iface/macvlan options. 
This is in preparation for other networking models. The current option
names were very generic, and without namespacing them we could end up
with some very confusing naming.

Also some miscellaneous indentation fixes.
 2017-05-11 15:17:54 +01:00
Robert Swiecki
e0ffb55b04 cmdline: examples for --iface_cs 2017-05-11 15:33:15 +02:00
Robert Swiecki
cf163807db Kafel: wrong check 2017-05-08 15:53:43 +02:00