woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,073 Commits 2 Branches 0 Tags 1.5 MiB
ab37bf3b40
Commit Graph

31 Commits

Author SHA1 Message Date
Robert Swiecki
fc02a3911c make indent 2020-08-26 16:09:55 +02:00
Robert Swiecki
f7554882fe make indent 2020-07-09 17:29:02 +02:00
Artur Cygan
74e88d92b4 Stringify CLI-passed paths 2020-07-06 14:38:11 +02:00
Artur Cygan
ba9bd3590d Build-time config of newuidmap and newgidmap paths 2020-06-22 13:42:22 +02:00
Wiktor Garbacz
1111bb135a allow setgroups when using exclusively newgid 2019-11-01 13:42:16 +01:00
Robert Swiecki
9f064737de user: better formatting directives for printf'like functions 2019-09-12 22:21:49 +02:00
Robert Swiecki
4628ded479 Merge branch 'master' of github.com:google/nsjail 2019-07-01 14:52:32 +02:00
Robert Swiecki
d10c9fb90d Disable securebits again to avoid spawned programs unexpectedly retaining capabilities after a UID/GID change 2019-07-01 14:51:32 +02:00
Robert Swiecki
21413c4157 user: typo 2019-06-28 19:08:21 +02:00
Robert Swiecki
317555b687 user: don't fail on setgroup() if not groups were specified 2019-06-28 13:31:43 +02:00
Patrick Steinhardt
91848d22bf user: allow setting multiple groups without user namespaces 
When not using a user namespace, then we'll completely ignore
whether multiple groups have been specified by the user and only set
up the process's GID. With user namespaces, we in fact cannot set up
supplementary groups as we have set up "/proc/self/setgroups" to
deny any call to setgroups(2). But we can do better than that when
not using user namespaces, as we're free to use that syscall.

As nsjail(1) documents that "--group" can be specified multiple
times without mentioning that this won't work with
"--disable_clone_newuser", change the code to make that
constellation work.
 2019-06-20 12:12:16 +02:00
Robert Swiecki
56b99003b4 user: function naming 2019-03-31 15:16:24 +02:00
Robert Swiecki
a2dacef5d7 allow to use nsjail w/o namespaces 2019-03-29 21:38:14 +01:00
Robert Swiecki
061e32839f use util::syscall whenever possible 2019-01-21 22:37:30 +01:00
Robert Swiecki
6a4315f318 More of RETURN_ON_FAILURE 2019-01-01 11:36:02 +01:00
Robert Swiecki
b8798fc9a7 use strtoimax when needed 2018-05-26 13:54:17 +02:00
Robert Swiecki
a42203a6dd user: cons'ifize a var 2018-05-20 23:52:55 +02:00
Robert Swiecki
810394cf16 switc all == false cmps to ! 2018-02-12 15:17:33 +01:00
Robert Swiecki
f1a6b08962 cmdline: simplify string splitting 2018-02-11 14:56:30 +01:00
Robert Swiecki
7b9178f5d7 make indent depend 2018-02-11 04:02:43 +01:00
Robert Swiecki
ac89fbb44f user: simplify creation of uid/gid maps 2018-02-11 04:02:14 +01:00
Robert Swiecki
97278f191b log: rename log to logs due to clash with glibc's log 2018-02-10 17:49:15 +01:00
Robert Swiecki
05304b3ba5 user: remove unnecessary structs 2018-02-10 15:51:47 +01:00
Robert Swiecki
4494deffa7 omit keyword 'struct' 2018-02-10 15:50:12 +01:00
Robert Swiecki
ecd4c32d9a mnt: replace sys/queue with std::vector 2018-02-10 14:38:01 +01:00
Robert Swiecki
1761ed4fdc move common.h to macros.h 2018-02-10 05:25:55 +01:00
Robert Swiecki
93005ef03d nsjail: convert gids/uids to vector of structs 2018-02-10 00:37:23 +01:00
Robert Swiecki
7f72cbd497 all: move to C++ 2018-02-09 18:55:42 +01:00
Robert Swiecki
a6c34999f2 util: move to C++ 2018-02-09 18:45:50 +01:00
Robert Swiecki
15170f9d6c cgroup: move to C++ 2018-02-09 18:13:17 +01:00
Robert Swiecki
27a226ad28 user: move to C++ 2018-02-09 18:08:11 +01:00