woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,000 Commits 2 Branches 0 Tags 1.5 MiB
494a5f63cd
Commit Graph

52 Commits

Author SHA1 Message Date
Robert Swiecki
494a5f63cd Add nice_level to cmd-line/config options 2019-06-30 21:50:56 +02:00
Robert Swiecki
a2dacef5d7 allow to use nsjail w/o namespaces 2019-03-29 21:38:14 +01:00
Wiktor Garbacz
7fe87b41c7 code formatting 2018-10-24 10:31:14 +02:00
Micky Del Favero
233a7296fe Added --macvlan_vs_ma switch to be able to set macvlan's mac-address. 
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
 2018-10-23 15:05:50 +02:00
Robert Swiecki
5bf23a0e58 cmdline: more stderr_to_null closer to is_silent 2018-06-25 04:10:42 +02:00
Robert Swiecki
272a85477a config: Implement --stderr_to_null 2018-06-25 03:12:27 +02:00
Robert Swiecki
04627982d0 logs: use log file/level immediately 2018-06-07 16:51:50 +02:00
Robert Swiecki
7d57fc81be cmdline: add iface_own to take ownership of one of the global interfaces 2018-05-30 15:26:09 +02:00
Robert Swiecki
b8798fc9a7 use strtoimax when needed 2018-05-26 13:54:17 +02:00
Robert Swiecki
4394fa725e sandbox: add support for SECCOMP_FILTER_FLAG_LOG 2018-05-23 15:32:45 +02:00
Robert Swiecki
864b7fc718 cmdline: remove tmpfs_size from nsjconf_t 2018-02-18 02:47:46 +01:00
Robert Swiecki
dc5e6676a7 nsjail: ignore SIGTTIN/SIGTTOU 2018-02-15 01:33:33 +01:00
Robert Swiecki
8a22a4abb6 convert exec file and argv to string/vector 2018-02-12 16:52:05 +01:00
Robert Swiecki
5a35f00e28 mnt: move mnt_t to std::string 2018-02-11 23:44:43 +01:00
Robert Swiecki
7b9178f5d7 make indent depend 2018-02-11 04:02:43 +01:00
Robert Swiecki
d875f23ae0 cgroup: switch const char* to std::string 2018-02-11 03:39:07 +01:00
Robert Swiecki
55e8e09c4a net: convert net::connToText to std::string 2018-02-11 00:17:44 +01:00
Robert Swiecki
7a55ffb3a6 sandbox: convert kafel file/string as std::string 2018-02-10 23:46:15 +01:00
Robert Swiecki
de3f1371f0 convert proc_path to std::string 2018-02-10 20:16:17 +01:00
Robert Swiecki
b691b8796c nsjail: iface_no_lo -> iface_lo 2018-02-10 18:22:51 +01:00
Robert Swiecki
7bddb40d87 net: move all iface_vs* options from char* to std::string 2018-02-10 18:18:40 +01:00
Robert Swiecki
97278f191b log: rename log to logs due to clash with glibc's log 2018-02-10 17:49:15 +01:00
Robert Swiecki
ecd4c32d9a mnt: replace sys/queue with std::vector 2018-02-10 14:38:01 +01:00
Robert Swiecki
1761ed4fdc move common.h to macros.h 2018-02-10 05:25:55 +01:00
Robert Swiecki
381e6a1af7 nsjail: move pids queue to a vector 2018-02-10 05:13:25 +01:00
Robert Swiecki
c34b52ab78 nsjail: convert a couple of struct fields to std::string 2018-02-10 04:10:18 +01:00
Robert Swiecki
93005ef03d nsjail: convert gids/uids to vector of structs 2018-02-10 00:37:23 +01:00
Robert Swiecki
9399373ee7 nsjail: envs to vector of strings 2018-02-09 23:04:57 +01:00
Robert Swiecki
63eb13ecde nsjail: move openfd from queue to vector 2018-02-09 22:47:00 +01:00
Robert Swiecki
d1d310e70f nsjail: convert caps from queue to vector 2018-02-09 22:35:33 +01:00
Robert Swiecki
7f72cbd497 all: move to C++ 2018-02-09 18:55:42 +01:00
Robert Swiecki
0a311af2ad nsjail: make nsjail.c nsjail.cc 2018-02-08 15:24:17 +01:00
Robert Swiecki
3ee825c4aa cgroups: add support for CPU cgroup 2018-02-04 04:15:19 +01:00
Robert Swiecki
19ea0703f2 sandbox: compile seccomp-bpf policy once only 2018-02-01 14:19:01 +01:00
Robert Swiecki
354c5ae47b open kafel file in each kafel subproc individually to avoid file pos sharing 2018-01-31 16:04:39 +01:00
Robert Swiecki
d7bcad2076 nsjail.h: different if guards for TEMP_FAILURE_RETRY 2017-11-08 17:20:57 +01:00
Hamid Ebadi
be8fb2ad73 Minor fixes 2017-11-08 16:45:02 +01:00
Robert Swiecki
e2529ce04f Makefile/indent: base it on the google template with modifications 2017-10-26 00:26:02 +02:00
Robert Swiecki
61727949ca nsjail: make njsconf::cgroup_pids_max unsigned int 2017-10-25 15:50:24 +02:00
Robert Swiecki
a1260e49f3 Use uint64_t instead of __rlim64_t 2017-10-25 15:44:35 +02:00
YAMAMOTO Masaya
315b3837b4 Support cgroup net_cls subsystem 2017-10-25 17:15:03 +09:00
Robert Swiecki
7e49be4dc3 mount: try creating starting tmpfs's in /run/user/<uid> first 2017-10-19 22:39:37 +02:00
Robert Swiecki
4c5aebf23b nsjail: use CTRL+\ (SIGQUIT) to display active sessions 2017-10-19 15:25:20 +02:00
Robert Swiecki
9c2f19b972 cmdline: add option --execute_fd and support for it, in order to use execveat() 2017-10-18 17:57:52 +02:00
Robert Swiecki
58d6b3075c Move struct nsjail_t definition to nsjail.h and leave only macros in common.h 2017-10-18 14:27:34 +02:00
Robert Swiecki
1b4577e53f subproc: clear signal handlers in the child process 2017-10-18 12:33:24 +02:00
Robert Swiecki
74b43346bd make indent 2017-10-08 23:00:45 +02:00
Jagger
eff4796c95 Correct (non-resrved) header guards 2016-03-11 02:45:43 +01:00
Robert Swiecki
b89b8cfbc7 Fix common.h includes 2016-03-01 17:03:11 +01:00
Jagger
c3298d0019 Remove _FORTIFY_SOURCE=2 2016-01-22 00:11:31 +01:00