woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
227 Commits 2 Branches 0 Tags 1.5 MiB
551ed4ca05
Commit Graph

63 Commits

Author SHA1 Message Date
Robert Swiecki
1dc33c7bcf Remove defer{} calls 2016-07-29 15:38:22 +02:00
Robert Swiecki
f3b70cc314 Remove -lBlocksRuntime 2016-07-27 14:04:03 +02:00
Robert Swiecki
432c82bb34 Make it a bit more standards friendly 2016-07-21 15:48:47 +02:00
Jagger
4bc5632af4 Report failure of setting fcntl(FD_CLOEXEC) as error 2016-06-20 22:59:29 +02:00
Jagger
827e1a4e7d Init cgroups from parent 2016-06-19 15:50:25 +02:00
Jagger
6223ccebf1 Rudimentary cgroup support 2016-06-19 12:47:28 +02:00
Jagger
da0f4c0695 Better logging for closing(fd) 2016-06-18 11:08:35 +02:00
Jagger
86ddf16279 Implement --pass_fd 2016-06-18 00:46:57 +02:00
Robert Swiecki
3edc8bf4a7 Move PID ns to a separate module 2016-05-13 17:07:44 +02:00
Jagger
a6062dd03a Restart fcntl() 2016-05-09 23:45:56 +02:00
Robert Swiecki
6e25d47eba Cover interruptible syscalls with TEMP_FAILURE_RETRY 2016-05-09 15:16:26 +02:00
Jagger
57a523dd08 Use defer {} instead of DEFER() 2016-04-23 04:22:31 +02:00
Robert Swiecki
3bc8cce90e No need to redirect log fd anymore 2016-03-15 20:42:03 +01:00
Jagger
4ae2c027ac Cleaner impl. of DEFER 2016-03-10 22:56:26 +01:00
Jagger
09e08a2c1f More defers 2016-03-08 22:54:35 +01:00
Robert Swiecki
eb52ab9a2b Move contain fnctions into contain.c 2016-03-08 15:57:09 +01:00
Robert Swiecki
8793dc4c9e Remove caps from the bounding set 2016-03-08 15:10:21 +01:00
Robert Swiecki
9cc41e820f Separate uts.* module 2016-03-03 16:09:25 +01:00
Robert Swiecki
2c1ff531e3 Clearer naming of net functions 2016-03-03 15:43:40 +01:00
Robert Swiecki
e02d4e4edf Separate mount.c module 2016-03-03 15:37:04 +01:00
Robert Swiecki
b89b8cfbc7 Fix common.h includes 2016-03-01 17:03:11 +01:00
Robert Swiecki
b0c5baa45d Comment on statvfs 2016-03-01 16:01:39 +01:00
Robert Swiecki
60ece3a192 Typo 2016-03-01 15:38:58 +01:00
Robert Swiecki
cc987ec775 Add locked mount flags during remounting 2016-03-01 15:36:32 +01:00
Robert Swiecki
f258316f5e More specific error message for EACCES during mount() 2016-03-01 15:02:33 +01:00
Robert Swiecki
114ce7e976 Make it possible to compile with clang 2016-02-29 19:09:39 +01:00
Jagger
d2f47fff92 Add network configuration for the 'vs' interface 2016-02-29 02:51:55 +01:00
Jagger
43983cbb17 Add --iface_lo_up 2016-02-29 00:14:36 +01:00
Jagger
fb8eb88410 No need to update /proc/pid/setgroups if euid==0 2016-02-28 02:41:57 +01:00
Jagger
8d641169e3 Initialize user/group maps from the parent process 2016-02-28 02:34:43 +01:00
Jagger
ad4b0105a7 No need to add (default:none) in cmdline 2016-02-28 01:52:09 +01:00
Robert Swiecki
4ec7c12c99 Add MS_REC to MS_RDONLY 2016-02-25 18:27:42 +01:00
Robert Swiecki
87829e3f6e Implement --skip_setsid 2016-01-25 18:09:32 +01:00
Jagger
d36deb5d0d Use --user x:y notation (not working yet) 2016-01-23 07:05:24 +01:00
Robert Swiecki
307a6f0257 Create a file/dir inside jail beforemounting 2016-01-14 15:44:29 +01:00
Jagger
2765e58c4e Use TAILQ instead of LIST to insert new mount entries at the end 2016-01-09 16:09:05 +01:00
Robert Swiecki
88e796e004 Set a separate session/process_group 2015-11-24 18:34:05 +01:00
Jamy Timmermans
bd5ed5ac63 Fix dereference in cwd option 2015-11-07 06:11:55 -06:00
Jamy Timmermans
93abc40dde Add a cwd option 
This way the process being spawned can be in a directory if the
spawner’s choosing (as ling as it’s available in the chroot)
 2015-11-07 13:01:44 +01:00
Jagger
5f5e496179 Make it compile with -m32 2015-10-18 20:47:44 +02:00
Jagger
558ede7dfe Make __user_cap_data_struct const 2015-10-18 20:39:06 +02:00
Jagger
49faea78b0 Use 0x%tx for uintptr_t 2015-10-17 19:14:57 +02:00
Jagger
59cedfe10f Use just a single list for mount-points (RO, RW, chroot) 2015-10-17 16:48:30 +02:00
Robert Swiecki
5202a7fc07 Use rlimit64 2015-10-13 19:06:59 +02:00
Jagger
3c9c63b608 In case there's no CLONE_NEWNS, just chroot() 2015-08-16 10:55:14 +02:00
Jagger
cbb64d571d Make --disable_proc work 2015-08-15 20:48:48 +02:00
Jagger
da4fc22eab indent 100 2015-08-15 20:10:07 +02:00
Jagger
701825970a Implementation of MODE_STANDALONE_EXECVE 2015-08-15 16:02:38 +02:00
Jagger
04fa1e9c1f More verbose error messages for mounting files/dirs 2015-08-12 01:17:54 +02:00
Jagger
07df4307f5 Move tmpfs mounting before pivot_chroot 2015-08-12 00:58:26 +02:00