woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
606 Commits 2 Branches 0 Tags 1.5 MiB
293a683b14
Commit Graph

89 Commits

Author SHA1 Message Date
Yoshisato Yanagisawa
1389da4c91 Use 0xff as nsjail error code. 
For ease of distinguishing errors coming from a program executed by
nsjail and errors from nsjail, let me change nsjail error exit
status code to 0xff instead of 1.
I think most of programs use EXIT_FAILURE (i.e. 1) as a default
error exit status code.
 2017-09-25 14:08:22 +09:00
Robert Swiecki
374f6cc4f0 config: Initial work on converting config.c to c++ protobuf lib 
config: Initial work on converting config.c to c++ protobuf lib #2

config: Initial work on converting config.c to c++ protobuf lib #3

config: Initial work on converting config.c to c++ protobuf lib #4

config: Initial work on converting config.c to c++ protobuf lib #5

config: Initial work on converting config.c to c++ protobuf lib #6
 2017-09-14 21:17:38 +02:00
Robert Swiecki
86b71f3d1a util: implement utilTimeToStr 2017-06-21 18:46:19 +02:00
Robert Swiecki
fa2796fe65 util: Implement utilSigName() 2017-06-20 00:16:38 +02:00
Robert Swiecki
e7b3be206a Print remote IP when removing task from pool 2017-06-19 18:53:29 +02:00
Robert Swiecki
a55ff63861 make indent 2017-06-11 01:34:20 +02:00
Robert Swiecki
6e21eaa0da subproc: comments 2017-06-09 14:34:01 +02:00
Tony Young
d0261d281d Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd. 2017-06-09 00:00:12 +00:00
Robert Swiecki
4b96046f66 Use subprocCloneFlagsToStr() more 2017-05-22 03:39:22 +02:00
Robert Swiecki
7ab7bd2de4 Set upper value for signals as SIGSYS 2017-05-22 01:15:50 +02:00
Robert Swiecki
0d5befbd6f TLS semantics for subprocCloneFlagsToStr and mountFlagsToStr 2017-05-22 01:10:49 +02:00
Robert Swiecki
2797474557 Print signal in clone flags to str 2017-05-21 21:35:02 +02:00
Robert Swiecki
9509d3740d Make structs for flags printing more const 2017-05-21 19:46:03 +02:00
Robert Swiecki
a60f84d7e2 Add flags printing for clone() 2017-05-21 19:44:54 +02:00
Robert Swiecki
9414b1a635 subproc: print different message if /proc/pid/syscall contains 3 entries only 2017-05-08 15:24:03 +02:00
Robert Swiecki
341832d755 Duplicate logging fd, so it can be used from child process 2017-02-11 20:33:54 +01:00
Robert Swiecki
f990955d9e seccomp syscall printing: various formats of /proc/<pid>/syscall 2017-01-18 22:32:27 +01:00
Robert Swiecki
ae9c1bad9a subproc: logging 2016-11-20 23:55:44 +01:00
Robert Swiecki
78ccfa863a setjmp/longjmp: don't use stack-based jmp_buf, use TLS one 2016-11-03 03:53:52 +01:00
Robert Swiecki
d0a3edd67f log: don't print function name with INFO logs 2016-10-17 15:49:20 +02:00
Robert Swiecki
b1ca8dd1b5 subproc: comments 2016-10-17 15:47:50 +02:00
Robert Swiecki
c3462e2529 Typo: subproccloneFunc -> subprocCloneFunc 2016-10-15 02:58:42 +02:00
Robert Swiecki
2a8faeba7a Make use of subprocClone, plus remove use of syscall(__NR_getpid) 2016-10-15 02:42:01 +02:00
Robert Swiecki
fe7fe8591f Use common subprocSystem for executing commands 2016-10-12 02:01:12 +02:00
Jagger
ee7de33531 Use O_CLOEXEC when possible to avoid leaking FDs 2016-09-10 03:20:32 +02:00
Robert Swiecki
1dc33c7bcf Remove defer{} calls 2016-07-29 15:38:22 +02:00
Robert Swiecki
432c82bb34 Make it a bit more standards friendly 2016-07-21 15:48:47 +02:00
Jagger
e981cbc730 Init cgroups with -Me 2016-06-19 19:36:56 +02:00
Jagger
ac06ff56c9 Remove cgroup before reporting process being finished 2016-06-19 16:02:00 +02:00
Jagger
827e1a4e7d Init cgroups from parent 2016-06-19 15:50:25 +02:00
Jagger
a1f0ec7925 Support for CLONE_NEWCGROUP 2016-06-19 11:55:55 +02:00
Jagger
d4912847ed Make it compile with clang 2016-06-12 13:07:40 +02:00
Robert Swiecki
3edc8bf4a7 Move PID ns to a separate module 2016-05-13 17:07:44 +02:00
Jagger
d78e141f70 Use a subprocess to setup unshare mount /proc 2016-05-12 22:25:48 +02:00
Robert Swiecki
0f8fbf7ad9 Use dummy init with -Me 2016-05-11 16:20:05 +02:00
Robert Swiecki
5e0b5d92b8 Use %td instead of %tx for syscall number 2016-05-10 15:47:13 +02:00
Robert Swiecki
0493176513 Syscall printing 2016-05-10 15:45:48 +02:00
Jagger
4a5a796d26 Make it compile (de-facto) with clang 2016-05-09 23:16:26 +02:00
Jagger
95217d6d55 Restarts with interruptible syscalls 2016-05-09 23:11:18 +02:00
Robert Swiecki
6e25d47eba Cover interruptible syscalls with TEMP_FAILURE_RETRY 2016-05-09 15:16:26 +02:00
Jagger
c77d2097ff Print hex always as 0x 2016-05-08 04:00:33 +02:00
Jagger
994af12692 Indent 2016-05-08 03:36:31 +02:00
Jagger
d5162548b3 Print seccomp-bpf arguments in an organized way 2016-05-08 03:36:16 +02:00
Jagger
73c847fc98 Print /proc/<pid>/syscall upon SIGSYS 2016-05-08 03:09:43 +02:00
Jagger
590899b7b8 Make -Me work again 2016-05-05 05:44:12 +02:00
Jagger
2603deb84c No need to set return value with timeouts 2016-05-05 05:39:57 +02:00
Jagger
5bbfd06dcc Return 0 only of child returned 0 2016-05-05 05:12:06 +02:00
Jagger
87f1883c69 wait4 instead of waitpid 2016-05-05 05:07:21 +02:00
Jagger
070939e18a Better check for SIGSYS 2016-05-05 05:04:01 +02:00
Jagger
de9ff2382e Report seccomp violations 2016-05-05 01:58:26 +02:00