Robert Swiecki
c71c996143
Allow for running with --disable_newuser started as root
2017-10-01 05:32:07 +02:00
Robert Swiecki
5c3963e9a2
cmdline: various fixes of descriptions
2017-09-29 22:18:16 +02:00
Robert Swiecki
59657be88d
cmdline: correct description for rlimit_ values
2017-09-29 14:46:03 +02:00
Hamid Ebadi
cf2b7c78a6
rlimit64 to getrlimit64
2017-09-29 14:11:48 +02:00
Robert Swiecki
f0e38692a8
cmdline: print error after usage and before fatal
2017-09-27 00:47:57 +02:00
Robert Swiecki
7b2b2194ca
cmdline: configs/ for --config
2017-09-26 09:30:03 +02:00
Robert Swiecki
374f6cc4f0
config: Initial work on converting config.c to c++ protobuf lib
...
config: Initial work on converting config.c to c++ protobuf lib #2
config: Initial work on converting config.c to c++ protobuf lib #3
config: Initial work on converting config.c to c++ protobuf lib #4
config: Initial work on converting config.c to c++ protobuf lib #5
config: Initial work on converting config.c to c++ protobuf lib #6
2017-09-14 21:17:38 +02:00
Robert Swiecki
5683ea7e09
cmdline: better warning about uid/gid 0
2017-07-13 02:33:11 +02:00
Robert Swiecki
9cc85ad853
cmdline: remove unnecessary bracket
2017-07-07 15:05:22 +02:00
Robert Swiecki
39ce9d22a7
caps: just local caps
2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f
caps: simplify capability operations
2017-07-05 15:57:07 +02:00
Robert Swiecki
7ba602a6ed
caps: move capability-setting code to caps.*
2017-07-05 13:03:14 +02:00
Robert Swiecki
b36c4fb26c
make indent
2017-07-01 22:23:11 +02:00
Robert Swiecki
ac2928d1c2
cmdlink: use different name while printing symlinks/mount points
2017-06-29 00:38:20 +02:00
Robert Swiecki
e4aba73385
Allow to create symlinks
2017-06-29 00:32:20 +02:00
Robert Swiecki
7e0a4cdba8
Get number of CPUs early, as it's read from /proc
2017-06-22 03:06:53 +02:00
Robert Swiecki
7917222486
mount: Use /tmp/nsjail.[tmp|root].<orig_euid>
2017-06-21 18:29:02 +02:00
Robert Swiecki
69783dc200
config: max_cpu_num -> max_cpus
2017-06-21 17:52:16 +02:00
Robert Swiecki
f0d80bf435
cmdline: cast pid_t to unsigned long when using *rintf
2017-06-20 23:11:35 +02:00
Robert Swiecki
73f1d44c92
Allow to use IPv4 addr with --bindhost
2017-06-19 22:35:57 +02:00
Robert Swiecki
ceaed43133
config: implement max_cpu_num in PB
2017-06-19 17:05:01 +02:00
Robert Swiecki
0e7393cccf
cmdline: implement affinity setting, to limit jailed process to n max cpus
2017-06-19 17:01:50 +02:00
Robert Swiecki
1dd3223b74
iface -> iface_vs
2017-06-12 22:20:21 +02:00
Robert Swiecki
63e4059f7a
Slight fixes to log_fd
2017-06-12 00:27:27 +02:00
Tony Young
c55dc8cb12
Add an extra log_fd argument to specify an FD to log to.
...
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
2017-06-11 22:12:18 +00:00
Tony Young
d0261d281d
Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd.
2017-06-09 00:00:12 +00:00
Robert Swiecki
9519f1038b
mount: introduce mountDescribeMountPt
2017-05-29 16:52:24 +02:00
Robert Swiecki
0271586e81
Get rid of pivot_root_only - achieve the same in different way
2017-05-29 03:11:32 +02:00
Robert Swiecki
7b2fc9cdac
add configs/firefox-with-cloned-net.cfg
2017-05-28 16:56:16 +02:00
Robert Swiecki
d7ccf0c9d8
Simplify uids/gids maps
2017-05-28 01:05:27 +02:00
Robert Swiecki
ed72ce3762
cmdline: avoid using %s with nullptr
2017-05-27 17:40:30 +02:00
Robert Swiecki
ec50c1346d
mount: nonmandatory mounts
2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89
config: allow skipping arguments in mount points
2017-05-27 15:01:34 +02:00
Robert Swiecki
03e8578e79
config: executable in config
2017-05-27 02:24:41 +02:00
Robert Swiecki
53f825115f
More work on uid mappings
2017-05-26 23:26:07 +02:00
Robert Swiecki
4eaa6cc9d3
Rewrite uid mapping system
2017-05-26 23:07:47 +02:00
Robert Swiecki
8e39afa25f
config: more options in the config #5
2017-05-26 15:22:59 +02:00
Robert Swiecki
08de9db57c
config: more options in the config #4
2017-05-26 14:08:09 +02:00
Robert Swiecki
92939c754e
config: more options in the config #3
2017-05-26 05:12:01 +02:00
Robert Swiecki
1bf794f492
config: add basic config support
2017-05-26 01:44:16 +02:00
Robert Swiecki
591188910e
cmdline/mount: use 'none' as src for tmpfs/proc
2017-05-24 17:09:24 +02:00
Robert Swiecki
c1165cf120
mount: simplify checking for whether source is dir or file
2017-05-24 14:46:44 +02:00
Robert Swiecki
054c4a3b4b
Merge branch 'master' of github.com:google/nsjail
2017-05-24 14:32:45 +02:00
Robert Swiecki
9c4c278021
Warn about uid/gid 0
2017-05-24 14:32:39 +02:00
Robert Swiecki
0d5befbd6f
TLS semantics for subprocCloneFlagsToStr and mountFlagsToStr
2017-05-22 01:10:49 +02:00
Robert Swiecki
525ba9e2dd
Convert mount flags to str
2017-05-21 17:37:18 +02:00
Serge Bazanski
00f7944718
Merge branch 'master' of github.com:google/nsjail into deprecate-iface-flag-names
2017-05-11 16:18:07 +01:00
Serge Bazanski
3b05a70b6b
Deprecate current iface/macvlan options.
...
This is in preparation for other networking models. The current option
names were very generic, and without namespacing them we could end up
with some very confusing naming.
Also some miscellaneous indentation fixes.
2017-05-11 15:17:54 +01:00
Robert Swiecki
e0ffb55b04
cmdline: examples for --iface_cs
2017-05-11 15:33:15 +02:00
Robert Swiecki
cf163807db
Kafel: wrong check
2017-05-08 15:53:43 +02:00