Robert Swiecki
|
b7def79d90
|
mount: don't R/O remount mounts which were not mounted (not mandatory)
|
2017-10-08 01:28:45 +02:00 |
|
Robert Swiecki
|
6d29c196ac
|
common: less const argv
|
2017-10-08 00:36:13 +02:00 |
|
Robert Swiecki
|
f703d615d8
|
make indent
|
2017-10-08 00:17:47 +02:00 |
|
Robert Swiecki
|
c35857cff2
|
cmdline: use mountAddMountPt in the remaining calls
|
2017-10-08 00:14:24 +02:00 |
|
Robert Swiecki
|
0541d0dfc3
|
cmdline/mount: mount proc at the beginning
|
2017-10-07 23:32:25 +02:00 |
|
Robert Swiecki
|
dc2131cdd1
|
cmdline: use soft/hard literals instead of def/max for rlimits
|
2017-10-07 22:36:21 +02:00 |
|
Robert Swiecki
|
5d4f42a729
|
cmdline: missing flags for --chroot mount point
|
2017-10-07 22:33:46 +02:00 |
|
Robert Swiecki
|
a39f76924d
|
cmdline: use mountAddMountPt instead of adding structs explicitly
|
2017-10-07 22:30:19 +02:00 |
|
Robert Swiecki
|
6ada77d4cf
|
cmdline: better errors for setting rlimits
|
2017-10-07 12:37:26 +02:00 |
|
Robert Swiecki
|
e89a6f0c24
|
cmdline: 'inf' for rlimits
|
2017-10-07 12:33:19 +02:00 |
|
Robert Swiecki
|
aac3e112b4
|
cmdline: descriptions of flags
|
2017-10-07 12:31:54 +02:00 |
|
Robert Swiecki
|
5597783716
|
cmdline: implement --really_quiet option
|
2017-10-07 02:03:51 +02:00 |
|
Robert Swiecki
|
5aa9376b2c
|
config: make argv static to avoid using heap
|
2017-10-07 01:54:36 +02:00 |
|
Robert Swiecki
|
21d08eaa67
|
config: make config static so we can get rid of strdup()
|
2017-10-07 00:18:21 +02:00 |
|
Robert Swiecki
|
a5c3a1823f
|
config.proto: comments
|
2017-10-06 22:50:32 +02:00 |
|
Robert Swiecki
|
25c6272b56
|
config: indent
|
2017-10-06 22:44:55 +02:00 |
|
Robert Swiecki
|
dbc6fab582
|
config: allow to use soft/hard/inf limits for rlimits
|
2017-10-06 22:44:27 +02:00 |
|
Robert Swiecki
|
ee3d454457
|
pid: comment on the ns-init process
|
2017-10-06 19:42:58 +02:00 |
|
Robert Swiecki
|
0fb8b9379b
|
mount: realpath is not needed as mount will realpath the path
|
2017-10-03 18:37:34 +02:00 |
|
Robert Swiecki
|
b5305a3c32
|
.gitignore: ignore config.pb.*
|
2017-10-01 19:55:36 +02:00 |
|
Robert Swiecki
|
7fa94b8e8c
|
contain: remove unnecessary includes
|
2017-10-01 19:08:31 +02:00 |
|
Robert Swiecki
|
37dcac6218
|
user: comments
|
2017-10-01 19:01:36 +02:00 |
|
Robert Swiecki
|
dfe3bac4ef
|
user: log message
|
2017-10-01 16:13:17 +02:00 |
|
Robert Swiecki
|
02951e0ac8
|
user: simplify login when running with --disable_clonew_newuser by using prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_NO_SETUID_FIXUP)
|
2017-10-01 16:11:46 +02:00 |
|
Robert Swiecki
|
be25a24b5b
|
user: more comments
|
2017-10-01 15:54:04 +02:00 |
|
Robert Swiecki
|
293a683b14
|
caps: more comments
|
2017-10-01 05:49:13 +02:00 |
|
