Robert Swiecki
|
a2dacef5d7
|
allow to use nsjail w/o namespaces
|
2019-03-29 21:38:14 +01:00 |
|
disconnect3d
|
de872dc6b8
|
Fix #108 - missing cgroup_cpu_mount option setting
|
2019-03-05 16:41:38 -06:00 |
|
Robert Swiecki
|
9b8d91bd7f
|
incrase the default RLIMIT_AS limit to 4GiB. 512MiB is not enough for many payloas, and cgroups should be used for memory limiting anyway
|
2019-02-06 17:06:42 +01:00 |
|
Robert Swiecki
|
91b81f4e7a
|
cmdline: more bried debug output
|
2019-01-20 18:43:42 +01:00 |
|
Robert Swiecki
|
6a4f5c110b
|
make indent
|
2018-12-17 08:46:31 +01:00 |
|
Robert Swiecki
|
432c38ad23
|
cmdline: clarify cgroup_cpu_ms_per_sec
|
2018-12-05 14:35:16 +01:00 |
|
Robert Swiecki
|
6217d27d61
|
mnt: better description for mounts
|
2018-11-22 08:44:25 +01:00 |
|
Robert Swiecki
|
c05b47b3b6
|
cmdline/env: don't set empty envvars
|
2018-10-28 21:03:10 +01:00 |
|
Robert Swiecki
|
c7dd18c612
|
cmdline: add ability to passthrough current envvars
|
2018-10-28 17:15:55 +01:00 |
|
Micky Del Favero
|
303f7ab7f0
|
Remove duplicate code
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
|
2018-10-23 22:24:43 +02:00 |
|
Micky Del Favero
|
233a7296fe
|
Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
|
2018-10-23 15:05:50 +02:00 |
|
Robert Swiecki
|
5bf23a0e58
|
cmdline: more stderr_to_null closer to is_silent
|
2018-06-25 04:10:42 +02:00 |
|
Robert Swiecki
|
272a85477a
|
config: Implement --stderr_to_null
|
2018-06-25 03:12:27 +02:00 |
|
Robert Swiecki
|
72ed4b54a1
|
nsjail.h: missed initialization of keep_env
|
2018-06-12 16:57:19 +02:00 |
|
Robert Swiecki
|
cf9850f944
|
1. Give ability to specify sym-links from the command-line 2. Remove tmpfs_size. -m none:dest:tmpfs:size=..... should be used for this
|
2018-06-12 15:37:30 +02:00 |
|
Robert Swiecki
|
e8e6c1b906
|
make indent depend
|
2018-06-07 18:37:17 +02:00 |
|
Robert Swiecki
|
04627982d0
|
logs: use log file/level immediately
|
2018-06-07 16:51:50 +02:00 |
|
Robert Swiecki
|
15a13e78b8
|
cmdline: remove deprecated options
|
2018-06-01 17:15:47 +02:00 |
|
Robert Swiecki
|
47c8cf7a01
|
net: support owning interfaces with libnl too
|
2018-05-31 14:45:44 +02:00 |
|
Robert Swiecki
|
7d57fc81be
|
cmdline: add iface_own to take ownership of one of the global interfaces
|
2018-05-30 15:26:09 +02:00 |
|
Robert Swiecki
|
0620d7a50c
|
cmdline: name of params
|
2018-05-30 15:03:01 +02:00 |
|
Robert Swiecki
|
ff63b2ed4f
|
nsjail: better return values
|
2018-05-28 01:40:02 +02:00 |
|
Robert Swiecki
|
b8798fc9a7
|
use strtoimax when needed
|
2018-05-26 13:54:17 +02:00 |
|
Robert Swiecki
|
5632b66a5f
|
cmdline: check val value before conversion
|
2018-05-26 00:40:28 +02:00 |
|
Robert Swiecki
|
9ed90812c0
|
