woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,156 Commits 2 Branches 0 Tags 1.5 MiB
57ed22dfdf
Commit Graph

46 Commits

Author SHA1 Message Date
Robert Swiecki
57ed22dfdf make indent 2022-06-11 12:08:50 +02:00
Patrick Steinhardt
df21a972b6 nsjail: Optionally forward fatal signals 
Currently, we always kill children by sending them a SIGKILL signal in
case we've got a fatal signal. This is rather inflexible and forbids
some usecases where e.g. child process listen for specific signals to
shut down gracefully.

Add a new command configuration `--forward_signals` that allows the user
to opt-in to forwarding fatal signals to the child process.
 2022-06-05 19:38:32 +02:00
Patrick Steinhardt
a517934aba subproc: Allow killing subprocesses with different signal 
`subproc::killAndReapAll()` is always killing the child process with the
SIGKILL signal. We're about to make this configurable though so that we
may optionally forward signals received by nsjail to the child process.

Add a new parameter to `killAndReapAll()` to prepare for this change.
 2022-06-05 19:36:50 +02:00
Robert Swiecki
d3ba64756d nsjail: don't add connections to the proxy map if launching a new process failed 2020-08-30 23:22:22 +02:00
Robert Swiecki
608618ea7b subproc: kill a process once in the -Ml mode once the TCP connection has ended 2020-08-30 22:02:08 +02:00
Robert Swiecki
fc02a3911c make indent 2020-08-26 16:09:55 +02:00
borysp
55330be3cc Fix compilation errors on old gcc (5.4.0) 2020-07-29 15:18:10 +02:00
Robert Swiecki
a378ca0e96 nsjail: don't change cwd during daemon() 2020-04-21 11:25:06 +02:00
Wiktor Garbacz
6eaed88530 Fix format specifier for size_t 2020-03-27 10:19:40 +01:00
Robert Swiecki
6912a2401f make indent 2020-02-17 20:33:45 +01:00
Wiktor Garbacz
a47123b8a7 fix POLLNVAL in pipeTraffic 2020-02-17 15:57:13 +01:00
Wiktor Garbacz
5c61521295 fix infinite loop in pipeTraffic 2020-02-17 14:40:35 +01:00
Robert Swiecki
2cf562160d nsjail/pid/subproc: a). keep childrens' PIDs in a map indexed by pid b). correctly fetch remote IPv6 address text 2020-02-16 22:34:19 +01:00
Wiktor Garbacz
273ce6bc84 pipe socket traffic in and out of sandboxee 2020-02-14 17:07:14 +01:00
Robert Swiecki
2c648d5879 nsjail: don't restore console if nsjail runs in background 2019-10-04 00:33:29 +02:00
Robert Swiecki
3a69090a89 nsjail: remove warning about CLONE_NEWUSER 2019-03-29 21:42:05 +01:00
Robert Swiecki
46f463a62c flush stdin after nsjail ends 2019-03-10 15:00:45 +01:00
Wiktor Garbacz
bb4e77686d subproc: reap processes after killing 
Always try to release resources if possible.

Fixes #69
 2018-07-27 13:33:39 +02:00
Robert Swiecki
bfd7f1ec78 nsjail: clearer new_proc/reap_proc loop 2018-07-24 00:23:44 +02:00
Robert Swiecki
4c87531bcc Don't re-run process if previous execution failed 2018-07-23 17:13:17 +02:00
Robert Swiecki
fbf484f933 nsjail: more debug messages 2018-05-28 02:04:03 +02:00
Robert Swiecki
ff63b2ed4f nsjail: better return values 2018-05-28 01:40:02 +02:00
Robert Swiecki
5643e790fc nsjail: make listenMode return int 2018-05-26 01:24:58 +02:00
Robert Swiecki
5b7cfc7f00 namespace'ize nsjail.cc 2018-05-25 02:15:47 +02:00
Robert Swiecki
b55875f45e nsjail: change the owner of struct termios 2018-05-25 02:05:12 +02:00
Robert Swiecki
0b8e927aed nsjail: save console just before we're prepared to run commands 2018-05-25 01:06:05 +02:00
Robert Swiecki
2470635c7c nsjail: save and restore console params 2018-05-25 01:04:29 +02:00
Robert Swiecki
c365eb1766 More c++ isms 2018-05-22 14:27:18 +02:00
Robert Swiecki
3ee8555b07 cmdline: create specific funcs for argv and mnt setups 2018-02-17 03:14:54 +01:00
Robert Swiecki
dc5e6676a7 nsjail: ignore SIGTTIN/SIGTTOU 2018-02-15 01:33:33 +01:00
Robert Swiecki
11195999a3 rename ARRAYSIZE to ARR_SZ due to clash with protobufs headers 2018-02-13 16:53:45 +01:00
Robert Swiecki
f8d0e5fda1 cmdline: correctly assign argv to nsjconf->argv 2018-02-12 17:31:45 +01:00
Robert Swiecki
2545fcd3a9 nsjail: free seccomp filter upon nsjail exit 2018-02-12 17:09:45 +01:00
Robert Swiecki
810394cf16 switc all == false cmps to ! 2018-02-12 15:17:33 +01:00
Robert Swiecki
1f24e3a900 move sandboxing setup from cmdline to nsjail 2018-02-12 03:11:58 +01:00
Robert Swiecki
7a55ffb3a6 sandbox: convert kafel file/string as std::string 2018-02-10 23:46:15 +01:00
Robert Swiecki
f2a52533be convert some funcs returning pointers to to TLS to std::string 2018-02-10 21:19:47 +01:00
Robert Swiecki
97278f191b log: rename log to logs due to clash with glibc's log 2018-02-10 17:49:15 +01:00
Robert Swiecki
4494deffa7 omit keyword 'struct' 2018-02-10 15:50:12 +01:00
Robert Swiecki
1761ed4fdc move common.h to macros.h 2018-02-10 05:25:55 +01:00
Robert Swiecki
7f72cbd497 all: move to C++ 2018-02-09 18:55:42 +01:00
Robert Swiecki
a6c34999f2 util: move to C++ 2018-02-09 18:45:50 +01:00
Robert Swiecki
cb6222abdf net: move to C++ 2018-02-09 17:27:28 +01:00
Robert Swiecki
a2daa94722 subproc: move to C++ 2018-02-09 17:03:02 +01:00
Robert Swiecki
840b75025c cmdline: move to C++ 2018-02-09 15:44:29 +01:00
Robert Swiecki
0a311af2ad nsjail: make nsjail.c nsjail.cc 2018-02-08 15:24:17 +01:00