woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
562 Commits 2 Branches 0 Tags 1.5 MiB
374f6cc4f0
Commit Graph

562 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Swiecki
374f6cc4f0 config: Initial work on converting config.c to c++ protobuf lib 
config: Initial work on converting config.c to c++ protobuf lib #2

config: Initial work on converting config.c to c++ protobuf lib #3

config: Initial work on converting config.c to c++ protobuf lib #4

config: Initial work on converting config.c to c++ protobuf lib #5

config: Initial work on converting config.c to c++ protobuf lib #6
 2017-09-14 21:17:38 +02:00
John Vogel
dae05bfd31 Add manual page. 2017-09-14 21:17:08 +02:00
Robert Swiecki
3cb0f088e2 readme 2017-08-13 13:05:33 +02:00
Robert Swiecki
049fffb14f caps: Bypass for systems which kernel defines CAP_AUDIT_READ but libcap doesn't understand this 2017-07-18 23:00:04 +02:00
robertswiecki
bab2cf1667 Merge pull request #34 from disconnect3d/fix-dockerfile-build 
Fix dockerfile: add libcap-dev install
 2017-07-18 21:32:00 +02:00
disconnect3d
25deba1425 Fix dockerfile: add libcap-dev install 
Before the fix the build ends up somewhere with:
> sys/capability.h: No such file or directory
 2017-07-18 21:19:23 +02:00
Robert Swiecki
cf3525dd49 Makefile: add -D_FILE_OFFSET_BITS=64 to CFLAGS 2017-07-15 15:04:25 +02:00
Robert Swiecki
43e402af06 configs/bash: bring back changed euid for bash 2017-07-13 02:34:18 +02:00
Robert Swiecki
5683ea7e09 cmdline: better warning about uid/gid 0 2017-07-13 02:33:11 +02:00
Robert Swiecki
b389fcdc3d configs/apache: spaces to tabs 2017-07-07 19:12:42 +02:00
Robert Swiecki
83cb1f2764 configs/apache: remove cpu limit and unnecessary is_bind 2017-07-07 19:11:56 +02:00
Robert Swiecki
6c71def056 configs/apache: remove ld.so.cache 2017-07-07 19:06:04 +02:00
Robert Swiecki
9cc85ad853 cmdline: remove unnecessary bracket 2017-07-07 15:05:22 +02:00
Robert Swiecki
f18976d43d net: un-const'ify array 2017-07-07 12:14:25 +02:00
Robert Swiecki
65e00f3f65 net: const'ify array 2017-07-07 12:13:24 +02:00
Robert Swiecki
1ee518c464 net: improve debugging 2017-07-07 12:10:22 +02:00
Robert Swiecki
7146a8761c examples/apache: sort the entries again 2017-07-07 12:08:26 +02:00
Robert Swiecki
72dfb86551 examples/apache: sort includes 2017-07-07 02:52:05 +02:00
Robert Swiecki
14282ca2e1 examples/apache: manual formatting of seccomp-bpf policy 2017-07-07 02:37:33 +02:00
Robert Swiecki
b87ffc44df examples/apache: manual formatting of seccomp-bpf policy 2017-07-07 02:36:23 +02:00
Robert Swiecki
657166bf73 examples/apache: formatting with clang-format 2017-07-07 02:34:57 +02:00
Robert Swiecki
6ce7e253f9 mount: Use MS_BIND when remounting R/O 2017-07-06 19:39:12 +02:00
Robert Swiecki
7153d489fd caps: dropping caps from the bounding set 2017-07-06 14:55:27 +02:00
Robert Swiecki
6c1205badc util: mroe debugging 2017-07-06 14:37:10 +02:00
Robert Swiecki
074582782c caps: shorter debug messages 2017-07-06 11:37:41 +02:00
Robert Swiecki
c9e95e7be2 make indent 2017-07-06 11:25:46 +02:00
Robert Swiecki
7d53f4ad1e caps: simplify cap getting/setting 2017-07-06 02:21:08 +02:00
Robert Swiecki
7226893b12 config: bind caps 2017-07-06 01:12:13 +02:00
Robert Swiecki
5ed3c033ed caps: more debugging 2017-07-05 17:34:56 +02:00
Robert Swiecki
39ce9d22a7 caps: just local caps 2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f caps: simplify capability operations 2017-07-05 15:57:07 +02:00
Robert Swiecki
df0119a5b0 caps: CAP_AUDIT_READ is not defined with Ubuntu 14 2017-07-05 14:19:51 +02:00
Robert Swiecki
1ece9abf71 Merge branch 'master' of ssh://github.com/google/nsjail 2017-07-05 13:03:22 +02:00
Robert Swiecki
7ba602a6ed caps: move capability-setting code to caps.* 2017-07-05 13:03:14 +02:00
robertswiecki
2ebf1ff78c Merge pull request #30 from andy0130tw/fix/config-fake-euid 
Add back ERRNO(1337) for example config
 2017-07-03 22:53:56 +02:00
Andy Pan
b2855a8164 Add back ERRNO(1337) for example config 2017-07-04 04:26:37 +08:00
Robert Swiecki
5a68595a5b mount: allow for non-mandatory symlinks 
mount: allow for non-mandatory symlinks
 2017-07-02 03:40:47 +02:00
Robert Swiecki
e86598c544 config.proto: reflow field numbering to make it sequential 2017-07-02 00:20:35 +02:00
Robert Swiecki
b36c4fb26c make indent 2017-07-01 22:23:11 +02:00
Robert Swiecki
ac2928d1c2 cmdlink: use different name while printing symlinks/mount points 2017-06-29 00:38:20 +02:00
Robert Swiecki
e4aba73385 Allow to create symlinks 2017-06-29 00:32:20 +02:00
Robert Swiecki
963a7b6913 config: missing bind for is_root_rw 2017-06-26 20:39:51 +02:00
Robert Swiecki
64f6232e9c config: rename the chrome profile 2017-06-22 16:12:56 +02:00
Robert Swiecki
7e0a4cdba8 Get number of CPUs early, as it's read from /proc 2017-06-22 03:06:53 +02:00
Robert Swiecki
e7b45b6e01 cpu: correct year 2017-06-22 02:56:10 +02:00
Robert Swiecki
cd17b43cb0 remove configs/config1.example 2017-06-22 02:28:02 +02:00
Robert Swiecki
de28b4d709 configs: demo policy for chrome 2017-06-22 01:37:18 +02:00
Robert Swiecki
e802c5c9aa mount: use /dev/shm first as a tmp dir 2017-06-22 01:21:09 +02:00
Robert Swiecki
3c7eb879d8 cpu: logging 2017-06-22 00:42:04 +02:00
Robert Swiecki
c5c925b6fd mount: use TMPDIR to create a temporary dir 2017-06-22 00:39:34 +02:00