John Vogel
|
55ae71ed8f
|
Add manual page.
|
2017-08-19 20:10:56 -04:00 |
|
Robert Swiecki
|
3cb0f088e2
|
readme
|
2017-08-13 13:05:33 +02:00 |
|
Robert Swiecki
|
049fffb14f
|
caps: Bypass for systems which kernel defines CAP_AUDIT_READ but libcap doesn't understand this
|
2017-07-18 23:00:04 +02:00 |
|
robertswiecki
|
bab2cf1667
|
Merge pull request #34 from disconnect3d/fix-dockerfile-build
Fix dockerfile: add libcap-dev install
|
2017-07-18 21:32:00 +02:00 |
|
disconnect3d
|
25deba1425
|
Fix dockerfile: add libcap-dev install
Before the fix the build ends up somewhere with:
> sys/capability.h: No such file or directory
|
2017-07-18 21:19:23 +02:00 |
|
Robert Swiecki
|
cf3525dd49
|
Makefile: add -D_FILE_OFFSET_BITS=64 to CFLAGS
|
2017-07-15 15:04:25 +02:00 |
|
Robert Swiecki
|
43e402af06
|
configs/bash: bring back changed euid for bash
|
2017-07-13 02:34:18 +02:00 |
|
Robert Swiecki
|
5683ea7e09
|
cmdline: better warning about uid/gid 0
|
2017-07-13 02:33:11 +02:00 |
|
Robert Swiecki
|
b389fcdc3d
|
configs/apache: spaces to tabs
|
2017-07-07 19:12:42 +02:00 |
|
Robert Swiecki
|
83cb1f2764
|
configs/apache: remove cpu limit and unnecessary is_bind
|
2017-07-07 19:11:56 +02:00 |
|
Robert Swiecki
|
6c71def056
|
configs/apache: remove ld.so.cache
|
2017-07-07 19:06:04 +02:00 |
|
Robert Swiecki
|
9cc85ad853
|
cmdline: remove unnecessary bracket
|
2017-07-07 15:05:22 +02:00 |
|
Robert Swiecki
|
f18976d43d
|
net: un-const'ify array
|
2017-07-07 12:14:25 +02:00 |
|
Robert Swiecki
|
65e00f3f65
|
net: const'ify array
|
2017-07-07 12:13:24 +02:00 |
|
Robert Swiecki
|
1ee518c464
|
net: improve debugging
|
2017-07-07 12:10:22 +02:00 |
|
Robert Swiecki
|
7146a8761c
|
examples/apache: sort the entries again
|
2017-07-07 12:08:26 +02:00 |
|
Robert Swiecki
|
72dfb86551
|
examples/apache: sort includes
|
2017-07-07 02:52:05 +02:00 |
|
Robert Swiecki
|
14282ca2e1
|
examples/apache: manual formatting of seccomp-bpf policy
|
2017-07-07 02:37:33 +02:00 |
|
Robert Swiecki
|
b87ffc44df
|
examples/apache: manual formatting of seccomp-bpf policy
|
2017-07-07 02:36:23 +02:00 |
|
Robert Swiecki
|
657166bf73
|
examples/apache: formatting with clang-format
|
2017-07-07 02:34:57 +02:00 |
|
Robert Swiecki
|
6ce7e253f9
|
mount: Use MS_BIND when remounting R/O
|
2017-07-06 19:39:12 +02:00 |
|
Robert Swiecki
|
7153d489fd
|
caps: dropping caps from the bounding set
|
2017-07-06 14:55:27 +02:00 |
|
Robert Swiecki
|
6c1205badc
|
util: mroe debugging
|
2017-07-06 14:37:10 +02:00 |
|
Robert Swiecki
|
074582782c
|
caps: shorter debug messages
|
2017-07-06 11:37:41 +02:00 |
|
Robert Swiecki
|
c9e95e7be2
|
