Tony Young
c55dc8cb12
Add an extra log_fd argument to specify an FD to log to.
...
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
2017-06-11 22:12:18 +00:00
Robert Swiecki
a55ff63861
make indent
2017-06-11 01:34:20 +02:00
Robert Swiecki
b5d3bf64cb
contain: use open('abc', O_DIRECTORY|O_CLOEXEC) instead of opendir()
2017-06-09 14:40:44 +02:00
Robert Swiecki
6e21eaa0da
subproc: comments
2017-06-09 14:34:01 +02:00
robertswiecki
fbf5b76ef8
Merge pull request #22 from rfw/master
...
Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd.
2017-06-09 13:55:22 +02:00
Tony Young
d0261d281d
Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd.
2017-06-09 00:00:12 +00:00
robertswiecki
6937798743
Merge pull request #21 from yoshisatoyanagisawa/fix_dockerfile
...
Fix Dockerfile to make it built with current Makefile.
2017-06-02 14:31:05 +02:00
Yoshisato Yanagisawa
91737713c4
add --privileged to docker command.
...
To run this program, you need --privileged for mounting
/tmp/nsjail.root.
2017-06-02 18:07:32 +09:00
Yoshisato Yanagisawa
611a17f96f
Fix Dockerfile to make it built with current Makefile.
2017-06-02 14:54:55 +09:00
Robert Swiecki
24002c606d
configs/home-documents-with-xorg-no-net: add /dev/null
2017-05-29 19:24:14 +02:00
Robert Swiecki
35be622f80
configs:configs/home-documents-with-xorg-no-net Xorg socket as R/W
2017-05-29 19:03:37 +02:00
Robert Swiecki
311473d723
Readme
2017-05-29 18:08:23 +02:00
Robert Swiecki
4cd3b29cb6
Merge branch 'master' of github.com:google/nsjail
2017-05-29 18:02:58 +02:00
Robert Swiecki
33bc550bed
Readm
2017-05-29 18:02:47 +02:00
Robert Swiecki
1e2d1b8a2b
Makefile: clean removes pb-c generated files
2017-05-29 17:00:19 +02:00
Robert Swiecki
593943ec3a
configs/bash-with-fake-geteuid: block ptrace, fix description
2017-05-29 16:57:04 +02:00
Robert Swiecki
9519f1038b
mount: introduce mountDescribeMountPt
2017-05-29 16:52:24 +02:00
Robert Swiecki
aeb2e998b8
mount: mount src_content files from other tmpfs, to avoid shadowing / of the root tmpfs with some other FS
2017-05-29 16:39:08 +02:00
Robert Swiecki
cae0c4a7f5
Makefile: make compiling with libprotobuf-c more robust under different systems
2017-05-29 16:22:31 +02:00
Robert Swiecki
9e288fb6dc
Better compilation rules for protobuf-c-text
2017-05-29 15:29:21 +02:00
Robert Swiecki
ca245f9cdb
configs: typo
2017-05-29 15:01:34 +02:00
Robert Swiecki
f84d20632d
mount: remove tmp file after use
2017-05-29 04:50:29 +02:00
Robert Swiecki
6380474301
Simplify mountMount
2017-05-29 03:29:14 +02:00
Robert Swiecki
0271586e81
Get rid of pivot_root_only - achieve the same in different way
2017-05-29 03:11:32 +02:00
Robert Swiecki
ec2a414442
Makefile: simplify kafel and protobuf-c-text building rules
2017-05-29 00:29:52 +02:00
Robert Swiecki
3e99703df2
Makefile: Use -fPIC when compiling protobuf-c-text
2017-05-28 19:57:25 +02:00
Robert Swiecki
6085e898cf
Makefile: autogen.sh protobuf-c-text once only
2017-05-28 19:30:34 +02:00
Robert Swiecki
285412c4dd
configs/bash-with-fake-geteuid set home
2017-05-28 19:22:03 +02:00
Robert Swiecki
9dcb84572d
configs/bash-with-fake-geteuid skip_setsid for job control
2017-05-28 19:21:22 +02:00
Robert Swiecki
785852ac22
configs/bash-with-fake-geteuid fancier PS1
2017-05-28 19:20:25 +02:00
Robert Swiecki
9db01ec991
config: implement keep caps
2017-05-28 19:17:48 +02:00
Robert Swiecki
d92952a02f
Readme
2017-05-28 19:07:01 +02:00
Robert Swiecki
6f79ea7a97
Readme
2017-05-28 19:01:53 +02:00
Robert Swiecki
0b30240e2e
util: remove utilStrDupLen as it was unused
2017-05-28 18:59:50 +02:00
Robert Swiecki
c510f98187
Makefile: also clean protobuf-c-text
2017-05-28 18:58:47 +02:00
Robert Swiecki
dce9e73fce
Ini
2017-05-28 18:51:50 +02:00
Robert Swiecki
9c72e834dd
Pass CFLAGS to protobuf-c-text
2017-05-28 18:46:38 +02:00
Robert Swiecki
5972d34d18
Makefile: remove stack-protector from CFLAGS
2017-05-28 18:37:50 +02:00
Robert Swiecki
8e00976f49
configs/imagemagick: increase rlimit_as
2017-05-28 17:42:15 +02:00
Robert Swiecki
6495f222ec
configs/bash-with-fake-geteuid.cfg set TERM
2017-05-28 17:37:01 +02:00
Robert Swiecki
c42c372043
configs/home-documents-with-xorg-no-net.cfg: increase rlimit_as
2017-05-28 17:32:14 +02:00
Robert Swiecki
2b6cfde887
configs/home-documents-with-xorg-no-net.cfg: increase rlimit_as
2017-05-28 17:30:51 +02:00
Robert Swiecki
7b2fc9cdac
add configs/firefox-with-cloned-net.cfg
2017-05-28 16:56:16 +02:00
Robert Swiecki
857b9901f5
configs: smaller profile for xorg tools
2017-05-28 15:27:13 +02:00
Robert Swiecki
3443d19054
configs: set cwd to /usr
2017-05-28 15:15:48 +02:00
Robert Swiecki
1df9e9d2e1
mount: fewer warnings in a mount pt is non-mandatory #2
2017-05-28 14:53:16 +02:00
Robert Swiecki
adc14c6f18
mount: fewer warnings in a mount pt is non-mandatory
2017-05-28 14:51:09 +02:00
Robert Swiecki
f7146e1e6d
protobuf-c-text: compile with -fPIC
2017-05-28 14:41:03 +02:00
Robert Swiecki
ffe865934b
makefile: incorrect libprotobuf-c check
2017-05-28 14:34:28 +02:00
Robert Swiecki
0585f0819d
configs/firefox: add /usr/bin/firefox bind mount
2017-05-28 03:30:27 +02:00