woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
727 Commits 2 Branches 0 Tags 1.5 MiB
928e5344f1
Commit Graph

78 Commits

Author SHA1 Message Date
Robert Swiecki
928e5344f1 New config for xchat2 #typos 2017-12-07 15:03:23 +01:00
Robert Swiecki
86b6789bed New config for xchat2 2017-12-07 14:39:19 +01:00
Robert Swiecki
750d37aefd configs/firefox*: add fontconfig 2017-12-05 22:23:48 +01:00
Robert Swiecki
8fe58806f2 configs/imagemagick: more syscalls allowed 2017-12-05 22:13:00 +01:00
Robert Swiecki
5c8397860c configs: some fixes thanks to the write-up at https://offbyinfinity.com/2017/12/sandboxing-imagemagick-with-nsjail/ 2017-12-05 15:01:27 +01:00
Robert Swiecki
805ceb4363 configs/ increas rlimit_nofile for firefox 2017-10-26 02:43:40 +02:00
Robert Swiecki
a415506619 configs/busybox: indicate that the busybox must be statically compiled 2017-10-20 14:46:43 +02:00
Robert Swiecki
9c2f19b972 cmdline: add option --execute_fd and support for it, in order to use execveat() 2017-10-18 17:57:52 +02:00
Robert Swiecki
dbc6fab582 config: allow to use soft/hard/inf limits for rlimits 2017-10-06 22:44:27 +02:00
Robert Swiecki
3ae090dad2 configs: format seccomp policies 2017-09-27 15:49:12 +02:00
Robert Swiecki
374f6cc4f0 config: Initial work on converting config.c to c++ protobuf lib 
config: Initial work on converting config.c to c++ protobuf lib #2

config: Initial work on converting config.c to c++ protobuf lib #3

config: Initial work on converting config.c to c++ protobuf lib #4

config: Initial work on converting config.c to c++ protobuf lib #5

config: Initial work on converting config.c to c++ protobuf lib #6
 2017-09-14 21:17:38 +02:00
Robert Swiecki
43e402af06 configs/bash: bring back changed euid for bash 2017-07-13 02:34:18 +02:00
Robert Swiecki
5683ea7e09 cmdline: better warning about uid/gid 0 2017-07-13 02:33:11 +02:00
Robert Swiecki
b389fcdc3d configs/apache: spaces to tabs 2017-07-07 19:12:42 +02:00
Robert Swiecki
83cb1f2764 configs/apache: remove cpu limit and unnecessary is_bind 2017-07-07 19:11:56 +02:00
Robert Swiecki
6c71def056 configs/apache: remove ld.so.cache 2017-07-07 19:06:04 +02:00
Robert Swiecki
7146a8761c examples/apache: sort the entries again 2017-07-07 12:08:26 +02:00
Robert Swiecki
72dfb86551 examples/apache: sort includes 2017-07-07 02:52:05 +02:00
Robert Swiecki
14282ca2e1 examples/apache: manual formatting of seccomp-bpf policy 2017-07-07 02:37:33 +02:00
Robert Swiecki
b87ffc44df examples/apache: manual formatting of seccomp-bpf policy 2017-07-07 02:36:23 +02:00
Robert Swiecki
657166bf73 examples/apache: formatting with clang-format 2017-07-07 02:34:57 +02:00
Robert Swiecki
7226893b12 config: bind caps 2017-07-06 01:12:13 +02:00
Robert Swiecki
39ce9d22a7 caps: just local caps 2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f caps: simplify capability operations 2017-07-05 15:57:07 +02:00
Andy Pan
b2855a8164 Add back ERRNO(1337) for example config 2017-07-04 04:26:37 +08:00
Robert Swiecki
5a68595a5b mount: allow for non-mandatory symlinks 
mount: allow for non-mandatory symlinks
 2017-07-02 03:40:47 +02:00
Robert Swiecki
e4aba73385 Allow to create symlinks 2017-06-29 00:32:20 +02:00
Robert Swiecki
64f6232e9c config: rename the chrome profile 2017-06-22 16:12:56 +02:00
Robert Swiecki
cd17b43cb0 remove configs/config1.example 2017-06-22 02:28:02 +02:00
Robert Swiecki
de28b4d709 configs: demo policy for chrome 2017-06-22 01:37:18 +02:00
Robert Swiecki
69783dc200 config: max_cpu_num -> max_cpus 2017-06-21 17:52:16 +02:00
Robert Swiecki
89de032187 configs/bash: remove /dev/shm from bash cfg 2017-06-21 03:40:18 +02:00
Robert Swiecki
0c73e84af5 configs: add /dev/shm 2017-06-20 03:14:09 +02:00
Robert Swiecki
be083f6752 config: bind port to config 2017-06-19 23:52:56 +02:00
Robert Swiecki
ceaed43133 config: implement max_cpu_num in PB 2017-06-19 17:05:01 +02:00
Robert Swiecki
88d8570843 configs/bash: set argv[0] 2017-06-12 02:16:27 +02:00
Robert Swiecki
24002c606d configs/home-documents-with-xorg-no-net: add /dev/null 2017-05-29 19:24:14 +02:00
Robert Swiecki
35be622f80 configs:configs/home-documents-with-xorg-no-net Xorg socket as R/W 2017-05-29 19:03:37 +02:00
Robert Swiecki
593943ec3a configs/bash-with-fake-geteuid: block ptrace, fix description 2017-05-29 16:57:04 +02:00
Robert Swiecki
ca245f9cdb configs: typo 2017-05-29 15:01:34 +02:00
Robert Swiecki
6380474301 Simplify mountMount 2017-05-29 03:29:14 +02:00
Robert Swiecki
0271586e81 Get rid of pivot_root_only - achieve the same in different way 2017-05-29 03:11:32 +02:00
Robert Swiecki
285412c4dd configs/bash-with-fake-geteuid set home 2017-05-28 19:22:03 +02:00
Robert Swiecki
9dcb84572d configs/bash-with-fake-geteuid skip_setsid for job control 2017-05-28 19:21:22 +02:00
Robert Swiecki
785852ac22 configs/bash-with-fake-geteuid fancier PS1 2017-05-28 19:20:25 +02:00
Robert Swiecki
9db01ec991 config: implement keep caps 2017-05-28 19:17:48 +02:00
Robert Swiecki
8e00976f49 configs/imagemagick: increase rlimit_as 2017-05-28 17:42:15 +02:00
Robert Swiecki
6495f222ec configs/bash-with-fake-geteuid.cfg set TERM 2017-05-28 17:37:01 +02:00
Robert Swiecki
c42c372043 configs/home-documents-with-xorg-no-net.cfg: increase rlimit_as 2017-05-28 17:32:14 +02:00
Robert Swiecki
2b6cfde887 configs/home-documents-with-xorg-no-net.cfg: increase rlimit_as 2017-05-28 17:30:51 +02:00