nsjail

woj/nsjail

Author	SHA1	Message	Date
Eli Zrihen	be302c4cc9	Comment fix	2021-06-23 14:51:34 +03:00
Eli Zrihen	dab1713ac9	Added use_switchroot option	2021-06-17 14:57:01 +03:00
Robert Swiecki	2e9fd0e2e4	make indent	2021-06-16 17:44:07 +02:00
robertswiecki	3342a8d483	Merge pull request #172 from eli-zr/_macvlan_mode MACVLAN modes support	2021-06-16 17:43:31 +02:00
Eli Zrihen	5c8b3835b7	MACVLAN modes support	2021-06-16 16:59:12 +03:00
Robert Swiecki	d1f332b911	Enable support for clone3() and for CLONE_NEWTIME	2021-05-18 14:38:01 +02:00
robertswiecki	4be9595234	Merge pull request #170 from infiniteregrets/fix-macro Fixed macro in subproc.cc	2021-05-12 09:51:35 +02:00
Mehul Arora	b09ad5e91c	Fixed macro in subproc.cc	2021-05-12 12:13:06 +05:30
Robert Swiecki	056809ed3b	Initial support for CLONE_NEWTIME	2021-05-11 14:48:45 +02:00
Wiktor Garbacz	528cebe914	Update kafel to include bugfixes	2021-05-07 17:50:31 +02:00
Robert Swiecki	3ac7856b67	configs/ - add comments to config files using #	2021-05-05 13:50:51 +02:00
robertswiecki	a9790e14bf	Merge pull request #164 from ziqin/master Fix a typo in command line description	2021-05-04 21:41:17 +02:00
Wiktor Garbacz	24418fd807	Bump kafel	2021-04-28 16:32:09 +02:00
Wiktor Garbacz	4be6fad260	Yet another bugfix Kafel version bump	2021-04-22 11:01:04 +02:00
Wiktor Garbacz	6502bf74d7	update kafel again to include a bugfix.	2021-04-21 09:47:20 +02:00
Wiktor Garbacz	8164361cd8	Update kafel	2021-04-16 14:22:30 +02:00
WANG Ziqin	824bd134d4	Fix default value of cgroup_cpu_mount in README	2021-04-03 23:59:35 +08:00
Ziqin Wang	5cddbaf07e	Fix typo in command line description	2021-04-03 23:31:56 +08:00
happyCoder92	645eabd862	Merge pull request #160 from ginkoid/master net: add support for max_conns	2021-02-10 08:47:34 +01:00
Philip Papurt	32f2287fbb	net: add support for max_conns	2021-02-09 17:13:35 -05:00
Robert Swiecki	e1e80e8efa	subproc: refer users to dmesg in case si_syscall==31 (SIGSYS)	2021-02-01 23:22:43 +01:00
Wiktor Garbacz	88647a0819	Fix build	2021-01-28 09:48:57 +01:00
Wiktor Garbacz	bcb467dde4	Add new capabilities, ignore unsupported caps for bounding set	2021-01-27 14:37:12 +01:00
Robert Swiecki	d3ba64756d	nsjail: don't add connections to the proxy map if launching a new process failed	2020-08-30 23:22:22 +02:00
Robert Swiecki	608618ea7b	subproc: kill a process once in the -Ml mode once the TCP connection has ended	2020-08-30 22:02:08 +02:00
robertswiecki	ab37bf3b40	Merge pull request #150 from joemiller/patch-1 remove build dependency on which	2020-08-26 17:02:02 +02:00
Robert Swiecki	fc02a3911c	make indent	2020-08-26 16:09:55 +02:00
joe miller	27cac8ea5a	remove build dependency on which	2020-08-14 17:07:30 -07:00
robertswiecki	13f3ef0a28	Merge pull request #148 from boryspoplawski/master Fix compilation errors on old gcc (5.4.0)	2020-08-03 22:42:28 +02:00
Robert Swiecki	a541630859	Makefile: compile kafel with -fPIE (maybe fixes #149 )	2020-08-03 20:43:08 +02:00
borysp	55330be3cc	Fix compilation errors on old gcc (5.4.0)	2020-07-29 15:18:10 +02:00
