Robert Swiecki
856cb0f2ec
When setting CPU affinity, take into consideration the current CPU
...
affinity set. Use only CPU numbers, which exist in the current affinity
set. Maybe fixes https://github.com/google/nsjail/issues/200
2022-08-04 19:22:33 +02:00
Patrick Steinhardt
df21a972b6
nsjail: Optionally forward fatal signals
...
Currently, we always kill children by sending them a SIGKILL signal in
case we've got a fatal signal. This is rather inflexible and forbids
some usecases where e.g. child process listen for specific signals to
shut down gracefully.
Add a new command configuration `--forward_signals` that allows the user
to opt-in to forwarding fatal signals to the child process.
2022-06-05 19:38:32 +02:00
Michał Kowalczyk
16b4416d75
Add disable_tsc
option
...
Implemented via prctl(PR_SET_TSC, PR_TSC_SIGSEGV, ...).
2022-02-17 23:53:13 +01:00
Philip
bf93e8a25d
cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max
2021-11-01 10:28:41 +01:00
Johan Kartiwa
29a556068a
Add support for setting cgroup memory.memsw.limit_in_bytes
2021-10-11 15:46:36 +02:00
Wiktor Garbacz
4136dd50d8
Merge branch 'use_switchroot'
2021-08-03 17:44:57 +02:00
Eli Zrihen
b83d6f7421
Renaming use_switchroot option with no_pivotroot
2021-07-20 15:45:58 +03:00
Eli Zrihen
0f903ba9a0
Added rt, memlock & msgq limits
2021-07-19 17:21:34 +03:00
Eli Zrihen
dab1713ac9
Added use_switchroot option
2021-06-17 14:57:01 +03:00
Eli Zrihen
5c8b3835b7
MACVLAN modes support
2021-06-16 16:59:12 +03:00
Robert Swiecki
056809ed3b
Initial support for CLONE_NEWTIME
2021-05-11 14:48:45 +02:00
Philip Papurt
32f2287fbb
net: add support for max_conns
2021-02-09 17:13:35 -05:00
Robert Swiecki
608618ea7b
subproc: kill a process once in the -Ml mode once the TCP connection has ended
2020-08-30 22:02:08 +02:00
Wiktor Garbacz
a47123b8a7
fix POLLNVAL in pipeTraffic
2020-02-17 15:57:13 +01:00
Robert Swiecki
2cf562160d
nsjail/pid/subproc: a). keep childrens' PIDs in a map indexed by pid b). correctly fetch remote IPv6 address text
2020-02-16 22:34:19 +01:00
Wiktor Garbacz
273ce6bc84
pipe socket traffic in and out of sandboxee
2020-02-14 17:07:14 +01:00
Jay Lees
86293b052e
Add flag to disable rlimits
2019-08-05 03:25:22 -07:00
Jay Lees
08f62b6f76
[cgroup-v2] support cgroup v2 for mem, cpu and pids
2019-07-26 07:02:17 -07:00
Robert Swiecki
494a5f63cd
Add nice_level to cmd-line/config options
2019-06-30 21:50:56 +02:00
Robert Swiecki
a2dacef5d7
allow to use nsjail w/o namespaces
2019-03-29 21:38:14 +01:00
Wiktor Garbacz
7fe87b41c7
code formatting
2018-10-24 10:31:14 +02:00
Micky Del Favero
233a7296fe
Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.
...
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
2018-10-23 15:05:50 +02:00
Robert Swiecki
5bf23a0e58
cmdline: more stderr_to_null closer to is_silent
2018-06-25 04:10:42 +02:00
Robert Swiecki
272a85477a
config: Implement --stderr_to_null
2018-06-25 03:12:27 +02:00
Robert Swiecki
04627982d0
logs: use log file/level immediately
2018-06-07 16:51:50 +02:00
Robert Swiecki
7d57fc81be
cmdline: add iface_own to take ownership of one of the global interfaces
2018-05-30 15:26:09 +02:00
Robert Swiecki
b8798fc9a7
use strtoimax when needed
2018-05-26 13:54:17 +02:00
Robert Swiecki
4394fa725e
sandbox: add support for SECCOMP_FILTER_FLAG_LOG
2018-05-23 15:32:45 +02:00
Robert Swiecki
864b7fc718
cmdline: remove tmpfs_size from nsjconf_t
2018-02-18 02:47:46 +01:00
Robert Swiecki
dc5e6676a7
nsjail: ignore SIGTTIN/SIGTTOU
2018-02-15 01:33:33 +01:00
Robert Swiecki
8a22a4abb6
convert exec file and argv to string/vector
2018-02-12 16:52:05 +01:00
Robert Swiecki
5a35f00e28
mnt: move mnt_t to std::string
2018-02-11 23:44:43 +01:00
Robert Swiecki
7b9178f5d7
make indent depend
2018-02-11 04:02:43 +01:00
Robert Swiecki
d875f23ae0
cgroup: switch const char* to std::string
2018-02-11 03:39:07 +01:00
Robert Swiecki
55e8e09c4a
net: convert net::connToText to std::string
2018-02-11 00:17:44 +01:00
Robert Swiecki
7a55ffb3a6
sandbox: convert kafel file/string as std::string
2018-02-10 23:46:15 +01:00
Robert Swiecki
de3f1371f0
convert proc_path to std::string
2018-02-10 20:16:17 +01:00
Robert Swiecki
b691b8796c
nsjail: iface_no_lo -> iface_lo
2018-02-10 18:22:51 +01:00
Robert Swiecki
7bddb40d87
net: move all iface_vs* options from char* to std::string
2018-02-10 18:18:40 +01:00
Robert Swiecki
97278f191b
log: rename log to logs due to clash with glibc's log
2018-02-10 17:49:15 +01:00
Robert Swiecki
ecd4c32d9a
mnt: replace sys/queue with std::vector
2018-02-10 14:38:01 +01:00
Robert Swiecki
1761ed4fdc
move common.h to macros.h
2018-02-10 05:25:55 +01:00
Robert Swiecki
381e6a1af7
nsjail: move pids queue to a vector
2018-02-10 05:13:25 +01:00
Robert Swiecki
c34b52ab78
nsjail: convert a couple of struct fields to std::string
2018-02-10 04:10:18 +01:00
Robert Swiecki
93005ef03d
nsjail: convert gids/uids to vector of structs
2018-02-10 00:37:23 +01:00
Robert Swiecki
9399373ee7
nsjail: envs to vector of strings
2018-02-09 23:04:57 +01:00
Robert Swiecki
63eb13ecde
nsjail: move openfd from queue to vector
2018-02-09 22:47:00 +01:00
Robert Swiecki
d1d310e70f
nsjail: convert caps from queue to vector
2018-02-09 22:35:33 +01:00
Robert Swiecki
7f72cbd497
all: move to C++
2018-02-09 18:55:42 +01:00
Robert Swiecki
0a311af2ad
nsjail: make nsjail.c nsjail.cc
2018-02-08 15:24:17 +01:00