make indent
|
2017-07-06 11:25:46 +02:00 |
|
Robert Swiecki
|
7d53f4ad1e
|
caps: simplify cap getting/setting
|
2017-07-06 02:21:08 +02:00 |
|
Robert Swiecki
|
7226893b12
|
config: bind caps
|
2017-07-06 01:12:13 +02:00 |
|
Robert Swiecki
|
5ed3c033ed
|
caps: more debugging
|
2017-07-05 17:34:56 +02:00 |
|
Robert Swiecki
|
39ce9d22a7
|
caps: just local caps
|
2017-07-05 17:29:57 +02:00 |
|
Robert Swiecki
|
54a522326f
|
caps: simplify capability operations
|
2017-07-05 15:57:07 +02:00 |
|
Robert Swiecki
|
df0119a5b0
|
caps: CAP_AUDIT_READ is not defined with Ubuntu 14
|
2017-07-05 14:19:51 +02:00 |
|
Robert Swiecki
|
1ece9abf71
|
Merge branch 'master' of ssh://github.com/google/nsjail
|
2017-07-05 13:03:22 +02:00 |
|
Robert Swiecki
|
7ba602a6ed
|
caps: move capability-setting code to caps.*
|
2017-07-05 13:03:14 +02:00 |
|
robertswiecki
|
2ebf1ff78c
|
Merge pull request #30 from andy0130tw/fix/config-fake-euid
Add back ERRNO(1337) for example config
|
2017-07-03 22:53:56 +02:00 |
|
Andy Pan
|
b2855a8164
|
Add back ERRNO(1337) for example config
|
2017-07-04 04:26:37 +08:00 |
|
Robert Swiecki
|
5a68595a5b
|
mount: allow for non-mandatory symlinks
mount: allow for non-mandatory symlinks
|
2017-07-02 03:40:47 +02:00 |
|
Robert Swiecki
|
e86598c544
|
config.proto: reflow field numbering to make it sequential
|
2017-07-02 00:20:35 +02:00 |
|
Robert Swiecki
|
b36c4fb26c
|
make indent
|
2017-07-01 22:23:11 +02:00 |
|
Robert Swiecki
|
ac2928d1c2
|
cmdlink: use different name while printing symlinks/mount points
|
2017-06-29 00:38:20 +02:00 |
|
Robert Swiecki
|
e4aba73385
|
Allow to create symlinks
|
2017-06-29 00:32:20 +02:00 |
|
Robert Swiecki
|
963a7b6913
|
config: missing bind for is_root_rw
|
2017-06-26 20:39:51 +02:00 |
|
Robert Swiecki
|
64f6232e9c
|
config: rename the chrome profile
|
2017-06-22 16:12:56 +02:00 |
|
Robert Swiecki
|
7e0a4cdba8
|
Get number of CPUs early, as it's read from /proc
|
2017-06-22 03:06:53 +02:00 |
|
Robert Swiecki
|
e7b45b6e01
|
cpu: correct year
|
2017-06-22 02:56:10 +02:00 |
|
Robert Swiecki
|
cd17b43cb0
|
remove configs/config1.example
|
2017-06-22 02:28:02 +02:00 |
|
Robert Swiecki
|
de28b4d709
|
configs: demo policy for chrome
|
2017-06-22 01:37:18 +02:00 |
|
Robert Swiecki
|
e802c5c9aa
|
mount: use /dev/shm first as a tmp dir
|
2017-06-22 01:21:09 +02:00 |
|
Robert Swiecki
|
3c7eb879d8
|
cpu: logging
|
2017-06-22 00:42:04 +02:00 |
|
Robert Swiecki
|
c5c925b6fd
|
mount: use TMPDIR to create a temporary dir
|
2017-06-22 00:39:34 +02:00 |
|
Robert Swiecki
|
ca732aafda
|
mount: use TMPDIR to create a temporary dir
|
2017-06-22 00:38:49 +02:00 |
|