Robert Swiecki
1bdd9843df
caps: call prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL) early
2017-10-01 05:38:26 +02:00
Robert Swiecki
c71c996143
Allow for running with --disable_newuser started as root
2017-10-01 05:32:07 +02:00
Robert Swiecki
2b797a19fd
mount: allow to use --disable_newuser for root users
2017-10-01 05:16:01 +02:00
Robert Swiecki
769ff19306
mount: remount / as private before doing any new mounts
2017-10-01 04:51:56 +02:00
Robert Swiecki
8aafd1b41b
Makefile: correct proto dep, plus some comments in caps.c
2017-10-01 00:06:36 +02:00
Robert Swiecki
7820553cb9
caps: define CAP_AUDIT_READ if not defined
2017-09-30 01:04:35 +02:00
Robert Swiecki
a85f5505d2
caps: missing static function declarator
2017-09-30 00:37:06 +02:00
Robert Swiecki
41e9ea52ba
caps: refactor the code to make it readable for the --keep_caps case
2017-09-30 00:36:11 +02:00
Robert Swiecki
d20aa424e0
cap: Don't use -libcap anymore, as it had problems with newer capabilities
2017-09-30 00:05:41 +02:00
Robert Swiecki
5c3963e9a2
cmdline: various fixes of descriptions
2017-09-29 22:18:16 +02:00
Robert Swiecki
280feb1a1a
caps: dont' throw warning if CAP_AUDIT_READ is not understood by libcap during reading
2017-09-29 21:31:22 +02:00
Robert Swiecki
59657be88d
cmdline: correct description for rlimit_ values
2017-09-29 14:46:03 +02:00
Robert Swiecki
3c0e300794
contain: use setrlimit64 instead of syscall(__NR_prlimit64)
2017-09-29 14:32:39 +02:00
robertswiecki
2d72736aca
Merge pull request #46 from ebadi/master
...
rlimit64 to getrlimit64
2017-09-29 14:29:24 +02:00
Hamid Ebadi
cf2b7c78a6
rlimit64 to getrlimit64
2017-09-29 14:11:48 +02:00
Robert Swiecki
c4a57d592d
Make it compile (maybe) under uClibc
2017-09-29 13:07:42 +02:00
Robert Swiecki
3ae090dad2
configs: format seccomp policies
2017-09-27 15:49:12 +02:00
Robert Swiecki
88703c9ab5
config: make defaults work correctly
2017-09-27 15:36:05 +02:00
Robert Swiecki
0de9c6de94
readme: better cmd-line for docker
2017-09-27 15:20:36 +02:00
Robert Swiecki
2370624a5f
Dockerfile: make it compile with new c++ libprotobuf
2017-09-27 15:18:30 +02:00
Robert Swiecki
f0e38692a8
cmdline: print error after usage and before fatal
2017-09-27 00:47:57 +02:00
Robert Swiecki
7b2b2194ca
cmdline: configs/ for --config
2017-09-26 09:30:03 +02:00
Robert Swiecki
de9712befc
makefile: missing depend on pb.o
2017-09-25 20:06:09 +02:00
Robert Swiecki
9e49e2fa65
makefile: missing depend on pb.o
2017-09-25 20:02:07 +02:00
Robert Swiecki
8a263cd189
indent
2017-09-25 19:54:06 +02:00
Robert Swiecki
9be5520fec
nsjail.c: LOG_F -> LOG_W for disable_clone_newuser
2017-09-25 12:01:44 +02:00
Robert Swiecki
b3546b1a3e
nsjail.c: exit() -> LOG_F(
2017-09-25 12:00:57 +02:00
robertswiecki
c839033fbd
Merge pull request #43 from yoshisatoyanagisawa/master
...
Use 0xff as nsjail error exit status code.
2017-09-25 11:59:39 +02:00
Yoshisato Yanagisawa
1389da4c91
Use 0xff as nsjail error code.
...
For ease of distinguishing errors coming from a program executed by
nsjail and errors from nsjail, let me change nsjail error exit
status code to 0xff instead of 1.
I think most of programs use EXIT_FAILURE (i.e. 1) as a default
error exit status code.
2017-09-25 14:08:22 +09:00
robertswiecki
75853978ea
Merge pull request #42 from ebadi/master
...
Adding the mistakenly removed line to the makefile
2017-09-18 16:57:11 +02:00
hamid
ba7eb4d95f
Adding the mistakenly removed line to the makefile
2017-09-18 16:28:13 +02:00
Robert Swiecki
21a0b09f37
Makefile: -Wno-unused-parameter for older g++
2017-09-18 12:53:42 +02:00
Robert Swiecki
4516cf06af
Makefile: clear -> clean
2017-09-16 18:10:28 +02:00
Robert Swiecki
d8ba88e86b
makefile: proper deps for protos #2
2017-09-16 16:43:01 +02:00
Robert Swiecki
392ed3c3df
makefile: proper deps for protos
2017-09-16 16:39:55 +02:00
Robert Swiecki
5c2d98562c
makefile: deal with .proto better
2017-09-16 00:31:53 +02:00
Robert Swiecki
23bb48c9de
Makefile: remove space
2017-09-15 18:12:18 +02:00
Robert Swiecki
e11423a08d
config.cc: macroize utilStrDup
2017-09-15 16:55:49 +02:00
Robert Swiecki
3012aee202
Updated kafel
2017-09-15 12:50:14 +02:00
Robert Swiecki
3f5711d1a1
Merge branch 'master' of ssh://github.com/google/nsjail
2017-09-14 21:17:57 +02:00
Robert Swiecki
374f6cc4f0
config: Initial work on converting config.c to c++ protobuf lib
...
config: Initial work on converting config.c to c++ protobuf lib #2
config: Initial work on converting config.c to c++ protobuf lib #3
config: Initial work on converting config.c to c++ protobuf lib #4
config: Initial work on converting config.c to c++ protobuf lib #5
config: Initial work on converting config.c to c++ protobuf lib #6
2017-09-14 21:17:38 +02:00
John Vogel
dae05bfd31
Add manual page.
2017-09-14 21:17:08 +02:00
robertswiecki
de92727591
Merge pull request #39 from jvvv/master
...
Add manual page.
2017-08-22 01:36:24 +02:00
John Vogel
55ae71ed8f
Add manual page.
2017-08-19 20:10:56 -04:00
Robert Swiecki
3cb0f088e2
readme
2017-08-13 13:05:33 +02:00
Robert Swiecki
049fffb14f
caps: Bypass for systems which kernel defines CAP_AUDIT_READ but libcap doesn't understand this
2017-07-18 23:00:04 +02:00
robertswiecki
bab2cf1667
Merge pull request #34 from disconnect3d/fix-dockerfile-build
...
Fix dockerfile: add libcap-dev install
2017-07-18 21:32:00 +02:00
disconnect3d
25deba1425
Fix dockerfile: add libcap-dev install
...
Before the fix the build ends up somewhere with:
> sys/capability.h: No such file or directory
2017-07-18 21:19:23 +02:00
Robert Swiecki
cf3525dd49
Makefile: add -D_FILE_OFFSET_BITS=64 to CFLAGS
2017-07-15 15:04:25 +02:00
Robert Swiecki
43e402af06
configs/bash: bring back changed euid for bash
2017-07-13 02:34:18 +02:00