woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,162 Commits 2 Branches 0 Tags 1.5 MiB
38fcf4f752
Commit Graph

106 Commits

Author SHA1 Message Date
Patrick Steinhardt
df21a972b6 nsjail: Optionally forward fatal signals 
Currently, we always kill children by sending them a SIGKILL signal in
case we've got a fatal signal. This is rather inflexible and forbids
some usecases where e.g. child process listen for specific signals to
shut down gracefully.

Add a new command configuration `--forward_signals` that allows the user
to opt-in to forwarding fatal signals to the child process.
 2022-06-05 19:38:32 +02:00
Michał Kowalczyk
16b4416d75 Add disable_tsc option 
Implemented via prctl(PR_SET_TSC, PR_TSC_SIGSEGV, ...).
 2022-02-17 23:53:13 +01:00
Philip
bf93e8a25d cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max 2021-11-01 10:28:41 +01:00
Johan Kartiwa
29a556068a Add support for setting cgroup memory.memsw.limit_in_bytes 2021-10-11 15:46:36 +02:00
Robert Swiecki
d6b9357e6b config.proto: renumerate fields 2021-08-10 19:17:33 +02:00
Wiktor Garbacz
8e13a76b99 Fix duplicate field number 2021-08-04 10:25:38 +02:00
Wiktor Garbacz
95e112cf41 Fix formatting 2021-08-03 17:46:08 +02:00
Wiktor Garbacz
4136dd50d8 Merge branch 'use_switchroot' 2021-08-03 17:44:57 +02:00
Eli Zrihen
7aace9bdc6 rtprio, msgqueue - defaulting to 'soft' 2021-07-20 16:00:13 +03:00
Eli Zrihen
b83d6f7421 Renaming use_switchroot option with no_pivotroot 2021-07-20 15:45:58 +03:00
Eli Zrihen
9f4b4f41e7 Consistentency with RLIMIT_* constant name 2021-07-20 15:20:47 +03:00
Eli Zrihen
0f903ba9a0 Added rt, memlock & msgq limits 2021-07-19 17:21:34 +03:00
Eli Zrihen
dab1713ac9 Added use_switchroot option 2021-06-17 14:57:01 +03:00
Eli Zrihen
5c8b3835b7 MACVLAN modes support 2021-06-16 16:59:12 +03:00
Robert Swiecki
d1f332b911 Enable support for clone3() and for CLONE_NEWTIME 2021-05-18 14:38:01 +02:00
Robert Swiecki
056809ed3b Initial support for CLONE_NEWTIME 2021-05-11 14:48:45 +02:00
Philip Papurt
32f2287fbb
net: add support for max_conns 2021-02-09 17:13:35 -05:00
Robert Swiecki
7ca0657316 config.proto: make indent 2020-07-28 14:03:27 +02:00
Robert Swiecki
0a5a5296dd config.proto: renumerate config fields 2020-07-28 14:02:34 +02:00
Disconnect3d
5d103e595a
Fixes #146: cgroups_mem_max unit in config.proto 
This commit fixes the incorrect cgroups_mem_max unit described in a config.proto comment.

We do not perform any calculations on this value and we don't specify the values unit (k/M/G) when writing to memory cgroup controller files, so the value is specified in bytes.
 2020-07-16 14:43:43 +02:00
Robert Swiecki
a2d5b07c76 config: remove deprecated config options 2020-07-09 17:28:56 +02:00
Disconnect3d
7f9ed1ba12
Fix default rlimit_stack value 
The default `rlimit_stack` value was set to 1048576. However, this value is in MiB and so is later multiplied by 1024*1024 in b3d544d155/config.cc (L161-L162) and it ends up as a limit of 1 TB for the stack size.

This PR changes it to 8 MB which is a more sane default or, at least I took it from my virtual machine's ulimits:
```
$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 31175
max locked memory       (kbytes, -l) 16384
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 31175
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
```
 2019-12-07 17:05:45 +01:00
Robert Swiecki
b3d544d155 config: simplify log/logfd setting 2019-10-02 19:43:58 +02:00
Lukasz Milewski
0bc575063b Fix typo in config.proto: s/lofs/logs/ 2019-09-06 15:08:30 -07:00
Robert Swiecki
e2c5c59bd3 standardize on envar vs envvar 2019-08-28 22:18:58 +02:00
Robert Swiecki
fe762a37b9 config.proto: move disable_rl higher 2019-08-19 14:28:45 +02:00
Jay Lees
86293b052e Add flag to disable rlimits 2019-08-05 03:25:22 -07:00
Robert Swiecki
b120acd5b5 make indent depend 2019-08-04 09:50:34 +02:00
Jay Lees
08f62b6f76 [cgroup-v2] support cgroup v2 for mem, cpu and pids 2019-07-26 07:02:17 -07:00
Robert Swiecki
494a5f63cd Add nice_level to cmd-line/config options 2019-06-30 21:50:56 +02:00
Robert Swiecki
317555b687 user: don't fail on setgroup() if not groups were specified 2019-06-28 13:31:43 +02:00
Robert Swiecki
1f022a2187 config.proto: Exe.path is required 2019-04-01 22:43:17 +02:00
Robert Swiecki
2b1bad6b5b cmdline: allow to override config cmdline with cmdline cmdline 2019-03-30 16:10:14 +01:00
Robert Swiecki
9fe225dbe2 mnt: use /run/usr/<uid> first when mounting dirs 2019-03-18 16:37:04 +01:00
Robert Swiecki
8059747016 subproc: save/restore errno when printing error message twice 2019-03-12 17:07:24 +01:00
Robert Swiecki
9b8d91bd7f incrase the default RLIMIT_AS limit to 4GiB. 512MiB is not enough for many payloas, and cgroups should be used for memory limiting anyway 2019-02-06 17:06:42 +01:00
Robert Swiecki
432c38ad23 cmdline: clarify cgroup_cpu_ms_per_sec 2018-12-05 14:35:16 +01:00
Robert Swiecki
ddd515e890 config.proto: renumber the fields 2018-11-08 07:09:41 +01:00
Robert Swiecki
625e36f912 config.proto: comments 2018-11-06 17:30:04 +01:00
Robert Swiecki
c7dd18c612 cmdline: add ability to passthrough current envvars 2018-10-28 17:15:55 +01:00
Wiktor Garbacz
7fe87b41c7 code formatting 2018-10-24 10:31:14 +02:00
Micky Del Favero
303f7ab7f0 Remove duplicate code 
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
 2018-10-23 22:24:43 +02:00
Micky Del Favero
233a7296fe Added --macvlan_vs_ma switch to be able to set macvlan's mac-address. 
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
 2018-10-23 15:05:50 +02:00
Disconnect3d
760350d788
Update config.proto 2018-07-31 23:10:05 +02:00
Disconnect3d
755626f543
Update config.proto 2018-07-31 23:09:24 +02:00
Wiktor Garbacz
ba14675185 mnt: added nosuid/nodev/noexec flags to config 
Closes #70
 2018-07-27 11:29:15 +02:00
Robert Swiecki
272a85477a config: Implement --stderr_to_null 2018-06-25 03:12:27 +02:00
Robert Swiecki
111481532b config: add --iface_own to the proto config 2018-06-03 03:19:40 +02:00
Robert Swiecki
48e8634ba5 config: add support for seccomp_log 2018-05-23 15:38:45 +02:00
Robert Swiecki
0e4f623456 config.proto: deprecated --chroot and friends 2018-04-29 00:51:55 +02:00