woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
595 Commits 2 Branches 0 Tags 1.5 MiB
5c3963e9a2
Commit Graph

595 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Swiecki
4f1a6aead2 index.md 2017-06-19 20:28:48 +02:00
Robert Swiecki
ed2bb8a46a cpu: warning about no of cpus 2017-06-19 19:11:53 +02:00
Robert Swiecki
e7b3be206a Print remote IP when removing task from pool 2017-06-19 18:53:29 +02:00
Robert Swiecki
ee60565462 cpu: free cpu mask 2017-06-19 17:07:50 +02:00
Robert Swiecki
ceaed43133 config: implement max_cpu_num in PB 2017-06-19 17:05:01 +02:00
Robert Swiecki
0e7393cccf cmdline: implement affinity setting, to limit jailed process to n max cpus 2017-06-19 17:01:50 +02:00
robertswiecki
dbdeba6ea4 Update README.md 2017-06-16 12:00:11 +02:00
robertswiecki
ed2bf6ee28 Update README.md 2017-06-16 11:55:15 +02:00
Robert Swiecki
54da7fca11 -Me: set PR_SET_DUMPABLE,0 for the init 2017-06-14 02:21:53 +02:00
Robert Swiecki
b67ea2272f Me mode: make init reap zombie processes 2017-06-14 02:19:03 +02:00
Robert Swiecki
4c9c70e763 Merge branch 'master' of ssh://github.com/google/nsjail 2017-06-14 02:15:19 +02:00
Robert Swiecki
5f56fe5b8f Me mode: make init reap zombie processes 2017-06-14 02:15:11 +02:00
robertswiecki
7812e3597a Merge pull request #25 from cstrouse/dockerfile-enhancements 
Refactor using current official Dockerfile best practices
 2017-06-13 17:06:47 +02:00
Casey Strouse
76c7a23e65 Refactor using current official Dockerfile best practices 
Implement best practices for Dockerfiles as per the official
documentation:
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/

Reduces image size from 451.6MB to 404.9MB.
 2017-06-12 19:50:55 -07:00
Robert Swiecki
1dd3223b74 iface -> iface_vs 2017-06-12 22:20:21 +02:00
Robert Swiecki
88d8570843 configs/bash: set argv[0] 2017-06-12 02:16:27 +02:00
Robert Swiecki
f203669d25 config: give ability to override argv[0] 2017-06-12 02:14:18 +02:00
Robert Swiecki
3e30c8e4d2 config.proto: clang-format 2017-06-12 02:08:16 +02:00
Robert Swiecki
63e4059f7a Slight fixes to log_fd 2017-06-12 00:27:27 +02:00
robertswiecki
d20f53e333 Merge pull request #24 from rfw/master 
Add an extra log_fd argument to specify an FD to log to.
 2017-06-12 00:22:13 +02:00
Tony Young
c55dc8cb12 Add an extra log_fd argument to specify an FD to log to. 
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
 2017-06-11 22:12:18 +00:00
Robert Swiecki
a55ff63861 make indent 2017-06-11 01:34:20 +02:00
Robert Swiecki
b5d3bf64cb contain: use open('abc', O_DIRECTORY|O_CLOEXEC) instead of opendir() 2017-06-09 14:40:44 +02:00
Robert Swiecki
6e21eaa0da subproc: comments 2017-06-09 14:34:01 +02:00
robertswiecki
fbf5b76ef8 Merge pull request #22 from rfw/master 
Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd.
 2017-06-09 13:55:22 +02:00
Tony Young
d0261d281d Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd. 2017-06-09 00:00:12 +00:00
robertswiecki
6937798743 Merge pull request #21 from yoshisatoyanagisawa/fix_dockerfile 
Fix Dockerfile to make it built with current Makefile.
 2017-06-02 14:31:05 +02:00
Yoshisato Yanagisawa
91737713c4 add --privileged to docker command. 
To run this program, you need --privileged for mounting
/tmp/nsjail.root.
 2017-06-02 18:07:32 +09:00
Yoshisato Yanagisawa
611a17f96f Fix Dockerfile to make it built with current Makefile. 2017-06-02 14:54:55 +09:00
Robert Swiecki
24002c606d configs/home-documents-with-xorg-no-net: add /dev/null 2017-05-29 19:24:14 +02:00
Robert Swiecki
35be622f80 configs:configs/home-documents-with-xorg-no-net Xorg socket as R/W 2017-05-29 19:03:37 +02:00
Robert Swiecki
311473d723 Readme 2017-05-29 18:08:23 +02:00
Robert Swiecki
4cd3b29cb6 Merge branch 'master' of github.com:google/nsjail 2017-05-29 18:02:58 +02:00
Robert Swiecki
33bc550bed Readm 2017-05-29 18:02:47 +02:00
Robert Swiecki
1e2d1b8a2b Makefile: clean removes pb-c generated files 2017-05-29 17:00:19 +02:00
Robert Swiecki
593943ec3a configs/bash-with-fake-geteuid: block ptrace, fix description 2017-05-29 16:57:04 +02:00
Robert Swiecki
9519f1038b mount: introduce mountDescribeMountPt 2017-05-29 16:52:24 +02:00
Robert Swiecki
aeb2e998b8 mount: mount src_content files from other tmpfs, to avoid shadowing / of the root tmpfs with some other FS 2017-05-29 16:39:08 +02:00
Robert Swiecki
cae0c4a7f5 Makefile: make compiling with libprotobuf-c more robust under different systems 2017-05-29 16:22:31 +02:00
Robert Swiecki
9e288fb6dc Better compilation rules for protobuf-c-text 2017-05-29 15:29:21 +02:00
Robert Swiecki
ca245f9cdb configs: typo 2017-05-29 15:01:34 +02:00
Robert Swiecki
f84d20632d mount: remove tmp file after use 2017-05-29 04:50:29 +02:00
Robert Swiecki
6380474301 Simplify mountMount 2017-05-29 03:29:14 +02:00
Robert Swiecki
0271586e81 Get rid of pivot_root_only - achieve the same in different way 2017-05-29 03:11:32 +02:00
Robert Swiecki
ec2a414442 Makefile: simplify kafel and protobuf-c-text building rules 2017-05-29 00:29:52 +02:00
Robert Swiecki
3e99703df2 Makefile: Use -fPIC when compiling protobuf-c-text 2017-05-28 19:57:25 +02:00
Robert Swiecki
6085e898cf Makefile: autogen.sh protobuf-c-text once only 2017-05-28 19:30:34 +02:00
Robert Swiecki
285412c4dd configs/bash-with-fake-geteuid set home 2017-05-28 19:22:03 +02:00
Robert Swiecki
9dcb84572d configs/bash-with-fake-geteuid skip_setsid for job control 2017-05-28 19:21:22 +02:00
Robert Swiecki
785852ac22 configs/bash-with-fake-geteuid fancier PS1 2017-05-28 19:20:25 +02:00