woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
681 Commits 2 Branches 0 Tags 1.5 MiB
7e49be4dc3
Commit Graph

681 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Swiecki
7e49be4dc3 mount: try creating starting tmpfs's in /run/user/<uid> first 2017-10-19 22:39:37 +02:00
Robert Swiecki
4152f3ea93 mount: merge string line in log 2017-10-19 15:58:57 +02:00
Robert Swiecki
29ff5e49b5 mount: missing 'return false' if the mount fails 2017-10-19 15:46:31 +02:00
Robert Swiecki
4c5aebf23b nsjail: use CTRL+\ (SIGQUIT) to display active sessions 2017-10-19 15:25:20 +02:00
Robert Swiecki
2687f33a07 use O_CLOEXEC with utilWriteBufToFile wherever possible 2017-10-19 14:56:45 +02:00
Robert Swiecki
94e593eb68 subproc: comments around new proc stack 2017-10-19 13:11:41 +02:00
Robert Swiecki
c33b1c87af subproc: typos 2017-10-19 02:32:55 +02:00
Robert Swiecki
123ef0b46b make indent 2017-10-19 02:24:34 +02:00
robertswiecki
064d024f6d Merge pull request #56 from VCTLabs/stack-alignment 
align stack for child process
 2017-10-19 02:22:08 +02:00
Robert Swiecki
00fa26f696 user: avoid calling setresgid twice on machines that support setres(g|u)id32 2017-10-19 02:14:58 +02:00
robertswiecki
5870d6bb00 Merge pull request #55 from jvvv/master 
manpage: add --execute_fd option
 2017-10-18 23:32:13 +02:00
John Vogel
221b53f8d2 manpage: add --execute_fd option 2017-10-18 14:48:24 -04:00
Robert Swiecki
9fbe753a6a cmdline: typo 2017-10-18 18:02:23 +02:00
Robert Swiecki
9c2f19b972 cmdline: add option --execute_fd and support for it, in order to use execveat() 2017-10-18 17:57:52 +02:00
Robert Swiecki
5ef11f65a4 No need to use '== true' 2017-10-18 15:41:16 +02:00
Robert Swiecki
9465e794eb No need to add custom flags when remounting RO 2017-10-18 15:41:02 +02:00
Robert Swiecki
e67710005d mount: mountFlagsToStr cannot be repeated as it uses TLS buffer 2017-10-18 15:31:15 +02:00
Robert Swiecki
152d6d68ae simplify includes, remove unneeded, add needed 2017-10-18 14:46:17 +02:00
Robert Swiecki
58d6b3075c Move struct nsjail_t definition to nsjail.h and leave only macros in common.h 2017-10-18 14:27:34 +02:00
Robert Swiecki
1b4577e53f subproc: clear signal handlers in the child process 2017-10-18 12:33:24 +02:00
robertswiecki
5f3b511e3f Merge pull request #54 from VCTLabs/compat-3.x-kernel 
Revert "caps: define CAP_AUDIT_READ if not defined"
 2017-10-17 15:40:48 +02:00
Robert Swiecki
4ffec405de Makefile: add columnt limit to the indent 2017-10-17 15:22:23 +02:00
Robert Swiecki
fb018c2596 user: use setresuid32 where available first (on some 32bit platforms: 2017-10-17 15:16:27 +02:00
Ron Lockwood-Childs
07b5a2a90c align stack for child process 
Fixes "bus error" crashes on aarch64 caused by alignment faults.

On aarch64, the stack pointer needs to be 16-byte aligned; use gcc
builtin macro __BIGGEST_ALIGNMENT__ to specify a stack alignment
suitable for each platform.
 2017-10-17 02:22:58 -07:00
Ron Lockwood-Childs
5ff0de7454 Revert "caps: define CAP_AUDIT_READ if not defined" 
Restore compatibility with 3.x kernels by not requiring CAP_AUDIT_READ
if not defined in kernel header file

This reverts commit 7820553cb9.

Conflicts:
	caps.c
	contain.h
 2017-10-16 14:05:02 -07:00
Robert Swiecki
411955c5ae nsjail: add missing commans in nested structs and make indent 2017-10-16 15:31:14 +02:00
Robert Swiecki
64325b3862 user: remove static from idx vars, it causes crash after many iterations of nsjail 2017-10-16 15:19:07 +02:00
robertswiecki
6a9cbc02d7 Merge pull request #51 from jvvv/master 
manpage: update for recent option changes
 2017-10-12 14:11:45 +02:00
John Vogel
0c939cd2a5 manpage: update for recent option changes 
Add --proc_path and --proc_rw options.
Also clean up --mode|-M option layout.
 2017-10-12 02:53:10 -04:00
Robert Swiecki
819671ec9b net: prettier logging in bind 2017-10-11 15:43:59 +02:00
Robert Swiecki
921bdba937 cmdline: better --rw description 2017-10-11 02:16:14 +02:00
Robert Swiecki
2df017ec56 cmdline: add --proc_path and --proc_rw options 2017-10-11 02:10:52 +02:00
Robert Swiecki
fe234f4830 move VALSTR_STRUCT to common.h 2017-10-08 23:06:40 +02:00
Robert Swiecki
d0afb19431 allow for indentation of more structures (now with clang-format) 2017-10-08 23:03:02 +02:00
Robert Swiecki
74b43346bd make indent 2017-10-08 23:00:45 +02:00
Robert Swiecki
414e999787 switch indent to clang-format completely 2017-10-08 22:52:52 +02:00
Robert Swiecki
c56ec493fb config.proto: reflow numbering of fields 2017-10-08 22:50:06 +02:00
Robert Swiecki
7695be383e mount: make mountIsDir static 2017-10-08 15:17:57 +02:00
Robert Swiecki
23a77f46e9 subproc: print syscall number as decimal 2017-10-08 15:02:41 +02:00
Robert Swiecki
85b0908dd8 cmdline: missing 'soft'/'hard' variants for RLIMIT_STACK in usage() 2017-10-08 13:00:37 +02:00
Robert Swiecki
82b0d2926e Merge branch 'master' of ssh://github.com/google/nsjail 2017-10-08 12:57:51 +02:00
Robert Swiecki
d20ffb98f6 cmdline: missing comparison in cmdlineParseRLimit() 2017-10-08 12:57:43 +02:00
robertswiecki
cacf36e8da Merge pull request #50 from jvvv/master 
manpage: tweak for recent options changes
 2017-10-08 12:56:22 +02:00
robertswiecki
ab074d39a0 Merge pull request #49 from disconnect3d/small-refactor-sandbox 
sandbox.c: small refactor
 2017-10-08 12:55:56 +02:00
Robert Swiecki
acd8e01060 subproc: print si->si_errno as well as it provides user-supplied value from seccomp-bpf 2017-10-08 12:00:19 +02:00
Robert Swiecki
66f60a78b0 subproc: reorder printing of si->si_syscall #2 2017-10-08 11:55:11 +02:00
Robert Swiecki
24c3be941f subproc: reorder printing of si->si_syscall 2017-10-08 11:53:24 +02:00
Robert Swiecki
809dbbb560 subproc: print si->si_syscall 2017-10-08 11:51:37 +02:00
John Vogel
e3ada49abf manpage: tweak for recent options changes 
Adjust rlimit_* options to match command line --help output.
Add --really_quiet option.

And some clean up:
Remove 'See Also' section that only references a non-existent
info page that is a relic of using help2man for initial manual
page generation.
 2017-10-08 01:28:06 -04:00
disconnect3d
14ec30c211 sandbox.c: small refactor 2017-10-08 02:57:49 +02:00