Robert Swiecki	7ca0657316	config.proto: make indent	2020-07-28 14:03:27 +02:00
Robert Swiecki	0a5a5296dd	config.proto: renumerate config fields	2020-07-28 14:02:34 +02:00
robertswiecki	7de87aeb7d	Merge pull request #147 from disconnect3d/patch-2 Fixes #146: cgroups_mem_max unit in config.proto	2020-07-23 00:09:23 +02:00
Disconnect3d	5d103e595a	Fixes #146 : cgroups_mem_max unit in config.proto This commit fixes the incorrect cgroups_mem_max unit described in a config.proto comment. We do not perform any calculations on this value and we don't specify the values unit (k/M/G) when writing to memory cgroup controller files, so the value is specified in bytes.	2020-07-16 14:43:43 +02:00
Robert Swiecki	f7554882fe	make indent	2020-07-09 17:29:02 +02:00
Robert Swiecki	a2d5b07c76	config: remove deprecated config options	2020-07-09 17:28:56 +02:00
robertswiecki	6482720b29	Merge pull request #145 from cblichmann/master Fix a few typos.	2020-07-07 16:52:21 +02:00
Christian Blichmann	910fb5498c	Fix a few typos. These were found by external tooling while preparing the Debian package. * Uknown -> Unknown * Writting -> Writing * commited -> committed * processess -> processes Signed-off-by: Christian Blichmann <mail@blichmann.eu>	2020-07-07 14:07:22 +02:00
happyCoder92	ed35c93568	Merge pull request #144 from arcz/config-deps-paths Build-time config of newuidmap and newgidmap paths	2020-07-07 11:55:11 +02:00
Artur Cygan	74e88d92b4	Stringify CLI-passed paths	2020-07-06 14:38:11 +02:00
Artur Cygan	ba9bd3590d	Build-time config of newuidmap and newgidmap paths	2020-06-22 13:42:22 +02:00
Robert Swiecki	a378ca0e96	nsjail: don't change cwd during daemon()	2020-04-21 11:25:06 +02:00
Wiktor Garbacz	6eaed88530	Fix format specifier for size_t	2020-03-27 10:19:40 +01:00
happyCoder92	868fb45bf4	Merge pull request #136 from c7f-m0d3/master fix non-functional max_conns_per_ip	2020-03-19 13:50:35 +01:00
Piotr Krysiuk	b582491e02	fix non-functional max_conns_per_ip Starting with nsjail::listenMode update to pipe socket traffic [commit `273ce6bc84`], a pipe file descriptor is passed as connsock parameter when calling net::limitConns and also as sock parameter when calling addProc in subproc::runChild. This breaks net::limitConns because pid.remote_addr and also local variable addr are left uninitialized despite net::connToText calls when counting number of existing network connections from the same peer. The subsequent correction to fetch remote address [commit `2cf562160d`] made the bug even more interesting, since the loop in net::limitConns now compares unsanitized content of stack with network addresses of already connected clients.	2020-03-19 00:13:28 +00:00
happyCoder92	4c524db8d2	Merge pull request #133 from sirdarckcat/master Create dockerpush.yml	2020-03-02 15:31:37 +01:00
Eduardo' Vela" Nava (sirdarckcat)	66fa45364c	Create dockerpush.yml	2020-03-01 07:56:34 +01:00
Robert Swiecki	6912a2401f	make indent	2020-02-17 20:33:45 +01:00
Wiktor Garbacz	a47123b8a7	fix POLLNVAL in pipeTraffic	2020-02-17 15:57:13 +01:00

1 2 3 4 5 ...

1198 Commits