Robert Swiecki
|
354c5ae47b
|
open kafel file in each kafel subproc individually to avoid file pos sharing
|
2018-01-31 16:04:39 +01:00 |
|
Robert Swiecki
|
6e63fd4115
|
rewind kafel file before using
|
2018-01-31 14:40:23 +01:00 |
|
robertswiecki
|
b60d38557d
|
Merge pull request #72 from rutsky/fix_tmpfs_size
fix tmpfs size setting
|
2018-01-08 02:50:30 +01:00 |
|
Vladimir Rutsky
|
f8a8506996
|
fix tmpfs size setting
Broken since c35857cff2 commit.
Signed-off-by: Vladimir Rutsky <rutsky@google.com>
|
2018-01-08 02:02:19 +01:00 |
|
robertswiecki
|
6e3993b9ca
|
Merge pull request #68 from rutsky/fix_mode_in_error_messages
fix permission values in error messages
|
2018-01-02 22:55:42 +01:00 |
|
Vladimir Rutsky
|
87c19b803f
|
fix permission values in error messages
Signed-off-by: Vladimir Rutsky <rutsky@google.com>
|
2018-01-02 22:43:45 +01:00 |
|
robertswiecki
|
f7c4e4b13d
|
Merge pull request #67 from maxmati/master
Remove redundant check if UTS namespace is enabled
|
2017-12-20 22:32:47 +01:00 |
|
Mateusz Nowotyński
|
600f7fcc89
|
Remove redundant check if UTS namespace is enabled
|
2017-12-20 19:56:44 +01:00 |
|
Robert Swiecki
|
b7b6faf5df
|
new kafel
|
2017-12-18 02:04:44 +01:00 |
|
robertswiecki
|
a92461042c
|
Merge pull request #66 from kant/patch-1
Minor fixes (proposal)
|
2017-12-09 14:13:11 +01:00 |
|
Darío Hereñú
|
2eaa979b5a
|
Minor fixes (proposal)
|
2017-12-09 09:05:37 -03:00 |
|
Robert Swiecki
|
e55ab672c2
|
configs: use rlimit_cpu_type instead of rlimit_cpu: 18446744073709551615
|
2017-12-07 15:35:52 +01:00 |
|
Robert Swiecki
|
f31d539e72
|
configs/ #typos
|
2017-12-07 15:06:31 +01:00 |
|
Robert Swiecki
|
928e5344f1
|
New config for xchat2 #typos
|
2017-12-07 15:03:23 +01:00 |
|
Robert Swiecki
|
86b6789bed
|
New config for xchat2
|
2017-12-07 14:39:19 +01:00 |
|
Robert Swiecki
|
750d37aefd
|
configs/firefox*: add fontconfig
|
2017-12-05 22:23:48 +01:00 |
|
Robert Swiecki
|
8fe58806f2
|
configs/imagemagick: more syscalls allowed
|
2017-12-05 22:13:00 +01:00 |
|
Robert Swiecki
|
af7bfc16aa
|
config.cc: set exec_file only if arg0 is set
|
2017-12-05 15:44:53 +01:00 |
|
Robert Swiecki
|
5c8397860c
|
configs: some fixes thanks to the write-up at https://offbyinfinity.com/2017/12/sandboxing-imagemagick-with-nsjail/
|
2017-12-05 15:01:27 +01:00 |
|
Robert Swiecki
|
e8e2f4b011
|
user: correct check for getpwnam/gegrpnam failures
|
2017-12-02 02:53:32 +01:00 |
|
Robert Swiecki
|
dd0b51eded
|
remove _NSConcreteStackBlock as we don't use defer{} any more
|
2017-11-20 17:03:06 +01:00 |
|
Robert Swiecki
|
d7bcad2076
|
nsjail.h: different if guards for TEMP_FAILURE_RETRY
|
2017-11-08 17:20:57 +01:00 |
|
robertswiecki
|
26d0a278c6
|
Merge pull request #64 from ebadi/master
Minor fixes
|
2017-11-08 17:16:53 +01:00 |
|
Hamid Ebadi
|
be8fb2ad73
|
Minor fixes
|
2017-11-08 16:45:02 +01:00 |
|
robertswiecki
|
9b6759f1a1
|
Merge pull request #63 from ShikChen/master
Fix max_conns_per_ip
|
2017-11-04 17:52:59 +01:00 |
|
shik
|
9e355cbcfc
|
fix max_conns_per_ip
|
2017-11-04 22:15:31 +08:00 |
|
Robert Swiecki
|
a07ee95595
|
cmdline: comment on skip_setsid
|
2017-11-02 13:13:07 +01:00 |
|
Robert Swiecki
|
e2f96f6019
|
config.proto: comment on skip_setsid
|
2017-11-02 13:08:08 +01:00 |
|
Robert Swiecki
|
6dec393fb2
|
subproc: actually si_syscall don't show syscalls
|
2017-11-01 14:21:50 +01:00 |
|
robertswiecki
|
27c05b367f
|
Merge pull request #61 from jvvv/master
Adjust documents for clone_newcgroup change.
