Robert Swiecki
b120acd5b5
make indent depend
2019-08-04 09:50:34 +02:00
Jay Lees
08f62b6f76
[cgroup-v2] support cgroup v2 for mem, cpu and pids
2019-07-26 07:02:17 -07:00
Robert Swiecki
494a5f63cd
Add nice_level to cmd-line/config options
2019-06-30 21:50:56 +02:00
Robert Swiecki
317555b687
user: don't fail on setgroup() if not groups were specified
2019-06-28 13:31:43 +02:00
Robert Swiecki
1f022a2187
config.proto: Exe.path is required
2019-04-01 22:43:17 +02:00
Robert Swiecki
2b1bad6b5b
cmdline: allow to override config cmdline with cmdline cmdline
2019-03-30 16:10:14 +01:00
Robert Swiecki
9fe225dbe2
mnt: use /run/usr/<uid> first when mounting dirs
2019-03-18 16:37:04 +01:00
Robert Swiecki
8059747016
subproc: save/restore errno when printing error message twice
2019-03-12 17:07:24 +01:00
Robert Swiecki
9b8d91bd7f
incrase the default RLIMIT_AS limit to 4GiB. 512MiB is not enough for many payloas, and cgroups should be used for memory limiting anyway
2019-02-06 17:06:42 +01:00
Robert Swiecki
432c38ad23
cmdline: clarify cgroup_cpu_ms_per_sec
2018-12-05 14:35:16 +01:00
Robert Swiecki
ddd515e890
config.proto: renumber the fields
2018-11-08 07:09:41 +01:00
Robert Swiecki
625e36f912
config.proto: comments
2018-11-06 17:30:04 +01:00
Robert Swiecki
c7dd18c612
cmdline: add ability to passthrough current envvars
2018-10-28 17:15:55 +01:00
Wiktor Garbacz
7fe87b41c7
code formatting
2018-10-24 10:31:14 +02:00
Micky Del Favero
303f7ab7f0
Remove duplicate code
...
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
2018-10-23 22:24:43 +02:00
Micky Del Favero
233a7296fe
Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.
...
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
2018-10-23 15:05:50 +02:00
Disconnect3d
760350d788
Update config.proto
2018-07-31 23:10:05 +02:00
Disconnect3d
755626f543
Update config.proto
2018-07-31 23:09:24 +02:00
Wiktor Garbacz
ba14675185
mnt: added nosuid/nodev/noexec flags to config
...
Closes #70
2018-07-27 11:29:15 +02:00
Robert Swiecki
272a85477a
config: Implement --stderr_to_null
2018-06-25 03:12:27 +02:00
Robert Swiecki
111481532b
config: add --iface_own to the proto config
2018-06-03 03:19:40 +02:00
Robert Swiecki
48e8634ba5
config: add support for seccomp_log
2018-05-23 15:38:45 +02:00
Robert Swiecki
0e4f623456
config.proto: deprecated --chroot and friends
2018-04-29 00:51:55 +02:00
Robert Swiecki
5a35f00e28
mnt: move mnt_t to std::string
2018-02-11 23:44:43 +01:00
Robert Swiecki
3ee825c4aa
cgroups: add support for CPU cgroup
2018-02-04 04:15:19 +01:00
Robert Swiecki
e2f96f6019
config.proto: comment on skip_setsid
2017-11-02 13:08:08 +01:00
Robert Swiecki
3734b8801f
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config
2017-10-26 16:16:05 +02:00
Robert Swiecki
659bbd1b4a
config.proto: reflow field numbering
2017-10-26 00:35:59 +02:00
Robert Swiecki
082b3821bb
Makefile/indent: add clang-format for proto
2017-10-26 00:34:32 +02:00
YAMAMOTO Masaya
315b3837b4
Support cgroup net_cls subsystem
2017-10-25 17:15:03 +09:00
Robert Swiecki
9c2f19b972
cmdline: add option --execute_fd and support for it, in order to use execveat()
2017-10-18 17:57:52 +02:00
Robert Swiecki
c56ec493fb
config.proto: reflow numbering of fields
2017-10-08 22:50:06 +02:00
Robert Swiecki
a5c3a1823f
config.proto: comments
2017-10-06 22:50:32 +02:00
Robert Swiecki
25c6272b56
config: indent
2017-10-06 22:44:55 +02:00
Robert Swiecki
dbc6fab582
config: allow to use soft/hard/inf limits for rlimits
2017-10-06 22:44:27 +02:00
Robert Swiecki
88703c9ab5
config: make defaults work correctly
2017-09-27 15:36:05 +02:00
Robert Swiecki
374f6cc4f0
config: Initial work on converting config.c to c++ protobuf lib
...
config: Initial work on converting config.c to c++ protobuf lib #2
config: Initial work on converting config.c to c++ protobuf lib #3
config: Initial work on converting config.c to c++ protobuf lib #4
config: Initial work on converting config.c to c++ protobuf lib #5
config: Initial work on converting config.c to c++ protobuf lib #6
2017-09-14 21:17:38 +02:00
Robert Swiecki
7226893b12
config: bind caps
2017-07-06 01:12:13 +02:00
Robert Swiecki
39ce9d22a7
caps: just local caps
2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f
caps: simplify capability operations
2017-07-05 15:57:07 +02:00
Robert Swiecki
e86598c544
config.proto: reflow field numbering to make it sequential
2017-07-02 00:20:35 +02:00
Robert Swiecki
e4aba73385
Allow to create symlinks
2017-06-29 00:32:20 +02:00
Robert Swiecki
69783dc200
config: max_cpu_num -> max_cpus
2017-06-21 17:52:16 +02:00
Robert Swiecki
ceaed43133
config: implement max_cpu_num in PB
2017-06-19 17:05:01 +02:00
Robert Swiecki
f203669d25
config: give ability to override argv[0]
2017-06-12 02:14:18 +02:00
Robert Swiecki
3e30c8e4d2
config.proto: clang-format
2017-06-12 02:08:16 +02:00
Robert Swiecki
63e4059f7a
Slight fixes to log_fd
2017-06-12 00:27:27 +02:00
Tony Young
c55dc8cb12
Add an extra log_fd argument to specify an FD to log to.
...
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
2017-06-11 22:12:18 +00:00
Robert Swiecki
0271586e81
Get rid of pivot_root_only - achieve the same in different way
2017-05-29 03:11:32 +02:00
Robert Swiecki
9db01ec991
config: implement keep caps
2017-05-28 19:17:48 +02:00