Robert Swiecki
4628ded479
Merge branch 'master' of github.com:google/nsjail
2019-07-01 14:52:32 +02:00
Robert Swiecki
d10c9fb90d
Disable securebits again to avoid spawned programs unexpectedly retaining capabilities after a UID/GID change
2019-07-01 14:51:32 +02:00
Robert Swiecki
21413c4157
user: typo
2019-06-28 19:08:21 +02:00
Robert Swiecki
317555b687
user: don't fail on setgroup() if not groups were specified
2019-06-28 13:31:43 +02:00
Patrick Steinhardt
91848d22bf
user: allow setting multiple groups without user namespaces
...
When not using a user namespace, then we'll completely ignore
whether multiple groups have been specified by the user and only set
up the process's GID. With user namespaces, we in fact cannot set up
supplementary groups as we have set up "/proc/self/setgroups" to
deny any call to setgroups(2). But we can do better than that when
not using user namespaces, as we're free to use that syscall.
As nsjail(1) documents that "--group" can be specified multiple
times without mentioning that this won't work with
"--disable_clone_newuser", change the code to make that
constellation work.
2019-06-20 12:12:16 +02:00
Robert Swiecki
56b99003b4
user: function naming
2019-03-31 15:16:24 +02:00
Robert Swiecki
a2dacef5d7
allow to use nsjail w/o namespaces
2019-03-29 21:38:14 +01:00
Robert Swiecki
061e32839f
use util::syscall whenever possible
2019-01-21 22:37:30 +01:00
Robert Swiecki
6a4315f318
More of RETURN_ON_FAILURE
2019-01-01 11:36:02 +01:00
Robert Swiecki
b8798fc9a7
use strtoimax when needed
2018-05-26 13:54:17 +02:00
Robert Swiecki
a42203a6dd
user: cons'ifize a var
2018-05-20 23:52:55 +02:00
Robert Swiecki
810394cf16
switc all == false cmps to !
2018-02-12 15:17:33 +01:00
Robert Swiecki
f1a6b08962
cmdline: simplify string splitting
2018-02-11 14:56:30 +01:00
Robert Swiecki
7b9178f5d7
make indent depend
2018-02-11 04:02:43 +01:00
Robert Swiecki
ac89fbb44f
user: simplify creation of uid/gid maps
2018-02-11 04:02:14 +01:00
Robert Swiecki
97278f191b
log: rename log to logs due to clash with glibc's log
2018-02-10 17:49:15 +01:00
Robert Swiecki
05304b3ba5
user: remove unnecessary structs
2018-02-10 15:51:47 +01:00
Robert Swiecki
4494deffa7
omit keyword 'struct'
2018-02-10 15:50:12 +01:00
Robert Swiecki
ecd4c32d9a
mnt: replace sys/queue with std::vector
2018-02-10 14:38:01 +01:00
Robert Swiecki
1761ed4fdc
move common.h to macros.h
2018-02-10 05:25:55 +01:00
Robert Swiecki
93005ef03d
nsjail: convert gids/uids to vector of structs
2018-02-10 00:37:23 +01:00
Robert Swiecki
7f72cbd497
all: move to C++
2018-02-09 18:55:42 +01:00
Robert Swiecki
a6c34999f2
util: move to C++
2018-02-09 18:45:50 +01:00
Robert Swiecki
15170f9d6c
cgroup: move to C++
2018-02-09 18:13:17 +01:00
Robert Swiecki
27a226ad28
user: move to C++
2018-02-09 18:08:11 +01:00