woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,163 Commits 2 Branches 0 Tags 1.5 MiB
4128a7cbd9
Commit Graph

93 Commits

Author SHA1 Message Date
Patrick Steinhardt
df21a972b6 nsjail: Optionally forward fatal signals 
Currently, we always kill children by sending them a SIGKILL signal in
case we've got a fatal signal. This is rather inflexible and forbids
some usecases where e.g. child process listen for specific signals to
shut down gracefully.

Add a new command configuration `--forward_signals` that allows the user
to opt-in to forwarding fatal signals to the child process.
 2022-06-05 19:38:32 +02:00
Michał Kowalczyk
e9d00e3d7e README.md: Update usage to the current version 2022-02-18 00:42:34 +01:00
Philip
bf93e8a25d cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max 2021-11-01 10:28:41 +01:00
Johan Kartiwa
29a556068a Add support for setting cgroup memory.memsw.limit_in_bytes 2021-10-11 15:46:36 +02:00
Colin Stolley
8a1f3b5f4d The default rlimit_as value is 4096, not 512. 
In 9b8d91bd7f the default for rlimit_as
was increased to 4096 MB, but old default remained in the man page,
readme, etc. This patch corrects those spots with the right value.
 2021-09-14 11:57:30 -05:00
WANG Ziqin
824bd134d4
Fix default value of cgroup_cpu_mount in README 2021-04-03 23:59:35 +08:00
Philip Papurt
32f2287fbb
net: add support for max_conns 2021-02-09 17:13:35 -05:00
Christian Blichmann
910fb5498c
Fix a few typos. 
These were found by external tooling while preparing the Debian package.

* Uknown -> Unknown
* Writting -> Writing
* commited -> committed
* processess -> processes

Signed-off-by: Christian Blichmann <mail@blichmann.eu>
 2020-07-07 14:07:22 +02:00
John Vogel
a6e069f514 README.md: update cgroup_cpu_ms_per_sec 2018-12-22 01:03:34 -05:00
Micky Del Favero
303f7ab7f0 Remove duplicate code 
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
 2018-10-23 22:24:43 +02:00
Wiktor Garbacz
1bb58083c4 use new kafel features in configs and examples 2018-09-06 14:19:01 +02:00
tomj
4096acee3c
README Docker disambiguations 
Disambiguate between nsjail _container_ and _command_ in README for easier reading.

- Being a n00b to this project I feel this makes the onboarding of use with Docker somewhat easier by removing duplicated/overloaded terms.
 2018-09-03 01:39:41 +10:00
John Vogel
37c0b9b37a README.md, nsjail.1: add --stderr_to_null option 2018-07-14 10:20:34 -04:00
Robert Swiecki
a263231ee0 readme 2018-06-12 15:47:32 +02:00
John Vogel
07702cc20b Update docs for options changes 
Add new --iface_own option to docs.
Remove deprecated option from docs.
 2018-06-02 11:02:09 -04:00
Robert Swiecki
b69b4d15cc cmdline: better description for --seccomp_log 2018-05-24 15:21:42 +02:00
John Vogel
006270746d Add new --seccomp_log option to docs 2018-05-23 20:44:31 -04:00
John Vogel
9f318949bd README.md: adjust to match manual page. 2018-02-24 03:08:56 -05:00
Darío Hereñú
2eaa979b5a
Minor fixes (proposal) 2017-12-09 09:05:37 -03:00
John Vogel
8f39ec5436 Adjust documents for clone_newcgroup change. 
Change --enable_clone_newcgroup to --disable_clone_newcgroup.
Add comment about kernel version for clone_newcgroup option.
 2017-10-27 00:33:07 -04:00
YAMAMOTO Masaya
6338c77636 Update documents 2017-10-25 17:56:14 +09:00
Robert Swiecki
0de9c6de94 readme: better cmd-line for docker 2017-09-27 15:20:36 +02:00
Robert Swiecki
3cb0f088e2 readme 2017-08-13 13:05:33 +02:00
Robert Swiecki
4f1a6aead2 index.md 2017-06-19 20:28:48 +02:00
robertswiecki
dbdeba6ea4 Update README.md 2017-06-16 12:00:11 +02:00
robertswiecki
ed2bf6ee28 Update README.md 2017-06-16 11:55:15 +02:00
Yoshisato Yanagisawa
91737713c4 add --privileged to docker command. 
To run this program, you need --privileged for mounting
/tmp/nsjail.root.
 2017-06-02 18:07:32 +09:00
Robert Swiecki
311473d723 Readme 2017-05-29 18:08:23 +02:00
Robert Swiecki
33bc550bed Readm 2017-05-29 18:02:47 +02:00
Robert Swiecki
d92952a02f Readme 2017-05-28 19:07:01 +02:00
Robert Swiecki
6f79ea7a97 Readme 2017-05-28 19:01:53 +02:00
Robert Swiecki
18c5e72018 readme 2017-05-28 00:40:04 +02:00
Robert Swiecki
4ae86ed8a3 readme 2017-05-28 00:17:51 +02:00
Robert Swiecki
e68acd68eb Support envvars on mount path definitions 2017-05-28 00:15:53 +02:00
Robert Swiecki
031ec03331 sandboxed firefox + readme 2017-05-27 21:43:56 +02:00
Robert Swiecki
5aae8d2c00 readme 2017-05-27 20:59:17 +02:00
Robert Swiecki
d05aabe20d readme: more examples 2017-05-27 20:55:29 +02:00
Robert Swiecki
cda4a12870 readme 2017-05-27 20:50:30 +02:00
Robert Swiecki
4e5d5bdb9c readme 2017-05-27 20:50:11 +02:00
Robert Swiecki
e671167b9c new config + readme 2017-05-27 20:47:42 +02:00
Robert Swiecki
eaa5cc401a configs: rename config1.example -> bash-with-fake-geteuid.cfg 2017-05-27 18:46:15 +02:00
Robert Swiecki
a545cfbe70 configs: rename config1.example -> bash-with-fake-geteuid.cfg 2017-05-27 18:45:25 +02:00
Robert Swiecki
63155b4a9a Readme 2017-05-27 02:56:58 +02:00
Robert Swiecki
192cce234f Readme 2017-05-27 02:56:07 +02:00
Robert Swiecki
44be8be0c7 Readme 2017-05-27 02:55:21 +02:00
Robert Swiecki
9b298a29c8 Readme 2017-05-27 02:53:22 +02:00
Robert Swiecki
30d7894bba Readme 2017-05-27 02:50:13 +02:00
Robert Swiecki
fb0e996b70 Readme 2017-05-27 02:49:04 +02:00
Robert Swiecki
155e9b0f4a Readme 2017-05-24 17:15:01 +02:00
Robert Swiecki
6076fde790 readme 2017-05-24 17:13:23 +02:00