|
2017-10-28 23:36:02 +02:00 |
|
John Vogel
|
8f39ec5436
|
Adjust documents for clone_newcgroup change.
Change --enable_clone_newcgroup to --disable_clone_newcgroup.
Add comment about kernel version for clone_newcgroup option.
|
2017-10-27 00:33:07 -04:00 |
|
Robert Swiecki
|
ca705b4fea
|
Makefile: remove relro,now as it doesn't allow to compile under some archs
|
2017-10-27 01:53:05 +02:00 |
|
Robert Swiecki
|
55c35f380f
|
mount: add info about mounting /proc
|
2017-10-26 23:00:15 +02:00 |
|
Robert Swiecki
|
a3c00c7321
|
subproc: reflow comments
|
2017-10-26 22:57:14 +02:00 |
|
Robert Swiecki
|
a87cd58bee
|
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config #2
|
2017-10-26 16:19:30 +02:00 |
|
Robert Swiecki
|
3734b8801f
|
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config
|
2017-10-26 16:16:05 +02:00 |
|
Robert Swiecki
|
805ceb4363
|
configs/ increas rlimit_nofile for firefox
|
2017-10-26 02:43:40 +02:00 |
|
Robert Swiecki
|
c04ca63190
|
mount: const'antize the mountPair struct
|
2017-10-26 02:29:15 +02:00 |
|
Robert Swiecki
|
2ab64972fd
|
mount: an array of known mount/vfsmount flag pairs
|
2017-10-26 02:27:18 +02:00 |
|
Robert Swiecki
|
91991fc75e
|
mount: don't reuse flags from statvfs directly for remounting
|
2017-10-26 02:17:52 +02:00 |
|
Robert Swiecki
|
659bbd1b4a
|
config.proto: reflow field numbering
|
2017-10-26 00:35:59 +02:00 |
|
Robert Swiecki
|
082b3821bb
|
Makefile/indent: add clang-format for proto
|
2017-10-26 00:34:32 +02:00 |
|
Robert Swiecki
|
e2529ce04f
|
Makefile/indent: base it on the google template with modifications
|
2017-10-26 00:26:02 +02:00 |
|
Robert Swiecki
|
5b593d33b4
|
Update kafel to 33d7970ba0d5a1939371f3448e13ede833b32afd
|
2017-10-25 16:04:28 +02:00 |
|
Robert Swiecki
|
e309e11f55
|
cgroup: remove duplicated check for values
|
2017-10-25 15:57:17 +02:00 |
|
Robert Swiecki
|
697b8698b4
|
nsjail: make njsconf::cgroup_pids_max unsigned int #2
|
2017-10-25 15:51:06 +02:00 |
|
Robert Swiecki
|
61727949ca
|
nsjail: make njsconf::cgroup_pids_max unsigned int
|
2017-10-25 15:50:24 +02:00 |
|
Robert Swiecki
|
a1260e49f3
|
Use uint64_t instead of __rlim64_t
|
2017-10-25 15:44:35 +02:00 |
|
robertswiecki
|
9f1639fa9c
|
Merge pull request #58 from pandax381/support-cgroup-net-cls
Support cgroup net_cls subsystem
|
2017-10-25 15:35:35 +02:00 |
|
YAMAMOTO Masaya
|
6338c77636
|
Update documents
|
2017-10-25 17:56:14 +09:00 |
|