Robert Swiecki
57ed22dfdf
make indent
2022-06-11 12:08:50 +02:00
Patrick Steinhardt
df21a972b6
nsjail: Optionally forward fatal signals
...
Currently, we always kill children by sending them a SIGKILL signal in
case we've got a fatal signal. This is rather inflexible and forbids
some usecases where e.g. child process listen for specific signals to
shut down gracefully.
Add a new command configuration `--forward_signals` that allows the user
to opt-in to forwarding fatal signals to the child process.
2022-06-05 19:38:32 +02:00
Patrick Steinhardt
a517934aba
subproc: Allow killing subprocesses with different signal
...
`subproc::killAndReapAll()` is always killing the child process with the
SIGKILL signal. We're about to make this configurable though so that we
may optionally forward signals received by nsjail to the child process.
Add a new parameter to `killAndReapAll()` to prepare for this change.
2022-06-05 19:36:50 +02:00
Robert Swiecki
d3ba64756d
nsjail: don't add connections to the proxy map if launching a new process failed
2020-08-30 23:22:22 +02:00
Robert Swiecki
608618ea7b
subproc: kill a process once in the -Ml mode once the TCP connection has ended
2020-08-30 22:02:08 +02:00
Robert Swiecki
fc02a3911c
make indent
2020-08-26 16:09:55 +02:00
borysp
55330be3cc
Fix compilation errors on old gcc (5.4.0)
2020-07-29 15:18:10 +02:00
Robert Swiecki
a378ca0e96
nsjail: don't change cwd during daemon()
2020-04-21 11:25:06 +02:00
Wiktor Garbacz
6eaed88530
Fix format specifier for size_t
2020-03-27 10:19:40 +01:00
Robert Swiecki
6912a2401f
make indent
2020-02-17 20:33:45 +01:00
Wiktor Garbacz
a47123b8a7
fix POLLNVAL in pipeTraffic
2020-02-17 15:57:13 +01:00
Wiktor Garbacz
5c61521295
fix infinite loop in pipeTraffic
2020-02-17 14:40:35 +01:00
Robert Swiecki
2cf562160d
nsjail/pid/subproc: a). keep childrens' PIDs in a map indexed by pid b). correctly fetch remote IPv6 address text
2020-02-16 22:34:19 +01:00
Wiktor Garbacz
273ce6bc84
pipe socket traffic in and out of sandboxee
2020-02-14 17:07:14 +01:00
Robert Swiecki
2c648d5879
nsjail: don't restore console if nsjail runs in background
2019-10-04 00:33:29 +02:00
Robert Swiecki
3a69090a89
nsjail: remove warning about CLONE_NEWUSER
2019-03-29 21:42:05 +01:00
Robert Swiecki
46f463a62c
flush stdin after nsjail ends
2019-03-10 15:00:45 +01:00
Wiktor Garbacz
bb4e77686d
subproc: reap processes after killing
...
Always try to release resources if possible.
Fixes #69
2018-07-27 13:33:39 +02:00
Robert Swiecki
bfd7f1ec78
nsjail: clearer new_proc/reap_proc loop
2018-07-24 00:23:44 +02:00
Robert Swiecki
4c87531bcc
Don't re-run process if previous execution failed
2018-07-23 17:13:17 +02:00
Robert Swiecki
fbf484f933
nsjail: more debug messages
2018-05-28 02:04:03 +02:00
Robert Swiecki
ff63b2ed4f
nsjail: better return values
2018-05-28 01:40:02 +02:00
Robert Swiecki
5643e790fc
nsjail: make listenMode return int
2018-05-26 01:24:58 +02:00
Robert Swiecki
5b7cfc7f00
namespace'ize nsjail.cc
2018-05-25 02:15:47 +02:00
Robert Swiecki
b55875f45e
nsjail: change the owner of struct termios
2018-05-25 02:05:12 +02:00
Robert Swiecki
0b8e927aed
nsjail: save console just before we're prepared to run commands
2018-05-25 01:06:05 +02:00
Robert Swiecki
2470635c7c
nsjail: save and restore console params
2018-05-25 01:04:29 +02:00
Robert Swiecki
c365eb1766
More c++ isms
2018-05-22 14:27:18 +02:00
Robert Swiecki
3ee8555b07
cmdline: create specific funcs for argv and mnt setups
2018-02-17 03:14:54 +01:00
Robert Swiecki
dc5e6676a7
nsjail: ignore SIGTTIN/SIGTTOU
2018-02-15 01:33:33 +01:00
Robert Swiecki
11195999a3
rename ARRAYSIZE to ARR_SZ due to clash with protobufs headers
2018-02-13 16:53:45 +01:00
Robert Swiecki
f8d0e5fda1
cmdline: correctly assign argv to nsjconf->argv
2018-02-12 17:31:45 +01:00
Robert Swiecki
2545fcd3a9
nsjail: free seccomp filter upon nsjail exit
2018-02-12 17:09:45 +01:00
Robert Swiecki
810394cf16
switc all == false cmps to !
2018-02-12 15:17:33 +01:00
Robert Swiecki
1f24e3a900
move sandboxing setup from cmdline to nsjail
2018-02-12 03:11:58 +01:00
Robert Swiecki
7a55ffb3a6
sandbox: convert kafel file/string as std::string
2018-02-10 23:46:15 +01:00
Robert Swiecki
f2a52533be
convert some funcs returning pointers to to TLS to std::string
2018-02-10 21:19:47 +01:00
Robert Swiecki
97278f191b
log: rename log to logs due to clash with glibc's log
2018-02-10 17:49:15 +01:00
Robert Swiecki
4494deffa7
omit keyword 'struct'
2018-02-10 15:50:12 +01:00
Robert Swiecki
1761ed4fdc
move common.h to macros.h
2018-02-10 05:25:55 +01:00
Robert Swiecki
7f72cbd497
all: move to C++
2018-02-09 18:55:42 +01:00
Robert Swiecki
a6c34999f2
util: move to C++
2018-02-09 18:45:50 +01:00
Robert Swiecki
cb6222abdf
net: move to C++
2018-02-09 17:27:28 +01:00
Robert Swiecki
a2daa94722
subproc: move to C++
2018-02-09 17:03:02 +01:00
Robert Swiecki
840b75025c
cmdline: move to C++
2018-02-09 15:44:29 +01:00
Robert Swiecki
0a311af2ad
nsjail: make nsjail.c nsjail.cc
2018-02-08 15:24:17 +01:00