woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
536 Commits 2 Branches 0 Tags 1.5 MiB
7d53f4ad1e
Commit Graph

43 Commits

Author SHA1 Message Date
Robert Swiecki
7226893b12 config: bind caps 2017-07-06 01:12:13 +02:00
Robert Swiecki
39ce9d22a7 caps: just local caps 2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f caps: simplify capability operations 2017-07-05 15:57:07 +02:00
Robert Swiecki
7ba602a6ed caps: move capability-setting code to caps.* 2017-07-05 13:03:14 +02:00
Robert Swiecki
e4aba73385 Allow to create symlinks 2017-06-29 00:32:20 +02:00
Robert Swiecki
963a7b6913 config: missing bind for is_root_rw 2017-06-26 20:39:51 +02:00
Robert Swiecki
69783dc200 config: max_cpu_num -> max_cpus 2017-06-21 17:52:16 +02:00
Robert Swiecki
be083f6752 config: bind port to config 2017-06-19 23:52:56 +02:00
Robert Swiecki
ceaed43133 config: implement max_cpu_num in PB 2017-06-19 17:05:01 +02:00
Robert Swiecki
1dd3223b74 iface -> iface_vs 2017-06-12 22:20:21 +02:00
Robert Swiecki
88d8570843 configs/bash: set argv[0] 2017-06-12 02:16:27 +02:00
Robert Swiecki
f203669d25 config: give ability to override argv[0] 2017-06-12 02:14:18 +02:00
Robert Swiecki
63e4059f7a Slight fixes to log_fd 2017-06-12 00:27:27 +02:00
Tony Young
c55dc8cb12 Add an extra log_fd argument to specify an FD to log to. 
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
 2017-06-11 22:12:18 +00:00
Tony Young
d0261d281d Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd. 2017-06-09 00:00:12 +00:00
Robert Swiecki
0271586e81 Get rid of pivot_root_only - achieve the same in different way 2017-05-29 03:11:32 +02:00
Robert Swiecki
9db01ec991 config: implement keep caps 2017-05-28 19:17:48 +02:00
Robert Swiecki
7b2fc9cdac add configs/firefox-with-cloned-net.cfg 2017-05-28 16:56:16 +02:00
Robert Swiecki
a2bbe667b9 config: switch is_ro to rw 2017-05-28 01:24:55 +02:00
Robert Swiecki
d7ccf0c9d8 Simplify uids/gids maps 2017-05-28 01:05:27 +02:00
Robert Swiecki
e68acd68eb Support envvars on mount path definitions 2017-05-28 00:15:53 +02:00
Robert Swiecki
ec50c1346d mount: nonmandatory mounts 2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89 config: allow skipping arguments in mount points 2017-05-27 15:01:34 +02:00
Robert Swiecki
d7a805ec47 config: support for envvars 2017-05-27 04:06:28 +02:00
Robert Swiecki
03e8578e79 config: executable in config 2017-05-27 02:24:41 +02:00
Robert Swiecki
4ba9555ca9 config: presumably all options 2017-05-27 02:09:21 +02:00
Robert Swiecki
0acd6155de config: support seccomp filters 2017-05-27 01:35:00 +02:00
Robert Swiecki
7ee26bfed1 config: support mounts - fix for list insertion order 2017-05-27 01:17:09 +02:00
Robert Swiecki
b5e37a6c4a config: support mounts 2017-05-27 01:16:12 +02:00
Robert Swiecki
20633b1f57 config: compact-ize uid/gid map options 2017-05-27 00:33:25 +02:00
Robert Swiecki
e63a1d3acd make indent depend 2017-05-27 00:09:48 +02:00
Robert Swiecki
fb8ce1ca90 config.proto: use string instead of bytes 2017-05-27 00:09:08 +02:00
Robert Swiecki
53f825115f More work on uid mappings 2017-05-26 23:26:07 +02:00
Robert Swiecki
a2a497f089 config: more options in the config #7 2017-05-26 17:50:28 +02:00
Robert Swiecki
8409cd9970 config: more options in the config #6 2017-05-26 15:29:08 +02:00
Robert Swiecki
8e39afa25f config: more options in the config #5 2017-05-26 15:22:59 +02:00
Robert Swiecki
08de9db57c config: more options in the config #4 2017-05-26 14:08:09 +02:00
Robert Swiecki
92939c754e config: more options in the config #3 2017-05-26 05:12:01 +02:00
Robert Swiecki
1c4fba0484 config: more options in the config #2 2017-05-26 05:01:22 +02:00
Robert Swiecki
a3a5d95f2c config: more options in the config 2017-05-26 04:37:50 +02:00
Robert Swiecki
56cc2d6010 +protobuf-c-text: parsing from text file 2017-05-26 04:25:55 +02:00
Robert Swiecki
ad53e11e9b +protobuf-c-text 2017-05-26 04:15:45 +02:00
Robert Swiecki
b9cbc68d90 config: basic parsing 2017-05-26 02:24:56 +02:00