nsjail

woj/nsjail

Author	SHA1	Message	Date
Robert Swiecki	db9e34ebd3	subproc: warn about CLONE_NEWTIME and clone(), and remove notice about CLONE_NEWCGROUP as the kernel versions should be now new enough for its support	2021-07-16 22:53:40 +02:00
Robert Swiecki	737b300609	subproc: debug log for unshare()	2021-07-16 22:47:18 +02:00
Robert Swiecki	d1f332b911	Enable support for clone3() and for CLONE_NEWTIME	2021-05-18 14:38:01 +02:00
Mehul Arora	b09ad5e91c	Fixed macro in subproc.cc	2021-05-12 12:13:06 +05:30
Robert Swiecki	056809ed3b	Initial support for CLONE_NEWTIME	2021-05-11 14:48:45 +02:00
Robert Swiecki	e1e80e8efa	subproc: refer users to dmesg in case si_syscall==31 (SIGSYS)	2021-02-01 23:22:43 +01:00
Robert Swiecki	608618ea7b	subproc: kill a process once in the -Ml mode once the TCP connection has ended	2020-08-30 22:02:08 +02:00
Robert Swiecki	fc02a3911c	make indent	2020-08-26 16:09:55 +02:00
Christian Blichmann	910fb5498c	Fix a few typos. These were found by external tooling while preparing the Debian package. * Uknown -> Unknown * Writting -> Writing * commited -> committed * processess -> processes Signed-off-by: Christian Blichmann <mail@blichmann.eu>	2020-07-07 14:07:22 +02:00
Piotr Krysiuk	b582491e02	fix non-functional max_conns_per_ip Starting with nsjail::listenMode update to pipe socket traffic [commit `273ce6bc84`], a pipe file descriptor is passed as connsock parameter when calling net::limitConns and also as sock parameter when calling addProc in subproc::runChild. This breaks net::limitConns because pid.remote_addr and also local variable addr are left uninitialized despite net::connToText calls when counting number of existing network connections from the same peer. The subsequent correction to fetch remote address [commit `2cf562160d`] made the bug even more interesting, since the loop in net::limitConns now compares unsanitized content of stack with network addresses of already connected clients.	2020-03-19 00:13:28 +00:00
Robert Swiecki	59abcc476e	subproc: debug log when hotting SIHQUIT (Ctrl+\) #2 - better check	2020-02-17 14:13:17 +01:00
Robert Swiecki	e0b941565d	subproc: debug log when hotting SIHQUIT (Ctrl+\)	2020-02-17 14:11:58 +01:00
Robert Swiecki	ab8b319c13	subproc: verify that a pid in a pid map doesn't exist before inserting	2020-02-17 14:07:25 +01:00
Robert Swiecki	2cf562160d	nsjail/pid/subproc: a). keep childrens' PIDs in a map indexed by pid b). correctly fetch remote IPv6 address text	2020-02-16 22:34:19 +01:00
Robert Swiecki	04e5fae0e3	subproc: recognize CLONE_PIDFD	2019-12-10 11:09:14 +01:00
Robert Swiecki	0773b75900	subproc: fix invalid conversions from util::syscall to syscall	2019-09-02 16:10:19 +02:00
Jay Lees	08f62b6f76	[cgroup-v2] support cgroup v2 for mem, cpu and pids	2019-07-26 07:02:17 -07:00
Robert Swiecki	8059747016	subproc: save/restore errno when printing error message twice	2019-03-12 17:07:24 +01:00
Robert Swiecki	061e32839f	use util::syscall whenever possible	2019-01-21 22:37:30 +01:00
Robert Swiecki	83fc152d7c	Make netlink3-route mandatory	2019-01-20 18:37:47 +01:00
Robert Swiecki	48f67f131a	subproc: PLOG -> LOG	2019-01-04 01:41:26 +01:00
Robert Swiecki	864aa72a2a	subproc: print more data on sigsys	2018-12-05 10:10:21 +01:00
disconnect3d	25a7791d34	Fix utils::writeToFd return type The `writeToFd` function in `util.cc` returns `ssize_t` but the only returned values are either `false` or `true`. ``` ssize_t writeToFd(int fd, const void* buf, size_t len) { (...) return false; (...) return true; ```	2018-11-24 16:40:30 +01:00
Robert Swiecki	5a8a178290	configs/bash: add noexec/nodev/nosuid to a mount	2018-07-27 22:54:28 +02:00
Wiktor Garbacz	bb4e77686d	subproc: reap processes after killing Always try to release resources if possible. Fixes #69	2018-07-27 13:33:39 +02:00
Robert Swiecki	d355e1dc08	subproc: better log messages	2018-07-23 23:35:01 +02:00
Robert Swiecki	4c87531bcc	Don't re-run process if previous execution failed	2018-07-23 17:13:17 +02:00
Robert Swiecki	4ef480546d	subproc: correct casting for nsjconf->tlimit in printf	2018-07-05 14:32:07 +02:00
Robert Swiecki	5176140e3f	Merge branch 'master' of github.com:google/nsjail	2018-06-07 14:59:32 +02:00
Robert Swiecki	ffd836018d	subproc: replicate bash behavior on exit values	2018-06-07 14:59:12 +02:00
Robert Swiecki	fc0e98b6b4	subproc: better log messages	2018-06-03 03:22:50 +02:00
Robert Swiecki	ff63b2ed4f	nsjail: better return values	2018-05-28 01:40:02 +02:00
Robert Swiecki	b8798fc9a7	use strtoimax when needed	2018-05-26 13:54:17 +02:00
Robert Swiecki	2b6955e48c	A few c++isms more	2018-05-23 18:19:17 +02:00
Robert Swiecki	c365eb1766	More c++ isms	2018-05-22 14:27:18 +02:00
Robert Swiecki	1b3e42d65a	more C++-izations over places #2	2018-04-29 01:15:44 +02:00
Robert Swiecki	a346634ec3	more C++-izations over places	2018-04-29 01:10:09 +02:00
Robert Swiecki	11195999a3	rename ARRAYSIZE to ARR_SZ due to clash with protobufs headers	2018-02-13 16:53:45 +01:00
Robert Swiecki	8a22a4abb6	convert exec file and argv to string/vector	2018-02-12 16:52:05 +01:00
Robert Swiecki	810394cf16	switc all == false cmps to !	2018-02-12 15:17:33 +01:00
Robert Swiecki	7b9178f5d7	make indent depend	2018-02-11 04:02:43 +01:00
Robert Swiecki	ac89fbb44f	user: simplify creation of uid/gid maps	2018-02-11 04:02:14 +01:00
Robert Swiecki	0513124b4f	mnt: convert describeMountPt from const char* to std::string	2018-02-11 00:24:43 +01:00
Robert Swiecki	55e8e09c4a	net: convert net::connToText to std::string	2018-02-11 00:17:44 +01:00
Robert Swiecki	f2a52533be	convert some funcs returning pointers to to TLS to std::string	2018-02-10 21:19:47 +01:00
Robert Swiecki	0efa230cdd	change global vars to _ prefix	2018-02-10 20:32:04 +01:00
Robert Swiecki	97278f191b	log: rename log to logs due to clash with glibc's log	2018-02-10 17:49:15 +01:00
Robert Swiecki	4494deffa7	omit keyword 'struct'	2018-02-10 15:50:12 +01:00
Robert Swiecki	ecd4c32d9a	mnt: replace sys/queue with std::vector	2018-02-10 14:38:01 +01:00
Robert Swiecki	1761ed4fdc	move common.h to macros.h	2018-02-10 05:25:55 +01:00

1 2

60 Commits