woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
676 Commits 2 Branches 0 Tags 1.5 MiB
94e593eb68
Commit Graph

110 Commits

Author SHA1 Message Date
Robert Swiecki
94e593eb68 subproc: comments around new proc stack 2017-10-19 13:11:41 +02:00
Robert Swiecki
c33b1c87af subproc: typos 2017-10-19 02:32:55 +02:00
Robert Swiecki
123ef0b46b make indent 2017-10-19 02:24:34 +02:00
robertswiecki
064d024f6d Merge pull request #56 from VCTLabs/stack-alignment 
align stack for child process
 2017-10-19 02:22:08 +02:00
Robert Swiecki
9c2f19b972 cmdline: add option --execute_fd and support for it, in order to use execveat() 2017-10-18 17:57:52 +02:00
Robert Swiecki
5ef11f65a4 No need to use '== true' 2017-10-18 15:41:16 +02:00
Robert Swiecki
152d6d68ae simplify includes, remove unneeded, add needed 2017-10-18 14:46:17 +02:00
Robert Swiecki
58d6b3075c Move struct nsjail_t definition to nsjail.h and leave only macros in common.h 2017-10-18 14:27:34 +02:00
Robert Swiecki
1b4577e53f subproc: clear signal handlers in the child process 2017-10-18 12:33:24 +02:00
Robert Swiecki
4ffec405de Makefile: add columnt limit to the indent 2017-10-17 15:22:23 +02:00
Ron Lockwood-Childs
07b5a2a90c align stack for child process 
Fixes "bus error" crashes on aarch64 caused by alignment faults.

On aarch64, the stack pointer needs to be 16-byte aligned; use gcc
builtin macro __BIGGEST_ALIGNMENT__ to specify a stack alignment
suitable for each platform.
 2017-10-17 02:22:58 -07:00
Robert Swiecki
fe234f4830 move VALSTR_STRUCT to common.h 2017-10-08 23:06:40 +02:00
Robert Swiecki
d0afb19431 allow for indentation of more structures (now with clang-format) 2017-10-08 23:03:02 +02:00
Robert Swiecki
74b43346bd make indent 2017-10-08 23:00:45 +02:00
Robert Swiecki
414e999787 switch indent to clang-format completely 2017-10-08 22:52:52 +02:00
Robert Swiecki
23a77f46e9 subproc: print syscall number as decimal 2017-10-08 15:02:41 +02:00
Robert Swiecki
acd8e01060 subproc: print si->si_errno as well as it provides user-supplied value from seccomp-bpf 2017-10-08 12:00:19 +02:00
Robert Swiecki
66f60a78b0 subproc: reorder printing of si->si_syscall #2 2017-10-08 11:55:11 +02:00
Robert Swiecki
24c3be941f subproc: reorder printing of si->si_syscall 2017-10-08 11:53:24 +02:00
Robert Swiecki
809dbbb560 subproc: print si->si_syscall 2017-10-08 11:51:37 +02:00
Robert Swiecki
21d08eaa67 config: make config static so we can get rid of strdup() 2017-10-07 00:18:21 +02:00
Yoshisato Yanagisawa
1389da4c91 Use 0xff as nsjail error code. 
For ease of distinguishing errors coming from a program executed by
nsjail and errors from nsjail, let me change nsjail error exit
status code to 0xff instead of 1.
I think most of programs use EXIT_FAILURE (i.e. 1) as a default
error exit status code.
 2017-09-25 14:08:22 +09:00
Robert Swiecki
374f6cc4f0 config: Initial work on converting config.c to c++ protobuf lib 
config: Initial work on converting config.c to c++ protobuf lib #2

config: Initial work on converting config.c to c++ protobuf lib #3

config: Initial work on converting config.c to c++ protobuf lib #4

config: Initial work on converting config.c to c++ protobuf lib #5

config: Initial work on converting config.c to c++ protobuf lib #6
 2017-09-14 21:17:38 +02:00
Robert Swiecki
86b71f3d1a util: implement utilTimeToStr 2017-06-21 18:46:19 +02:00
Robert Swiecki
fa2796fe65 util: Implement utilSigName() 2017-06-20 00:16:38 +02:00
Robert Swiecki
e7b3be206a Print remote IP when removing task from pool 2017-06-19 18:53:29 +02:00
Robert Swiecki
a55ff63861 make indent 2017-06-11 01:34:20 +02:00
Robert Swiecki
6e21eaa0da subproc: comments 2017-06-09 14:34:01 +02:00
Tony Young
d0261d281d Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd. 2017-06-09 00:00:12 +00:00
Robert Swiecki
4b96046f66 Use subprocCloneFlagsToStr() more 2017-05-22 03:39:22 +02:00
Robert Swiecki
7ab7bd2de4 Set upper value for signals as SIGSYS 2017-05-22 01:15:50 +02:00
Robert Swiecki
0d5befbd6f TLS semantics for subprocCloneFlagsToStr and mountFlagsToStr 2017-05-22 01:10:49 +02:00
Robert Swiecki
2797474557 Print signal in clone flags to str 2017-05-21 21:35:02 +02:00
Robert Swiecki
9509d3740d Make structs for flags printing more const 2017-05-21 19:46:03 +02:00
Robert Swiecki
a60f84d7e2 Add flags printing for clone() 2017-05-21 19:44:54 +02:00
Robert Swiecki
9414b1a635 subproc: print different message if /proc/pid/syscall contains 3 entries only 2017-05-08 15:24:03 +02:00
Robert Swiecki
341832d755 Duplicate logging fd, so it can be used from child process 2017-02-11 20:33:54 +01:00
Robert Swiecki
f990955d9e seccomp syscall printing: various formats of /proc/<pid>/syscall 2017-01-18 22:32:27 +01:00
Robert Swiecki
ae9c1bad9a subproc: logging 2016-11-20 23:55:44 +01:00
Robert Swiecki
78ccfa863a setjmp/longjmp: don't use stack-based jmp_buf, use TLS one 2016-11-03 03:53:52 +01:00
Robert Swiecki
d0a3edd67f log: don't print function name with INFO logs 2016-10-17 15:49:20 +02:00
Robert Swiecki
b1ca8dd1b5 subproc: comments 2016-10-17 15:47:50 +02:00
Robert Swiecki
c3462e2529 Typo: subproccloneFunc -> subprocCloneFunc 2016-10-15 02:58:42 +02:00
Robert Swiecki
2a8faeba7a Make use of subprocClone, plus remove use of syscall(__NR_getpid) 2016-10-15 02:42:01 +02:00
Robert Swiecki
fe7fe8591f Use common subprocSystem for executing commands 2016-10-12 02:01:12 +02:00
Jagger
ee7de33531 Use O_CLOEXEC when possible to avoid leaking FDs 2016-09-10 03:20:32 +02:00
Robert Swiecki
1dc33c7bcf Remove defer{} calls 2016-07-29 15:38:22 +02:00
Robert Swiecki
432c82bb34 Make it a bit more standards friendly 2016-07-21 15:48:47 +02:00
Jagger
e981cbc730 Init cgroups with -Me 2016-06-19 19:36:56 +02:00
Jagger
ac06ff56c9 Remove cgroup before reporting process being finished 2016-06-19 16:02:00 +02:00