woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
358 Commits 2 Branches 0 Tags 1.5 MiB
92939c754e
Commit Graph

52 Commits

Author SHA1 Message Date
Robert Swiecki
92939c754e config: more options in the config #3 2017-05-26 05:12:01 +02:00
Robert Swiecki
c1165cf120 mount: simplify checking for whether source is dir or file 2017-05-24 14:46:44 +02:00
Robert Swiecki
cc5d4b65c9 cgroups: support for PIDs 2017-04-20 17:48:20 +02:00
Robert Swiecki
478d2b3789 cmdline: provide both -v/verbose and -q/quiet for logging 2017-02-14 21:54:02 +01:00
Robert Swiecki
719585ee5a common: good types for uids 2017-02-08 23:21:03 +01:00
Robert Swiecki
4a154733e0 Allow to specify multiple uid/gid maps 2017-02-08 00:36:32 +01:00
Robert Swiecki
c9847562dd Less use of USE_KAFEL 2016-10-17 18:17:08 +02:00
Robert Swiecki
950c91e4dd Allow to use kafel_string 2016-10-12 03:52:08 +02:00
Robert Swiecki
df38185c6f Slight rework of kafel use 2016-10-12 03:15:33 +02:00
Stephen Röttger
f4d43e3336 New option pivot_root_only to support nested namespaces 
If pivot_root_only is setthe chroot in the job setup will be skipped.
 2016-09-30 16:30:59 +02:00
robertswiecki
f995ff9475 Merge pull request #9 from sroettger/newuidmap 
Support more complex uid and gid mappings
 2016-09-30 16:03:33 +02:00
Stephen Röttger
1c950391a1 Support more complex uid and gid mappings 
Introduces the new options uid_mapping and gid_mapping that specify
arbitrary custom mappings. If these options are used, nsjail will
use newuidmap/newgidmap to write the map files.
 2016-09-30 15:30:15 +02:00
robertswiecki
8a63a24981 Merge pull request #8 from sroettger/no_no_new_privs 
new flag to skip no_new_privs: --disable_no_new_privs
 2016-09-30 15:27:07 +02:00
Stephen Röttger
6501357f98 new flag to skip no_new_privs: --disable_no_new_privs 2016-09-30 15:23:04 +02:00
Wiktor Garbacz
551ed4ca05 Kafel support 2016-09-29 16:22:09 +02:00
Robert Swiecki
1dc33c7bcf Remove defer{} calls 2016-07-29 15:38:22 +02:00
Robert Swiecki
432c82bb34 Make it a bit more standards friendly 2016-07-21 15:48:47 +02:00
Robert Swiecki
8a501f4ad6 Conflicting enum types 2016-07-21 15:34:46 +02:00
Jagger
c93d926189 Create sub-cgroups instead of using the parent one 2016-06-19 14:58:18 +02:00
Jagger
e3a351b335 More memory cgroup controls 2016-06-19 13:54:36 +02:00
Jagger
a1f0ec7925 Support for CLONE_NEWCGROUP 2016-06-19 11:55:55 +02:00
Jagger
86ddf16279 Implement --pass_fd 2016-06-18 00:46:57 +02:00
Jagger
73c847fc98 Print /proc/<pid>/syscall upon SIGSYS 2016-05-08 03:09:43 +02:00
Jagger
57a523dd08 Use defer {} instead of DEFER() 2016-04-23 04:22:31 +02:00
Jagger
eff4796c95 Correct (non-resrved) header guards 2016-03-11 02:45:43 +01:00
Jagger
5bd1bca6dd Merge 2016-03-10 22:57:08 +01:00
Jagger
4ae2c027ac Cleaner impl. of DEFER 2016-03-10 22:56:26 +01:00
Robert Swiecki
1d5cccdfce Cleaner defer implementation 2016-03-10 16:01:16 +01:00
Jagger
410b0f1d51 Fix strmerge 2016-03-08 22:40:29 +01:00
Robert Swiecki
833cf5d2c8 Indent 2016-03-08 18:23:26 +01:00
Robert Swiecki
e561dc6bb1 Implement defer() 2016-03-08 18:22:50 +01:00
Robert Swiecki
4cb1c01938 Default values for 'vs' interface 2016-02-29 15:36:31 +01:00
Jagger
d2f47fff92 Add network configuration for the 'vs' interface 2016-02-29 02:51:55 +01:00
Jagger
43983cbb17 Add --iface_lo_up 2016-02-29 00:14:36 +01:00
Jagger
6218fe2336 Implementation of netSystemSbinIp 2016-02-28 23:40:34 +01:00
Robert Swiecki
9852028522 Implement --bindhost 2016-02-25 18:27:48 +01:00
Robert Swiecki
aebc3dba41 Env variables (setting/clearing) 2016-01-26 17:42:10 +01:00
Robert Swiecki
87829e3f6e Implement --skip_setsid 2016-01-25 18:09:32 +01:00
Jagger
d36deb5d0d Use --user x:y notation (not working yet) 2016-01-23 07:05:24 +01:00
Jagger
2765e58c4e Use TAILQ instead of LIST to insert new mount entries at the end 2016-01-09 16:09:05 +01:00
Jamy Timmermans
93abc40dde Add a cwd option 
This way the process being spawned can be in a directory if the
spawner’s choosing (as ling as it’s available in the chroot)
 2015-11-07 13:01:44 +01:00
Jagger
59cedfe10f Use just a single list for mount-points (RO, RW, chroot) 2015-10-17 16:48:30 +02:00
Robert Swiecki
5202a7fc07 Use rlimit64 2015-10-13 19:06:59 +02:00
Jagger
701825970a Implementation of MODE_STANDALONE_EXECVE 2015-08-15 16:02:38 +02:00
JT Olds
2ab390b1c6 Typo fix 2015-07-13 16:37:18 -06:00
Jagger
e3fe2d183c tmpfs_size (size_t) + indent 2015-07-08 00:54:59 +02:00
JT Olds
8841a08dd3 Make tmpfs size configurable 2015-07-07 15:42:25 -06:00
JT Olds
821eb78054 Improve bindmount interface. 
Now supports readonly bindmounts and
differentiating between source and target path.
 2015-07-07 11:52:32 -06:00
Robert Swiecki
8cfa157455 Remove unused struct definition 2015-06-19 16:35:02 +02:00
Jagger
5dfdb470cd Replace self-made list of pointers with queue.h 2015-06-18 03:00:39 +02:00