woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
722 Commits 2 Branches 0 Tags 1.5 MiB
5c8397860c
Commit Graph

722 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Swiecki
5c8397860c configs: some fixes thanks to the write-up at https://offbyinfinity.com/2017/12/sandboxing-imagemagick-with-nsjail/ 2017-12-05 15:01:27 +01:00
Robert Swiecki
e8e2f4b011 user: correct check for getpwnam/gegrpnam failures 2017-12-02 02:53:32 +01:00
Robert Swiecki
dd0b51eded remove _NSConcreteStackBlock as we don't use defer{} any more 2017-11-20 17:03:06 +01:00
Robert Swiecki
d7bcad2076 nsjail.h: different if guards for TEMP_FAILURE_RETRY 2017-11-08 17:20:57 +01:00
robertswiecki
26d0a278c6
Merge pull request #64 from ebadi/master 
Minor fixes
 2017-11-08 17:16:53 +01:00
Hamid Ebadi
be8fb2ad73 Minor fixes 2017-11-08 16:45:02 +01:00
robertswiecki
9b6759f1a1
Merge pull request #63 from ShikChen/master 
Fix max_conns_per_ip
 2017-11-04 17:52:59 +01:00
shik
9e355cbcfc fix max_conns_per_ip 2017-11-04 22:15:31 +08:00
Robert Swiecki
a07ee95595 cmdline: comment on skip_setsid 2017-11-02 13:13:07 +01:00
Robert Swiecki
e2f96f6019 config.proto: comment on skip_setsid 2017-11-02 13:08:08 +01:00
Robert Swiecki
6dec393fb2 subproc: actually si_syscall don't show syscalls 2017-11-01 14:21:50 +01:00
robertswiecki
27c05b367f
Merge pull request #61 from jvvv/master 
Adjust documents for clone_newcgroup change.
 2017-10-28 23:36:02 +02:00
John Vogel
8f39ec5436 Adjust documents for clone_newcgroup change. 
Change --enable_clone_newcgroup to --disable_clone_newcgroup.
Add comment about kernel version for clone_newcgroup option.
 2017-10-27 00:33:07 -04:00
Robert Swiecki
ca705b4fea Makefile: remove relro,now as it doesn't allow to compile under some archs 2017-10-27 01:53:05 +02:00
Robert Swiecki
55c35f380f mount: add info about mounting /proc 2017-10-26 23:00:15 +02:00
Robert Swiecki
a3c00c7321 subproc: reflow comments 2017-10-26 22:57:14 +02:00
Robert Swiecki
a87cd58bee cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config #2 2017-10-26 16:19:30 +02:00
Robert Swiecki
3734b8801f cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config 2017-10-26 16:16:05 +02:00
Robert Swiecki
805ceb4363 configs/ increas rlimit_nofile for firefox 2017-10-26 02:43:40 +02:00
Robert Swiecki
c04ca63190 mount: const'antize the mountPair struct 2017-10-26 02:29:15 +02:00
Robert Swiecki
2ab64972fd mount: an array of known mount/vfsmount flag pairs 2017-10-26 02:27:18 +02:00
Robert Swiecki
91991fc75e mount: don't reuse flags from statvfs directly for remounting 2017-10-26 02:17:52 +02:00
Robert Swiecki
659bbd1b4a config.proto: reflow field numbering 2017-10-26 00:35:59 +02:00
Robert Swiecki
082b3821bb Makefile/indent: add clang-format for proto 2017-10-26 00:34:32 +02:00
Robert Swiecki
e2529ce04f Makefile/indent: base it on the google template with modifications 2017-10-26 00:26:02 +02:00
Robert Swiecki
5b593d33b4 Update kafel to 33d7970ba0d5a1939371f3448e13ede833b32afd 2017-10-25 16:04:28 +02:00
Robert Swiecki
e309e11f55 cgroup: remove duplicated check for values 2017-10-25 15:57:17 +02:00
Robert Swiecki
697b8698b4 nsjail: make njsconf::cgroup_pids_max unsigned int #2 2017-10-25 15:51:06 +02:00
Robert Swiecki
61727949ca nsjail: make njsconf::cgroup_pids_max unsigned int 2017-10-25 15:50:24 +02:00
Robert Swiecki
a1260e49f3 Use uint64_t instead of __rlim64_t 2017-10-25 15:44:35 +02:00
robertswiecki
9f1639fa9c Merge pull request #58 from pandax381/support-cgroup-net-cls 
Support cgroup net_cls subsystem
 2017-10-25 15:35:35 +02:00
YAMAMOTO Masaya
6338c77636 Update documents 2017-10-25 17:56:14 +09:00
YAMAMOTO Masaya
315b3837b4 Support cgroup net_cls subsystem 2017-10-25 17:15:03 +09:00
Robert Swiecki
3b3ec6c623 mount: don't complain about ability to create mount dirs 2017-10-25 01:45:39 +02:00
Robert Swiecki
6dc0808914 pid: Don't start new ns-init id CLONE_NEWPID is not requested 2017-10-25 01:34:10 +02:00
Robert Swiecki
b6f703629e log: do isatty(log_fd) in log constructor 2017-10-24 16:20:51 +02:00
Robert Swiecki
80f902fc06 subproc: use SIG_SETMASK to unblock all signals 2017-10-20 15:56:32 +02:00
Robert Swiecki
a415506619 configs/busybox: indicate that the busybox must be statically compiled 2017-10-20 14:46:43 +02:00
Robert Swiecki
86f444d00b Merge branch 'master' of ssh://github.com/google/nsjail 2017-10-20 14:44:07 +02:00
Robert Swiecki
d990777261 subproc: unblock all signals before executing a process 2017-10-20 14:43:56 +02:00
Robert Swiecki
ec789a4d64 mount: use NS_DIR_TRUE instead of true in cmdline 2017-10-20 13:02:15 +02:00
Robert Swiecki
7e49be4dc3 mount: try creating starting tmpfs's in /run/user/<uid> first 2017-10-19 22:39:37 +02:00
Robert Swiecki
4152f3ea93 mount: merge string line in log 2017-10-19 15:58:57 +02:00
Robert Swiecki
29ff5e49b5 mount: missing 'return false' if the mount fails 2017-10-19 15:46:31 +02:00
Robert Swiecki
4c5aebf23b nsjail: use CTRL+\ (SIGQUIT) to display active sessions 2017-10-19 15:25:20 +02:00
Robert Swiecki
2687f33a07 use O_CLOEXEC with utilWriteBufToFile wherever possible 2017-10-19 14:56:45 +02:00
Robert Swiecki
94e593eb68 subproc: comments around new proc stack 2017-10-19 13:11:41 +02:00
Robert Swiecki
c33b1c87af subproc: typos 2017-10-19 02:32:55 +02:00
Robert Swiecki
123ef0b46b make indent 2017-10-19 02:24:34 +02:00
robertswiecki
064d024f6d Merge pull request #56 from VCTLabs/stack-alignment 
align stack for child process
 2017-10-19 02:22:08 +02:00