Robert Swiecki
|
6c889e7135
|
mount: print error when --disable_clone_newns is used but no --chroot was specified
|
2017-10-01 05:47:10 +02:00 |
|
Robert Swiecki
|
1bdd9843df
|
caps: call prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL) early
|
2017-10-01 05:38:26 +02:00 |
|
Robert Swiecki
|
c71c996143
|
Allow for running with --disable_newuser started as root
|
2017-10-01 05:32:07 +02:00 |
|
Robert Swiecki
|
2b797a19fd
|
mount: allow to use --disable_newuser for root users
|
2017-10-01 05:16:01 +02:00 |
|
Robert Swiecki
|
769ff19306
|
mount: remount / as private before doing any new mounts
|
2017-10-01 04:51:56 +02:00 |
|
Robert Swiecki
|
8aafd1b41b
|
Makefile: correct proto dep, plus some comments in caps.c
|
2017-10-01 00:06:36 +02:00 |
|
Robert Swiecki
|
7820553cb9
|
caps: define CAP_AUDIT_READ if not defined
|
2017-09-30 01:04:35 +02:00 |
|
Robert Swiecki
|
a85f5505d2
|
caps: missing static function declarator
|
2017-09-30 00:37:06 +02:00 |
|
Robert Swiecki
|
41e9ea52ba
|
caps: refactor the code to make it readable for the --keep_caps case
|
2017-09-30 00:36:11 +02:00 |
|
Robert Swiecki
|
d20aa424e0
|
cap: Don't use -libcap anymore, as it had problems with newer capabilities
|
2017-09-30 00:05:41 +02:00 |
|
Robert Swiecki
|
5c3963e9a2
|
cmdline: various fixes of descriptions
|
2017-09-29 22:18:16 +02:00 |
|
Robert Swiecki
|
280feb1a1a
|
caps: dont' throw warning if CAP_AUDIT_READ is not understood by libcap during reading
|
2017-09-29 21:31:22 +02:00 |
|
Robert Swiecki
|
59657be88d
|
cmdline: correct description for rlimit_ values
|
2017-09-29 14:46:03 +02:00 |
|
Robert Swiecki
|
3c0e300794
|
contain: use setrlimit64 instead of syscall(__NR_prlimit64)
|
2017-09-29 14:32:39 +02:00 |
|
robertswiecki
|
2d72736aca
|
Merge pull request #46 from ebadi/master
rlimit64 to getrlimit64
|
2017-09-29 14:29:24 +02:00 |
|
Hamid Ebadi
|
cf2b7c78a6
|
rlimit64 to getrlimit64
|
2017-09-29 14:11:48 +02:00 |
|
Robert Swiecki
|
c4a57d592d
|
Make it compile (maybe) under uClibc
|
2017-09-29 13:07:42 +02:00 |
|
Robert Swiecki
|
3ae090dad2
|
configs: format seccomp policies
|
2017-09-27 15:49:12 +02:00 |
|
Robert Swiecki
|
88703c9ab5
|
config: make defaults work correctly
|
2017-09-27 15:36:05 +02:00 |
|
Robert Swiecki
|
0de9c6de94
|
readme: better cmd-line for docker
|
2017-09-27 15:20:36 +02:00 |
|
Robert Swiecki
|
2370624a5f
|
Dockerfile: make it compile with new c++ libprotobuf
|
2017-09-27 15:18:30 +02:00 |
|
Robert Swiecki
|
f0e38692a8
|
cmdline: print error after usage and before fatal
|
2017-09-27 00:47:57 +02:00 |
|
Robert Swiecki
|
7b2b2194ca
|
cmdline: configs/ for --config
|
2017-09-26 09:30:03 +02:00 |
|
Robert Swiecki
|
de9712befc
|
makefile: missing depend on pb.o
|
2017-09-25 20:06:09 +02:00 |
|