woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
285 Commits 2 Branches 0 Tags 1.5 MiB
74010d0c45
Commit Graph

81 Commits

Author SHA1 Message Date
Sam Clegg
74010d0c45 Exit with non-zero status on bad command line option 2017-02-15 17:23:55 -08:00
Robert Swiecki
478d2b3789 cmdline: provide both -v/verbose and -q/quiet for logging 2017-02-14 21:54:02 +01:00
Robert Swiecki
9f832aa35a Uid/Gid fix 2017-02-08 00:42:23 +01:00
Robert Swiecki
4a154733e0 Allow to specify multiple uid/gid maps 2017-02-08 00:36:32 +01:00
Robert Swiecki
a0cc72aa5c cmdline: typo 2017-01-28 14:25:09 +01:00
Robert Swiecki
c9847562dd Less use of USE_KAFEL 2016-10-17 18:17:08 +02:00
Robert Swiecki
238df2ed87 Missing USE_KAFEL defines 2016-10-17 18:09:05 +02:00
Robert Swiecki
950c91e4dd Allow to use kafel_string 2016-10-12 03:52:08 +02:00
Robert Swiecki
df38185c6f Slight rework of kafel use 2016-10-12 03:15:33 +02:00
Robert Swiecki
a30e2f107c Make indent 2016-10-12 00:59:10 +02:00
Stephen Röttger
f4d43e3336 New option pivot_root_only to support nested namespaces 
If pivot_root_only is setthe chroot in the job setup will be skipped.
 2016-09-30 16:30:59 +02:00
robertswiecki
f995ff9475 Merge pull request #9 from sroettger/newuidmap 
Support more complex uid and gid mappings
 2016-09-30 16:03:33 +02:00
Stephen Röttger
1c950391a1 Support more complex uid and gid mappings 
Introduces the new options uid_mapping and gid_mapping that specify
arbitrary custom mappings. If these options are used, nsjail will
use newuidmap/newgidmap to write the map files.
 2016-09-30 15:30:15 +02:00
robertswiecki
8a63a24981 Merge pull request #8 from sroettger/no_no_new_privs 
new flag to skip no_new_privs: --disable_no_new_privs
 2016-09-30 15:27:07 +02:00
Stephen Röttger
6501357f98 new flag to skip no_new_privs: --disable_no_new_privs 2016-09-30 15:23:04 +02:00
Jagger
06e353a8e1 seccomp_policy cmdline 2016-09-30 11:57:11 +02:00
Wiktor Garbacz
551ed4ca05 Kafel support 2016-09-29 16:22:09 +02:00
Jagger
1d9b33b06b Make MODE_STANDALONE_ONCE the default mode 2016-08-18 21:31:07 +02:00
Jagger
a00f5a6424 Dont mount /proc as RO 2016-08-16 22:42:15 +02:00
Jagger
88ce7d240a Default chroot is empty now 2016-08-16 22:07:44 +02:00
Robert Swiecki
432c82bb34 Make it a bit more standards friendly 2016-07-21 15:48:47 +02:00
Jagger
1a9de4ef91 cmdline help 2016-06-19 19:21:45 +02:00
Jagger
3e91d44145 Use cgroups_mem_max to enable memory limits 2016-06-19 18:12:15 +02:00
Jagger
827e1a4e7d Init cgroups from parent 2016-06-19 15:50:25 +02:00
Jagger
c93d926189 Create sub-cgroups instead of using the parent one 2016-06-19 14:58:18 +02:00
Jagger
e3a351b335 More memory cgroup controls 2016-06-19 13:54:36 +02:00
Jagger
a1f0ec7925 Support for CLONE_NEWCGROUP 2016-06-19 11:55:55 +02:00
Jagger
df97c0fe74 Use NULL as src for mounting proc and tmpfs 2016-06-19 01:35:06 +02:00
Jagger
2e523ae4b8 /proc is ro by defauly 2016-06-19 01:05:31 +02:00
Jagger
53d8e16a01 cmdline typos 2016-06-18 01:24:57 +02:00
Jagger
86ddf16279 Implement --pass_fd 2016-06-18 00:46:57 +02:00
Robert Swiecki
0339d0497f Description for -Me 2016-05-10 15:54:10 +02:00
Jagger
19c9598631 Use examples 2016-05-10 00:54:25 +02:00
Jagger
99ca4c5df2 isprint misbehaves with some glibc versions 2016-05-05 03:53:53 +02:00
Jagger
8f68fab29c --bindhost help 2016-03-11 02:57:02 +01:00
Jagger
75f96e4ca8 cmdline: [val] -> VALUE 2016-03-10 01:33:58 +01:00
Jagger
a71371e327 Check for gcc in Makefile 2016-03-09 00:56:20 +01:00
Jagger
22f6e31e89 Make nsjconf initialization from const struct 2016-03-02 02:35:38 +01:00
Jagger
e35b345163 Support for --chroot "" 2016-03-02 02:30:30 +01:00
Robert Swiecki
b89b8cfbc7 Fix common.h includes 2016-03-01 17:03:11 +01:00
Robert Swiecki
cc987ec775 Add locked mount flags during remounting 2016-03-01 15:36:32 +01:00
Jagger
6c5c80256d Make valgrind silent 2016-02-29 22:22:03 +01:00
Robert Swiecki
296ef302e4 Better cmdline descriptions 2016-02-29 20:20:38 +01:00
Robert Swiecki
af6a6bb2dc Don't initialize the 'vs' interface by default 2016-02-29 17:50:25 +01:00
Robert Swiecki
872a561b4c Better description for --user / --group 2016-02-29 15:47:33 +01:00
Robert Swiecki
4cb1c01938 Default values for 'vs' interface 2016-02-29 15:36:31 +01:00
Jagger
e4ac7f411c Default net values for 'vs' 2016-02-29 02:59:59 +01:00
Jagger
d2f47fff92 Add network configuration for the 'vs' interface 2016-02-29 02:51:55 +01:00
Jagger
43983cbb17 Add --iface_lo_up 2016-02-29 00:14:36 +01:00
Jagger
6218fe2336 Implementation of netSystemSbinIp 2016-02-28 23:40:34 +01:00