Robert Swiecki
0c73e84af5
configs: add /dev/shm
2017-06-20 03:14:09 +02:00
Robert Swiecki
fa2796fe65
util: Implement utilSigName()
2017-06-20 00:16:38 +02:00
Robert Swiecki
40a472a77e
net: better log_d
2017-06-19 23:59:29 +02:00
Robert Swiecki
a8c80f1b0a
net: additional log_d for IPv4 -> IPv6 conversion
2017-06-19 23:57:31 +02:00
Robert Swiecki
be083f6752
config: bind port to config
2017-06-19 23:52:56 +02:00
Robert Swiecki
73f1d44c92
Allow to use IPv4 addr with --bindhost
2017-06-19 22:35:57 +02:00
Robert Swiecki
4f1a6aead2
index.md
2017-06-19 20:28:48 +02:00
Robert Swiecki
ed2bb8a46a
cpu: warning about no of cpus
2017-06-19 19:11:53 +02:00
Robert Swiecki
e7b3be206a
Print remote IP when removing task from pool
2017-06-19 18:53:29 +02:00
Robert Swiecki
ee60565462
cpu: free cpu mask
2017-06-19 17:07:50 +02:00
Robert Swiecki
ceaed43133
config: implement max_cpu_num in PB
2017-06-19 17:05:01 +02:00
Robert Swiecki
0e7393cccf
cmdline: implement affinity setting, to limit jailed process to n max cpus
2017-06-19 17:01:50 +02:00
robertswiecki
dbdeba6ea4
Update README.md
2017-06-16 12:00:11 +02:00
robertswiecki
ed2bf6ee28
Update README.md
2017-06-16 11:55:15 +02:00
Robert Swiecki
54da7fca11
-Me: set PR_SET_DUMPABLE,0 for the init
2017-06-14 02:21:53 +02:00
Robert Swiecki
b67ea2272f
Me mode: make init reap zombie processes
2017-06-14 02:19:03 +02:00
Robert Swiecki
4c9c70e763
Merge branch 'master' of ssh://github.com/google/nsjail
2017-06-14 02:15:19 +02:00
Robert Swiecki
5f56fe5b8f
Me mode: make init reap zombie processes
2017-06-14 02:15:11 +02:00
robertswiecki
7812e3597a
Merge pull request #25 from cstrouse/dockerfile-enhancements
...
Refactor using current official Dockerfile best practices
2017-06-13 17:06:47 +02:00
Casey Strouse
76c7a23e65
Refactor using current official Dockerfile best practices
...
Implement best practices for Dockerfiles as per the official
documentation:
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
Reduces image size from 451.6MB to 404.9MB.
2017-06-12 19:50:55 -07:00
Robert Swiecki
1dd3223b74
iface -> iface_vs
2017-06-12 22:20:21 +02:00
Robert Swiecki
88d8570843
configs/bash: set argv[0]
2017-06-12 02:16:27 +02:00
Robert Swiecki
f203669d25
config: give ability to override argv[0]
2017-06-12 02:14:18 +02:00
Robert Swiecki
3e30c8e4d2
config.proto: clang-format
2017-06-12 02:08:16 +02:00
Robert Swiecki
63e4059f7a
Slight fixes to log_fd
2017-06-12 00:27:27 +02:00
robertswiecki
d20f53e333
Merge pull request #24 from rfw/master
...
Add an extra log_fd argument to specify an FD to log to.
2017-06-12 00:22:13 +02:00
Tony Young
c55dc8cb12
Add an extra log_fd argument to specify an FD to log to.
...
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
2017-06-11 22:12:18 +00:00
Robert Swiecki
a55ff63861
make indent
2017-06-11 01:34:20 +02:00
Robert Swiecki
b5d3bf64cb
contain: use open('abc', O_DIRECTORY|O_CLOEXEC) instead of opendir()
2017-06-09 14:40:44 +02:00
Robert Swiecki
6e21eaa0da
subproc: comments
2017-06-09 14:34:01 +02:00
robertswiecki
fbf5b76ef8
Merge pull request #22 from rfw/master
...
Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd.
2017-06-09 13:55:22 +02:00
Tony Young
d0261d281d
Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd.
2017-06-09 00:00:12 +00:00
robertswiecki
6937798743
Merge pull request #21 from yoshisatoyanagisawa/fix_dockerfile
...
Fix Dockerfile to make it built with current Makefile.
2017-06-02 14:31:05 +02:00
Yoshisato Yanagisawa
91737713c4
add --privileged to docker command.
...
To run this program, you need --privileged for mounting
/tmp/nsjail.root.
2017-06-02 18:07:32 +09:00
Yoshisato Yanagisawa
611a17f96f
Fix Dockerfile to make it built with current Makefile.
2017-06-02 14:54:55 +09:00
Robert Swiecki
24002c606d
configs/home-documents-with-xorg-no-net: add /dev/null
2017-05-29 19:24:14 +02:00
Robert Swiecki
35be622f80
configs:configs/home-documents-with-xorg-no-net Xorg socket as R/W
2017-05-29 19:03:37 +02:00
Robert Swiecki
311473d723
Readme
2017-05-29 18:08:23 +02:00
Robert Swiecki
4cd3b29cb6
Merge branch 'master' of github.com:google/nsjail
2017-05-29 18:02:58 +02:00
Robert Swiecki
33bc550bed
Readm
2017-05-29 18:02:47 +02:00
Robert Swiecki
1e2d1b8a2b
Makefile: clean removes pb-c generated files
2017-05-29 17:00:19 +02:00
Robert Swiecki
593943ec3a
configs/bash-with-fake-geteuid: block ptrace, fix description
2017-05-29 16:57:04 +02:00
Robert Swiecki
9519f1038b
mount: introduce mountDescribeMountPt
2017-05-29 16:52:24 +02:00
Robert Swiecki
aeb2e998b8
mount: mount src_content files from other tmpfs, to avoid shadowing / of the root tmpfs with some other FS
2017-05-29 16:39:08 +02:00
Robert Swiecki
cae0c4a7f5
Makefile: make compiling with libprotobuf-c more robust under different systems
2017-05-29 16:22:31 +02:00
Robert Swiecki
9e288fb6dc
Better compilation rules for protobuf-c-text
2017-05-29 15:29:21 +02:00
Robert Swiecki
ca245f9cdb
configs: typo
2017-05-29 15:01:34 +02:00
Robert Swiecki
f84d20632d
mount: remove tmp file after use
2017-05-29 04:50:29 +02:00
Robert Swiecki
6380474301
Simplify mountMount
2017-05-29 03:29:14 +02:00
Robert Swiecki
0271586e81
Get rid of pivot_root_only - achieve the same in different way
2017-05-29 03:11:32 +02:00