Robert Swiecki
9aee3dd831
Make logs more efficient by avoiding argument evaluation for LOG* if
...
it's not needed at the current level
2022-08-05 08:42:37 +02:00
Patrick Steinhardt
df21a972b6
nsjail: Optionally forward fatal signals
...
Currently, we always kill children by sending them a SIGKILL signal in
case we've got a fatal signal. This is rather inflexible and forbids
some usecases where e.g. child process listen for specific signals to
shut down gracefully.
Add a new command configuration `--forward_signals` that allows the user
to opt-in to forwarding fatal signals to the child process.
2022-06-05 19:38:32 +02:00
Robert Swiecki
6483728e24
config: better config parsing debugging
2022-03-15 00:44:33 +01:00
Michał Kowalczyk
16b4416d75
Add disable_tsc
option
...
Implemented via prctl(PR_SET_TSC, PR_TSC_SIGSEGV, ...).
2022-02-17 23:53:13 +01:00
Philip
bf93e8a25d
cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max
2021-11-01 10:28:41 +01:00
Johan Kartiwa
29a556068a
Add support for setting cgroup memory.memsw.limit_in_bytes
2021-10-11 15:46:36 +02:00
Wiktor Garbacz
95e112cf41
Fix formatting
2021-08-03 17:46:08 +02:00
Wiktor Garbacz
4136dd50d8
Merge branch 'use_switchroot'
2021-08-03 17:44:57 +02:00
Eli Zrihen
b83d6f7421
Renaming use_switchroot option with no_pivotroot
2021-07-20 15:45:58 +03:00
Eli Zrihen
9f4b4f41e7
Consistentency with RLIMIT_* constant name
2021-07-20 15:20:47 +03:00
Eli Zrihen
0f903ba9a0
Added rt, memlock & msgq limits
2021-07-19 17:21:34 +03:00
Eli Zrihen
dab1713ac9
Added use_switchroot option
2021-06-17 14:57:01 +03:00
Eli Zrihen
5c8b3835b7
MACVLAN modes support
2021-06-16 16:59:12 +03:00
Robert Swiecki
056809ed3b
Initial support for CLONE_NEWTIME
2021-05-11 14:48:45 +02:00
Philip Papurt
32f2287fbb
net: add support for max_conns
2021-02-09 17:13:35 -05:00
Robert Swiecki
a2d5b07c76
config: remove deprecated config options
2020-07-09 17:28:56 +02:00
Christian Blichmann
910fb5498c
Fix a few typos.
...
These were found by external tooling while preparing the Debian package.
* Uknown -> Unknown
* Writting -> Writing
* commited -> committed
* processess -> processes
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-07-07 14:07:22 +02:00
Robert Swiecki
b3d544d155
config: simplify log/logfd setting
2019-10-02 19:43:58 +02:00
Jay Lees
86293b052e
Add flag to disable rlimits
2019-08-05 03:25:22 -07:00
Jay Lees
08f62b6f76
[cgroup-v2] support cgroup v2 for mem, cpu and pids
2019-07-26 07:02:17 -07:00
Robert Swiecki
494a5f63cd
Add nice_level to cmd-line/config options
2019-06-30 21:50:56 +02:00
Robert Swiecki
317555b687
user: don't fail on setgroup() if not groups were specified
2019-06-28 13:31:43 +02:00
Robert Swiecki
83a28cd0d3
use TEMP_FAILURE_RETRY with some restartable funcs
2019-04-17 23:10:18 +02:00
Robert Swiecki
2b1bad6b5b
cmdline: allow to override config cmdline with cmdline cmdline
2019-03-30 16:10:14 +01:00
Robert Swiecki
c7dd18c612
cmdline: add ability to passthrough current envvars
2018-10-28 17:15:55 +01:00
Micky Del Favero
233a7296fe
Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.
...
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
2018-10-23 15:05:50 +02:00
Robert Swiecki
ef94c3cc6b
config: correct way of setting pass_fd
2018-07-31 22:52:03 +02:00
Wiktor Garbacz
ba14675185
mnt: added nosuid/nodev/noexec flags to config
...
Closes #70
2018-07-27 11:29:15 +02:00
Wiktor Garbacz
1923d6af04
conifg: parse cgroup_cpu settings
...
Fixes #87
2018-07-24 15:20:44 +02:00
Robert Swiecki
272a85477a
config: Implement --stderr_to_null
2018-06-25 03:12:27 +02:00
Robert Swiecki
e8e6c1b906
make indent depend
2018-06-07 18:37:17 +02:00
Robert Swiecki
04627982d0
logs: use log file/level immediately
2018-06-07 16:51:50 +02:00
Robert Swiecki
111481532b
config: add --iface_own to the proto config
2018-06-03 03:19:40 +02:00
Robert Swiecki
48e8634ba5
config: add support for seccomp_log
2018-05-23 15:38:45 +02:00
Robert Swiecki
8a22a4abb6
convert exec file and argv to string/vector
2018-02-12 16:52:05 +01:00
Robert Swiecki
810394cf16
switc all == false cmps to !
2018-02-12 15:17:33 +01:00
Robert Swiecki
f77a177340
config: remove unnecessary c_str()
2018-02-12 04:21:35 +01:00
Robert Swiecki
1f24e3a900
move sandboxing setup from cmdline to nsjail
2018-02-12 03:11:58 +01:00
Robert Swiecki
5a35f00e28
mnt: move mnt_t to std::string
2018-02-11 23:44:43 +01:00
Robert Swiecki
f1a6b08962
cmdline: simplify string splitting
2018-02-11 14:56:30 +01:00
Robert Swiecki
b7f0acb021
util: remove unused functions
2018-02-10 23:54:36 +01:00
Robert Swiecki
7a55ffb3a6
sandbox: convert kafel file/string as std::string
2018-02-10 23:46:15 +01:00
Robert Swiecki
de3f1371f0
convert proc_path to std::string
2018-02-10 20:16:17 +01:00
Robert Swiecki
c9e4e9d0c2
config: rename macro
2018-02-10 18:27:24 +01:00
Robert Swiecki
b691b8796c
nsjail: iface_no_lo -> iface_lo
2018-02-10 18:22:51 +01:00
Robert Swiecki
97278f191b
log: rename log to logs due to clash with glibc's log
2018-02-10 17:49:15 +01:00
Robert Swiecki
4494deffa7
omit keyword 'struct'
2018-02-10 15:50:12 +01:00
Robert Swiecki
1761ed4fdc
move common.h to macros.h
2018-02-10 05:25:55 +01:00
Robert Swiecki
c34b52ab78
nsjail: convert a couple of struct fields to std::string
2018-02-10 04:10:18 +01:00
Robert Swiecki
9399373ee7
nsjail: envs to vector of strings
2018-02-09 23:04:57 +01:00