better checks for strto*l errors
|
2018-05-25 23:53:11 +02:00 |
|
Robert Swiecki
|
b69b4d15cc
|
cmdline: better description for --seccomp_log
|
2018-05-24 15:21:42 +02:00 |
|
Robert Swiecki
|
48e8634ba5
|
config: add support for seccomp_log
|
2018-05-23 15:38:45 +02:00 |
|
Robert Swiecki
|
4394fa725e
|
sandbox: add support for SECCOMP_FILTER_FLAG_LOG
|
2018-05-23 15:32:45 +02:00 |
|
Robert Swiecki
|
9168ec5948
|
cmdline: add tmp mounts after parsing of cmdline as tmpfs_size can be specified after -T
|
2018-02-20 21:03:22 +01:00 |
|
Robert Swiecki
|
c4a7af980f
|
util: simplify string splitting
|
2018-02-20 14:16:28 +01:00 |
|
Robert Swiecki
|
864b7fc718
|
cmdline: remove tmpfs_size from nsjconf_t
|
2018-02-18 02:47:46 +01:00 |
|
Robert Swiecki
|
3ee8555b07
|
cmdline: create specific funcs for argv and mnt setups
|
2018-02-17 03:14:54 +01:00 |
|
Robert Swiecki
|
9cbe1c57c3
|
cmdline: simpler unique_ptr construction
|
2018-02-16 16:05:26 +01:00 |
|
Robert Swiecki
|
82fb06be4e
|
make it compile under c++11 (e.g. ubuntu trusty)
|
2018-02-16 15:43:03 +01:00 |
|
Robert Swiecki
|
20342ff42d
|
sandbox: missing include
|
2018-02-16 15:24:24 +01:00 |
|
Robert Swiecki
|
4bb874a4fe
|
cmdline: use standard strto*
|
2018-02-16 15:23:02 +01:00 |
|
Robert Swiecki
|
11195999a3
|
rename ARRAYSIZE to ARR_SZ due to clash with protobufs headers
|
2018-02-13 16:53:45 +01:00 |
|
Robert Swiecki
|
f8d0e5fda1
|
cmdline: correctly assign argv to nsjconf->argv
|
2018-02-12 17:31:45 +01:00 |
|
Robert Swiecki
|
2545fcd3a9
|
nsjail: free seccomp filter upon nsjail exit
|
2018-02-12 17:09:45 +01:00 |
|
Robert Swiecki
|
8a22a4abb6
|
convert exec file and argv to string/vector
|
2018-02-12 16:52:05 +01:00 |
|
Robert Swiecki
|
810394cf16
|
switc all == false cmps to !
|
2018-02-12 15:17:33 +01:00 |
|
Robert Swiecki
|
1f24e3a900
|
move sandboxing setup from cmdline to nsjail
|
2018-02-12 03:11:58 +01:00 |
|
Robert Swiecki
|
5f35a0d2e0
|
sandbox: simplify policy parsing
|
2018-02-12 03:05:21 +01:00 |
|
Robert Swiecki
|
d1ffc1b25c
|
mnt: strtol -> std::strtol
|
2018-02-11 23:53:03 +01:00 |
|
Robert Swiecki
|
5a35f00e28
|
mnt: move mnt_t to std::string
|
2018-02-11 23:44:43 +01:00 |
|
Robert Swiecki
|
e6cd9af2ec
|
cmdline: missing TEMP_FAILURE_RETRY
|
2018-02-11 16:55:19 +01:00 |
|
Robert Swiecki
|
5791c8e4db
|
cmdline: allow to mount arbitrary FSes with -m
|
2018-02-11 15:07:24 +01:00 |
|
Robert Swiecki
|
f1a6b08962
|
cmdline: simplify string splitting
|
2018-02-11 14:56:30 +01:00 |
|
Robert Swiecki
|
0513124b4f
|
mnt: convert describeMountPt from const char* to std::string
|
2018-02-11 00:24:43 +01:00 |
|
Robert Swiecki
|
7a55ffb3a6
|
sandbox: convert kafel file/string as std::string
|
2018-02-10 23:46:15 +01:00 |
|