woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
686 Commits 2 Branches 0 Tags 1.5 MiB
80f902fc06
Commit Graph

85 Commits

Author SHA1 Message Date
Robert Swiecki
5ef11f65a4 No need to use '== true' 2017-10-18 15:41:16 +02:00
Robert Swiecki
152d6d68ae simplify includes, remove unneeded, add needed 2017-10-18 14:46:17 +02:00
Robert Swiecki
4ffec405de Makefile: add columnt limit to the indent 2017-10-17 15:22:23 +02:00
Robert Swiecki
74b43346bd make indent 2017-10-08 23:00:45 +02:00
Robert Swiecki
7fa94b8e8c contain: remove unnecessary includes 2017-10-01 19:08:31 +02:00
Robert Swiecki
02951e0ac8 user: simplify login when running with --disable_clonew_newuser by using prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_NO_SETUID_FIXUP) 2017-10-01 16:11:46 +02:00
Robert Swiecki
c71c996143 Allow for running with --disable_newuser started as root 2017-10-01 05:32:07 +02:00
Robert Swiecki
2b797a19fd mount: allow to use --disable_newuser for root users 2017-10-01 05:16:01 +02:00
Robert Swiecki
3c0e300794 contain: use setrlimit64 instead of syscall(__NR_prlimit64) 2017-09-29 14:32:39 +02:00
Robert Swiecki
c4a57d592d Make it compile (maybe) under uClibc 2017-09-29 13:07:42 +02:00
Robert Swiecki
39ce9d22a7 caps: just local caps 2017-07-05 17:29:57 +02:00
Robert Swiecki
7ba602a6ed caps: move capability-setting code to caps.* 2017-07-05 13:03:14 +02:00
Robert Swiecki
d259ee4f6d mount: more extensive search for suitable root dir 2017-06-21 19:18:02 +02:00
Robert Swiecki
0e7393cccf cmdline: implement affinity setting, to limit jailed process to n max cpus 2017-06-19 17:01:50 +02:00
Robert Swiecki
a55ff63861 make indent 2017-06-11 01:34:20 +02:00
Robert Swiecki
b5d3bf64cb contain: use open('abc', O_DIRECTORY|O_CLOEXEC) instead of opendir() 2017-06-09 14:40:44 +02:00
Robert Swiecki
5b07ba1d32 contain: capabilities 2017-02-12 16:54:39 +01:00
Robert Swiecki
341832d755 Duplicate logging fd, so it can be used from child process 2017-02-11 20:33:54 +01:00
Robert Swiecki
3b83267cfd Init user-ns setresuid/setresgid before initializing other NSes 2017-02-07 18:31:50 +01:00
Robert Swiecki
7917aae84d keep_caps: make effective caps eq to permitted 2017-01-23 12:02:48 +01:00
Robert Swiecki
20745a455d Support for ambient capabilities 2017-01-21 00:15:03 +01:00
Stephen Röttger
6501357f98 new flag to skip no_new_privs: --disable_no_new_privs 2016-09-30 15:23:04 +02:00
Robert Swiecki
1dc33c7bcf Remove defer{} calls 2016-07-29 15:38:22 +02:00
Robert Swiecki
f3b70cc314 Remove -lBlocksRuntime 2016-07-27 14:04:03 +02:00
Robert Swiecki
432c82bb34 Make it a bit more standards friendly 2016-07-21 15:48:47 +02:00
Jagger
4bc5632af4 Report failure of setting fcntl(FD_CLOEXEC) as error 2016-06-20 22:59:29 +02:00
Jagger
827e1a4e7d Init cgroups from parent 2016-06-19 15:50:25 +02:00
Jagger
6223ccebf1 Rudimentary cgroup support 2016-06-19 12:47:28 +02:00
Jagger
da0f4c0695 Better logging for closing(fd) 2016-06-18 11:08:35 +02:00
Jagger
86ddf16279 Implement --pass_fd 2016-06-18 00:46:57 +02:00
Robert Swiecki
3edc8bf4a7 Move PID ns to a separate module 2016-05-13 17:07:44 +02:00
Jagger
a6062dd03a Restart fcntl() 2016-05-09 23:45:56 +02:00
Robert Swiecki
6e25d47eba Cover interruptible syscalls with TEMP_FAILURE_RETRY 2016-05-09 15:16:26 +02:00
Jagger
57a523dd08 Use defer {} instead of DEFER() 2016-04-23 04:22:31 +02:00
Robert Swiecki
3bc8cce90e No need to redirect log fd anymore 2016-03-15 20:42:03 +01:00
Jagger
4ae2c027ac Cleaner impl. of DEFER 2016-03-10 22:56:26 +01:00
Jagger
09e08a2c1f More defers 2016-03-08 22:54:35 +01:00
Robert Swiecki
eb52ab9a2b Move contain fnctions into contain.c 2016-03-08 15:57:09 +01:00
Robert Swiecki
8793dc4c9e Remove caps from the bounding set 2016-03-08 15:10:21 +01:00
Robert Swiecki
9cc41e820f Separate uts.* module 2016-03-03 16:09:25 +01:00
Robert Swiecki
2c1ff531e3 Clearer naming of net functions 2016-03-03 15:43:40 +01:00
Robert Swiecki
e02d4e4edf Separate mount.c module 2016-03-03 15:37:04 +01:00
Robert Swiecki
b89b8cfbc7 Fix common.h includes 2016-03-01 17:03:11 +01:00
Robert Swiecki
b0c5baa45d Comment on statvfs 2016-03-01 16:01:39 +01:00
Robert Swiecki
60ece3a192 Typo 2016-03-01 15:38:58 +01:00
Robert Swiecki
cc987ec775 Add locked mount flags during remounting 2016-03-01 15:36:32 +01:00
Robert Swiecki
f258316f5e More specific error message for EACCES during mount() 2016-03-01 15:02:33 +01:00
Robert Swiecki
114ce7e976 Make it possible to compile with clang 2016-02-29 19:09:39 +01:00
Jagger
d2f47fff92 Add network configuration for the 'vs' interface 2016-02-29 02:51:55 +01:00
Jagger
43983cbb17 Add --iface_lo_up 2016-02-29 00:14:36 +01:00