Robert Swiecki
2ca90bf208
configs/: indent
2019-10-29 01:40:52 +01:00
Robert Swiecki
a78019993f
configs/znc: remove a problematic quote
2019-10-04 00:35:36 +02:00
Robert Swiecki
2c648d5879
nsjail: don't restore console if nsjail runs in background
2019-10-04 00:33:29 +02:00
Robert Swiecki
b3d544d155
config: simplify log/logfd setting
2019-10-02 19:43:58 +02:00
Robert Swiecki
0b12cedc01
configs: new config for znc - remove log_fd
2019-10-02 08:28:23 +02:00
Robert Swiecki
af9d4294d9
configs: new config for znc
2019-10-01 08:27:17 +02:00
Robert Swiecki
64275d1417
configs/xchat: daemonize by default
2019-09-28 23:00:21 +02:00
Robert Swiecki
8fd94f817a
Merge branch 'master' of ssh://github.com/google/nsjail
2019-09-12 22:22:04 +02:00
Robert Swiecki
9f064737de
user: better formatting directives for printf'like functions
2019-09-12 22:21:49 +02:00
robertswiecki
ba90b12234
Merge pull request #123 from LMMilewski/master
...
Fix typo in config.proto: s/lofs/logs/
2019-09-07 02:04:39 +02:00
Lukasz Milewski
0bc575063b
Fix typo in config.proto: s/lofs/logs/
2019-09-06 15:08:30 -07:00
Robert Swiecki
3612c2a0b8
Merge branch 'master' of github.com:google/nsjail
2019-09-02 16:10:28 +02:00
Robert Swiecki
0773b75900
subproc: fix invalid conversions from util::syscall to syscall
2019-09-02 16:10:19 +02:00
Robert Swiecki
41305fdc4d
mnt: shorter description of mount points
2019-08-31 22:08:02 +02:00
Robert Swiecki
e2c5c59bd3
standardize on envar vs envvar
2019-08-28 22:18:58 +02:00
Robert Swiecki
c1e40e809c
log: close previous log descriptor a bit later:
2019-08-25 11:23:20 +02:00
Robert Swiecki
04f35c8848
mnt: use setcwd unconditionally with and w/o clone_newns
2019-08-25 11:17:12 +02:00
Robert Swiecki
d9efc0b3a7
mnt: use setcwd unconditionally with and w/o clone_newns
2019-08-25 11:16:12 +02:00
Robert Swiecki
b435292e9a
log: a bit clearer calls to dup()
2019-08-22 13:59:15 +02:00
Robert Swiecki
c291b11ae6
Fix missing chdir in non-CLONE_NEWNS path
2019-08-21 14:29:35 +02:00
Robert Swiecki
5abfae7161
log: simplify logging code
2019-08-20 14:16:21 +02:00
Robert Swiecki
fe762a37b9
config.proto: move disable_rl higher
2019-08-19 14:28:45 +02:00
robertswiecki
a0cdc71ab2
Merge pull request #120 from jaylees14/disable-rlimits
...
Add flag to disable rlimits
2019-08-19 14:26:27 +02:00
Robert Swiecki
ac6e19d4ec
Merge branch 'master' of github.com:google/nsjail
2019-08-19 11:35:17 +02:00
Robert Swiecki
f07c523543
net/cmdline: better checks for TCP port values
2019-08-19 11:34:34 +02:00
Jay Lees
86293b052e
Add flag to disable rlimits
2019-08-05 03:25:22 -07:00
Robert Swiecki
0b1d5ac039
cgroup-code: remove some spaces to make code more consistent
2019-08-04 09:54:38 +02:00
Robert Swiecki
b120acd5b5
make indent depend
2019-08-04 09:50:34 +02:00
robertswiecki
5376996acc
Merge pull request #119 from jaylees14/cgroup-v2
...
[cgroup-v2] support cgroup v2 for mem, cpu and pids
2019-08-04 09:49:35 +02:00
Jay Lees
08f62b6f76
[cgroup-v2] support cgroup v2 for mem, cpu and pids
2019-07-26 07:02:17 -07:00
Robert Swiecki
2044488520
configs/imagemagick-convert: add madvise
2019-07-12 16:07:06 +02:00
Robert Swiecki
4628ded479
Merge branch 'master' of github.com:google/nsjail
2019-07-01 14:52:32 +02:00
Robert Swiecki
d10c9fb90d
Disable securebits again to avoid spawned programs unexpectedly retaining capabilities after a UID/GID change
2019-07-01 14:51:32 +02:00
Robert Swiecki
28d2220b1e
cmdline: no need to check for nice values
2019-06-30 22:03:57 +02:00
Robert Swiecki
494a5f63cd
Add nice_level to cmd-line/config options
2019-06-30 21:50:56 +02:00
Robert Swiecki
21413c4157
user: typo
2019-06-28 19:08:21 +02:00
Robert Swiecki
317555b687
user: don't fail on setgroup() if not groups were specified
2019-06-28 13:31:43 +02:00
robertswiecki
d56adc39c9
Merge pull request #116 from pks-t/pks/setgroups-without-userns
...
user: allow setting multiple groups without user namespaces
2019-06-24 14:26:19 +02:00
Patrick Steinhardt
91848d22bf
user: allow setting multiple groups without user namespaces
...
When not using a user namespace, then we'll completely ignore
whether multiple groups have been specified by the user and only set
up the process's GID. With user namespaces, we in fact cannot set up
supplementary groups as we have set up "/proc/self/setgroups" to
deny any call to setgroups(2). But we can do better than that when
not using user namespaces, as we're free to use that syscall.
As nsjail(1) documents that "--group" can be specified multiple
times without mentioning that this won't work with
"--disable_clone_newuser", change the code to make that
constellation work.
2019-06-20 12:12:16 +02:00
Robert Swiecki
83a28cd0d3
use TEMP_FAILURE_RETRY with some restartable funcs
2019-04-17 23:10:18 +02:00
Robert Swiecki
c861be28a9
configs/image-magic: make convert be overridable
2019-04-01 23:32:06 +02:00
Robert Swiecki
8d9aaec7f0
cmdline: don't clear cmdline exec_file is arguments are provided on cmdline
2019-04-01 22:46:39 +02:00
Robert Swiecki
1f022a2187
config.proto: Exe.path is required
2019-04-01 22:43:17 +02:00
Robert Swiecki
7aa8916077
cmdline: make sure that argv[0] exists
2019-04-01 22:42:14 +02:00
Robert Swiecki
56b99003b4
user: function naming
2019-03-31 15:16:24 +02:00
Robert Swiecki
7b8da74e9f
configs/firefox-with-cloned-net: add fontconfig config envvars
2019-03-30 16:20:04 +01:00
Robert Swiecki
8b339db721
configs/firefox: add fontconfig config envvars
2019-03-30 16:19:30 +01:00
Robert Swiecki
2b1bad6b5b
cmdline: allow to override config cmdline with cmdline cmdline
2019-03-30 16:10:14 +01:00
Robert Swiecki
e3db427f0b
configs/conver: revert the last one to properly figure it out
2019-03-30 15:49:18 +01:00
robertswiecki
e9d380e21f
Merge pull request #114 from disconnect3d/patch-1
...
Fixes issue #113
2019-03-30 15:45:04 +01:00