woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
508 Commits 2 Branches 0 Tags 1.5 MiB
86b71f3d1a
Commit Graph

46 Commits

Author SHA1 Message Date
Robert Swiecki
7917222486 mount: Use /tmp/nsjail.[tmp|root].<orig_euid> 2017-06-21 18:29:02 +02:00
Robert Swiecki
9519f1038b mount: introduce mountDescribeMountPt 2017-05-29 16:52:24 +02:00
Robert Swiecki
aeb2e998b8 mount: mount src_content files from other tmpfs, to avoid shadowing / of the root tmpfs with some other FS 2017-05-29 16:39:08 +02:00
Robert Swiecki
f84d20632d mount: remove tmp file after use 2017-05-29 04:50:29 +02:00
Robert Swiecki
6380474301 Simplify mountMount 2017-05-29 03:29:14 +02:00
Robert Swiecki
0271586e81 Get rid of pivot_root_only - achieve the same in different way 2017-05-29 03:11:32 +02:00
Robert Swiecki
7b2fc9cdac add configs/firefox-with-cloned-net.cfg 2017-05-28 16:56:16 +02:00
Robert Swiecki
1df9e9d2e1 mount: fewer warnings in a mount pt is non-mandatory #2 2017-05-28 14:53:16 +02:00
Robert Swiecki
adc14c6f18 mount: fewer warnings in a mount pt is non-mandatory 2017-05-28 14:51:09 +02:00
Robert Swiecki
5697492122 mount: canonicalize paths 2017-05-28 03:19:13 +02:00
Robert Swiecki
e68acd68eb Support envvars on mount path definitions 2017-05-28 00:15:53 +02:00
Robert Swiecki
f2b0d039aa mount: less logging from mountIsDir 2017-05-27 20:19:36 +02:00
Robert Swiecki
a3e673847e mountIsDir: PLOG_E() -> PLOG_W() 2017-05-27 19:18:56 +02:00
Robert Swiecki
278711062a mount: better logging for failed mounts #2 2017-05-27 19:14:55 +02:00
Robert Swiecki
b09f2d0a5d mount: better logging for failed mounts 2017-05-27 19:11:19 +02:00
Robert Swiecki
71588194f3 config: smaller fixes (logging/comments) 2017-05-27 16:47:12 +02:00
Robert Swiecki
ec50c1346d mount: nonmandatory mounts 2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89 config: allow skipping arguments in mount points 2017-05-27 15:01:34 +02:00
Robert Swiecki
c1165cf120 mount: simplify checking for whether source is dir or file 2017-05-24 14:46:44 +02:00
Robert Swiecki
73aa285121 Rework RemountRO slightly 2017-05-22 03:34:54 +02:00
Robert Swiecki
0d5befbd6f TLS semantics for subprocCloneFlagsToStr and mountFlagsToStr 2017-05-22 01:10:49 +02:00
Robert Swiecki
609cbd6480 mount: fix new_flags while remounting RO 2017-05-21 22:52:55 +02:00
Robert Swiecki
8f243f07c7 mount: log msgs 2017-05-21 22:33:48 +02:00
Robert Swiecki
9509d3740d Make structs for flags printing more const 2017-05-21 19:46:03 +02:00
Robert Swiecki
a60f84d7e2 Add flags printing for clone() 2017-05-21 19:44:54 +02:00
Robert Swiecki
525ba9e2dd Convert mount flags to str 2017-05-21 17:37:18 +02:00
Robert Swiecki
a1c0cbacbd mount: log 2017-02-10 02:25:50 +01:00
Robert Swiecki
4dd5c38f91 Use subprocClone instead of syscall(__NR_clone) 2016-10-18 09:47:15 +02:00
Robert Swiecki
37a5d15fa8 Comment type + make indent 2016-10-17 22:53:31 +02:00
Stephen Röttger
cf4f197684 Don't mount over / if pivot_root_only is enabled 
The intention behind pivot_root_only is to support nested user
namespaces. However, if we bind mount over /, which happens by default,
the kernel will deny CLONE_NEWUSER.
 2016-09-30 16:30:59 +02:00
Stephen Röttger
c647ebb74f remove /old_root on --pivot_root_only 2016-09-30 16:30:59 +02:00
Stephen Röttger
f4d43e3336 New option pivot_root_only to support nested namespaces 
If pivot_root_only is setthe chroot in the job setup will be skipped.
 2016-09-30 16:30:59 +02:00
Jagger
ee7de33531 Use O_CLOEXEC when possible to avoid leaking FDs 2016-09-10 03:20:32 +02:00
Robert Swiecki
d96f730631 Recursive dir creation 2016-08-18 18:59:06 +02:00
Jagger
dba13a2aae Use old NULL mount semantics 2016-08-16 21:12:23 +02:00
Robert Swiecki
26e539884a Names in mount: 2016-08-16 19:59:51 +02:00
Robert Swiecki
4be7646379 Different way of mounting things 2016-08-16 19:54:50 +02:00
Robert Swiecki
1dc33c7bcf Remove defer{} calls 2016-07-29 15:38:22 +02:00
Robert Swiecki
432c82bb34 Make it a bit more standards friendly 2016-07-21 15:48:47 +02:00
Jagger
a1f0ec7925 Support for CLONE_NEWCGROUP 2016-06-19 11:55:55 +02:00
Jagger
df97c0fe74 Use NULL as src for mounting proc and tmpfs 2016-06-19 01:35:06 +02:00
Jagger
d78e141f70 Use a subprocess to setup unshare mount /proc 2016-05-12 22:25:48 +02:00
Robert Swiecki
6e25d47eba Cover interruptible syscalls with TEMP_FAILURE_RETRY 2016-05-09 15:16:26 +02:00
Robert Swiecki
db4a90d225 Print warning with failing umount 2016-03-23 17:23:18 +01:00
Robert Swiecki
66d3a14530 Remove the tmpfs from /tmp is we are mounting / as root 2016-03-23 17:08:52 +01:00
Robert Swiecki
e02d4e4edf Separate mount.c module 2016-03-03 15:37:04 +01:00