woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
631 Commits 2 Branches 0 Tags 1.5 MiB
b7def79d90
Commit Graph

631 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Swiecki
b7def79d90 mount: don't R/O remount mounts which were not mounted (not mandatory) 2017-10-08 01:28:45 +02:00
Robert Swiecki
6d29c196ac common: less const argv 2017-10-08 00:36:13 +02:00
Robert Swiecki
f703d615d8 make indent 2017-10-08 00:17:47 +02:00
Robert Swiecki
c35857cff2 cmdline: use mountAddMountPt in the remaining calls 2017-10-08 00:14:24 +02:00
Robert Swiecki
0541d0dfc3 cmdline/mount: mount proc at the beginning 2017-10-07 23:32:25 +02:00
Robert Swiecki
dc2131cdd1 cmdline: use soft/hard literals instead of def/max for rlimits 2017-10-07 22:36:21 +02:00
Robert Swiecki
5d4f42a729 cmdline: missing flags for --chroot mount point 2017-10-07 22:33:46 +02:00
Robert Swiecki
a39f76924d cmdline: use mountAddMountPt instead of adding structs explicitly 2017-10-07 22:30:19 +02:00
Robert Swiecki
6ada77d4cf cmdline: better errors for setting rlimits 2017-10-07 12:37:26 +02:00
Robert Swiecki
e89a6f0c24 cmdline: 'inf' for rlimits 2017-10-07 12:33:19 +02:00
Robert Swiecki
aac3e112b4 cmdline: descriptions of flags 2017-10-07 12:31:54 +02:00
Robert Swiecki
5597783716 cmdline: implement --really_quiet option 2017-10-07 02:03:51 +02:00
Robert Swiecki
5aa9376b2c config: make argv static to avoid using heap 2017-10-07 01:54:36 +02:00
Robert Swiecki
21d08eaa67 config: make config static so we can get rid of strdup() 2017-10-07 00:18:21 +02:00
Robert Swiecki
a5c3a1823f config.proto: comments 2017-10-06 22:50:32 +02:00
Robert Swiecki
25c6272b56 config: indent 2017-10-06 22:44:55 +02:00
Robert Swiecki
dbc6fab582 config: allow to use soft/hard/inf limits for rlimits 2017-10-06 22:44:27 +02:00
Robert Swiecki
ee3d454457 pid: comment on the ns-init process 2017-10-06 19:42:58 +02:00
Robert Swiecki
0fb8b9379b mount: realpath is not needed as mount will realpath the path 2017-10-03 18:37:34 +02:00
Robert Swiecki
b5305a3c32 .gitignore: ignore config.pb.* 2017-10-01 19:55:36 +02:00
Robert Swiecki
7fa94b8e8c contain: remove unnecessary includes 2017-10-01 19:08:31 +02:00
Robert Swiecki
37dcac6218 user: comments 2017-10-01 19:01:36 +02:00
Robert Swiecki
dfe3bac4ef user: log message 2017-10-01 16:13:17 +02:00
Robert Swiecki
02951e0ac8 user: simplify login when running with --disable_clonew_newuser by using prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_NO_SETUID_FIXUP) 2017-10-01 16:11:46 +02:00
Robert Swiecki
be25a24b5b user: more comments 2017-10-01 15:54:04 +02:00
Robert Swiecki
293a683b14 caps: more comments 2017-10-01 05:49:13 +02:00
Robert Swiecki
6c889e7135 mount: print error when --disable_clone_newns is used but no --chroot was specified 2017-10-01 05:47:10 +02:00
Robert Swiecki
1bdd9843df caps: call prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL) early 2017-10-01 05:38:26 +02:00
Robert Swiecki
c71c996143 Allow for running with --disable_newuser started as root 2017-10-01 05:32:07 +02:00
Robert Swiecki
2b797a19fd mount: allow to use --disable_newuser for root users 2017-10-01 05:16:01 +02:00
Robert Swiecki
769ff19306 mount: remount / as private before doing any new mounts 2017-10-01 04:51:56 +02:00
Robert Swiecki
8aafd1b41b Makefile: correct proto dep, plus some comments in caps.c 2017-10-01 00:06:36 +02:00
Robert Swiecki
7820553cb9 caps: define CAP_AUDIT_READ if not defined 2017-09-30 01:04:35 +02:00
Robert Swiecki
a85f5505d2 caps: missing static function declarator 2017-09-30 00:37:06 +02:00
Robert Swiecki
41e9ea52ba caps: refactor the code to make it readable for the --keep_caps case 2017-09-30 00:36:11 +02:00
Robert Swiecki
d20aa424e0 cap: Don't use -libcap anymore, as it had problems with newer capabilities 2017-09-30 00:05:41 +02:00
Robert Swiecki
5c3963e9a2 cmdline: various fixes of descriptions 2017-09-29 22:18:16 +02:00
Robert Swiecki
280feb1a1a caps: dont' throw warning if CAP_AUDIT_READ is not understood by libcap during reading 2017-09-29 21:31:22 +02:00
Robert Swiecki
59657be88d cmdline: correct description for rlimit_ values 2017-09-29 14:46:03 +02:00
Robert Swiecki
3c0e300794 contain: use setrlimit64 instead of syscall(__NR_prlimit64) 2017-09-29 14:32:39 +02:00
robertswiecki
2d72736aca Merge pull request #46 from ebadi/master 
rlimit64 to getrlimit64
 2017-09-29 14:29:24 +02:00
Hamid Ebadi
cf2b7c78a6 rlimit64 to getrlimit64 2017-09-29 14:11:48 +02:00
Robert Swiecki
c4a57d592d Make it compile (maybe) under uClibc 2017-09-29 13:07:42 +02:00
Robert Swiecki
3ae090dad2 configs: format seccomp policies 2017-09-27 15:49:12 +02:00
Robert Swiecki
88703c9ab5 config: make defaults work correctly 2017-09-27 15:36:05 +02:00
Robert Swiecki
0de9c6de94 readme: better cmd-line for docker 2017-09-27 15:20:36 +02:00
Robert Swiecki
2370624a5f Dockerfile: make it compile with new c++ libprotobuf 2017-09-27 15:18:30 +02:00
Robert Swiecki
f0e38692a8 cmdline: print error after usage and before fatal 2017-09-27 00:47:57 +02:00
Robert Swiecki
7b2b2194ca cmdline: configs/ for --config 2017-09-26 09:30:03 +02:00
Robert Swiecki
de9712befc makefile: missing depend on pb.o 2017-09-25 20:06:09 +02:00