Robert Swiecki
3ae090dad2
configs: format seccomp policies
2017-09-27 15:49:12 +02:00
Robert Swiecki
374f6cc4f0
config: Initial work on converting config.c to c++ protobuf lib
...
config: Initial work on converting config.c to c++ protobuf lib #2
config: Initial work on converting config.c to c++ protobuf lib #3
config: Initial work on converting config.c to c++ protobuf lib #4
config: Initial work on converting config.c to c++ protobuf lib #5
config: Initial work on converting config.c to c++ protobuf lib #6
2017-09-14 21:17:38 +02:00
Robert Swiecki
43e402af06
configs/bash: bring back changed euid for bash
2017-07-13 02:34:18 +02:00
Robert Swiecki
5683ea7e09
cmdline: better warning about uid/gid 0
2017-07-13 02:33:11 +02:00
Robert Swiecki
b389fcdc3d
configs/apache: spaces to tabs
2017-07-07 19:12:42 +02:00
Robert Swiecki
83cb1f2764
configs/apache: remove cpu limit and unnecessary is_bind
2017-07-07 19:11:56 +02:00
Robert Swiecki
6c71def056
configs/apache: remove ld.so.cache
2017-07-07 19:06:04 +02:00
Robert Swiecki
7146a8761c
examples/apache: sort the entries again
2017-07-07 12:08:26 +02:00
Robert Swiecki
72dfb86551
examples/apache: sort includes
2017-07-07 02:52:05 +02:00
Robert Swiecki
14282ca2e1
examples/apache: manual formatting of seccomp-bpf policy
2017-07-07 02:37:33 +02:00
Robert Swiecki
b87ffc44df
examples/apache: manual formatting of seccomp-bpf policy
2017-07-07 02:36:23 +02:00
Robert Swiecki
657166bf73
examples/apache: formatting with clang-format
2017-07-07 02:34:57 +02:00
Robert Swiecki
7226893b12
config: bind caps
2017-07-06 01:12:13 +02:00
Robert Swiecki
39ce9d22a7
caps: just local caps
2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f
caps: simplify capability operations
2017-07-05 15:57:07 +02:00
Andy Pan
b2855a8164
Add back ERRNO(1337) for example config
2017-07-04 04:26:37 +08:00
Robert Swiecki
5a68595a5b
mount: allow for non-mandatory symlinks
...
mount: allow for non-mandatory symlinks
2017-07-02 03:40:47 +02:00
Robert Swiecki
e4aba73385
Allow to create symlinks
2017-06-29 00:32:20 +02:00
Robert Swiecki
64f6232e9c
config: rename the chrome profile
2017-06-22 16:12:56 +02:00
Robert Swiecki
cd17b43cb0
remove configs/config1.example
2017-06-22 02:28:02 +02:00
Robert Swiecki
de28b4d709
configs: demo policy for chrome
2017-06-22 01:37:18 +02:00
Robert Swiecki
69783dc200
config: max_cpu_num -> max_cpus
2017-06-21 17:52:16 +02:00
Robert Swiecki
89de032187
configs/bash: remove /dev/shm from bash cfg
2017-06-21 03:40:18 +02:00
Robert Swiecki
0c73e84af5
configs: add /dev/shm
2017-06-20 03:14:09 +02:00
Robert Swiecki
be083f6752
config: bind port to config
2017-06-19 23:52:56 +02:00
Robert Swiecki
ceaed43133
config: implement max_cpu_num in PB
2017-06-19 17:05:01 +02:00
Robert Swiecki
88d8570843
configs/bash: set argv[0]
2017-06-12 02:16:27 +02:00
Robert Swiecki
24002c606d
configs/home-documents-with-xorg-no-net: add /dev/null
2017-05-29 19:24:14 +02:00
Robert Swiecki
35be622f80
configs:configs/home-documents-with-xorg-no-net Xorg socket as R/W
2017-05-29 19:03:37 +02:00
Robert Swiecki
593943ec3a
configs/bash-with-fake-geteuid: block ptrace, fix description
2017-05-29 16:57:04 +02:00
Robert Swiecki
ca245f9cdb
configs: typo
2017-05-29 15:01:34 +02:00
Robert Swiecki
6380474301
Simplify mountMount
2017-05-29 03:29:14 +02:00
Robert Swiecki
0271586e81
Get rid of pivot_root_only - achieve the same in different way
2017-05-29 03:11:32 +02:00
Robert Swiecki
285412c4dd
configs/bash-with-fake-geteuid set home
2017-05-28 19:22:03 +02:00
Robert Swiecki
9dcb84572d
configs/bash-with-fake-geteuid skip_setsid for job control
2017-05-28 19:21:22 +02:00
Robert Swiecki
785852ac22
configs/bash-with-fake-geteuid fancier PS1
2017-05-28 19:20:25 +02:00
Robert Swiecki
9db01ec991
config: implement keep caps
2017-05-28 19:17:48 +02:00
Robert Swiecki
8e00976f49
configs/imagemagick: increase rlimit_as
2017-05-28 17:42:15 +02:00
Robert Swiecki
6495f222ec
configs/bash-with-fake-geteuid.cfg set TERM
2017-05-28 17:37:01 +02:00
Robert Swiecki
c42c372043
configs/home-documents-with-xorg-no-net.cfg: increase rlimit_as
2017-05-28 17:32:14 +02:00
Robert Swiecki
2b6cfde887
configs/home-documents-with-xorg-no-net.cfg: increase rlimit_as
2017-05-28 17:30:51 +02:00
Robert Swiecki
7b2fc9cdac
add configs/firefox-with-cloned-net.cfg
2017-05-28 16:56:16 +02:00
Robert Swiecki
857b9901f5
configs: smaller profile for xorg tools
2017-05-28 15:27:13 +02:00
Robert Swiecki
3443d19054
configs: set cwd to /usr
2017-05-28 15:15:48 +02:00
Robert Swiecki
0585f0819d
configs/firefox: add /usr/bin/firefox bind mount
2017-05-28 03:30:27 +02:00
Robert Swiecki
df60b4a6cc
configs/firefox description fix
2017-05-28 03:29:01 +02:00
Robert Swiecki
de573a7a90
add configs/imagemagick-convert.cfg
2017-05-28 03:22:11 +02:00
Robert Swiecki
5697492122
mount: canonicalize paths
2017-05-28 03:19:13 +02:00
Robert Swiecki
f0eb0b3dbf
configs: tigher policy for firefox
2017-05-28 02:55:50 +02:00
Robert Swiecki
37c2875e2e
configs: small tweaks
2017-05-28 01:30:26 +02:00