robertswiecki
|
27c05b367f
|
Merge pull request #61 from jvvv/master
Adjust documents for clone_newcgroup change.
|
2017-10-28 23:36:02 +02:00 |
|
John Vogel
|
8f39ec5436
|
Adjust documents for clone_newcgroup change.
Change --enable_clone_newcgroup to --disable_clone_newcgroup.
Add comment about kernel version for clone_newcgroup option.
|
2017-10-27 00:33:07 -04:00 |
|
Robert Swiecki
|
ca705b4fea
|
Makefile: remove relro,now as it doesn't allow to compile under some archs
|
2017-10-27 01:53:05 +02:00 |
|
Robert Swiecki
|
55c35f380f
|
mount: add info about mounting /proc
|
2017-10-26 23:00:15 +02:00 |
|
Robert Swiecki
|
a3c00c7321
|
subproc: reflow comments
|
2017-10-26 22:57:14 +02:00 |
|
Robert Swiecki
|
a87cd58bee
|
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config #2
|
2017-10-26 16:19:30 +02:00 |
|
Robert Swiecki
|
3734b8801f
|
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config
|
2017-10-26 16:16:05 +02:00 |
|
Robert Swiecki
|
805ceb4363
|
configs/ increas rlimit_nofile for firefox
|
2017-10-26 02:43:40 +02:00 |
|
Robert Swiecki
|
c04ca63190
|
mount: const'antize the mountPair struct
|
2017-10-26 02:29:15 +02:00 |
|
Robert Swiecki
|
2ab64972fd
|
mount: an array of known mount/vfsmount flag pairs
|
2017-10-26 02:27:18 +02:00 |
|
Robert Swiecki
|
91991fc75e
|
mount: don't reuse flags from statvfs directly for remounting
|
2017-10-26 02:17:52 +02:00 |
|
Robert Swiecki
|
659bbd1b4a
|
config.proto: reflow field numbering
|
2017-10-26 00:35:59 +02:00 |
|
Robert Swiecki
|
082b3821bb
|
Makefile/indent: add clang-format for proto
|
2017-10-26 00:34:32 +02:00 |
|
Robert Swiecki
|
e2529ce04f
|
Makefile/indent: base it on the google template with modifications
|
2017-10-26 00:26:02 +02:00 |
|
Robert Swiecki
|
5b593d33b4
|
Update kafel to 33d7970ba0d5a1939371f3448e13ede833b32afd
|
2017-10-25 16:04:28 +02:00 |
|
Robert Swiecki
|
e309e11f55
|
cgroup: remove duplicated check for values
|
2017-10-25 15:57:17 +02:00 |
|
Robert Swiecki
|
697b8698b4
|
nsjail: make njsconf::cgroup_pids_max unsigned int #2
|
2017-10-25 15:51:06 +02:00 |
|
Robert Swiecki
|
61727949ca
|
nsjail: make njsconf::cgroup_pids_max unsigned int
|
2017-10-25 15:50:24 +02:00 |
|
Robert Swiecki
|
a1260e49f3
|
Use uint64_t instead of __rlim64_t
|
2017-10-25 15:44:35 +02:00 |
|
robertswiecki
|
9f1639fa9c
|
Merge pull request #58 from pandax381/support-cgroup-net-cls
Support cgroup net_cls subsystem
|
2017-10-25 15:35:35 +02:00 |
|
YAMAMOTO Masaya
|
6338c77636
|
Update documents
|
2017-10-25 17:56:14 +09:00 |
|
YAMAMOTO Masaya
|
315b3837b4
|
Support cgroup net_cls subsystem
|
2017-10-25 17:15:03 +09:00 |
|
Robert Swiecki
|
3b3ec6c623
|
mount: don't complain about ability to create mount dirs
|
2017-10-25 01:45:39 +02:00 |
|
Robert Swiecki
|
6dc0808914
|
pid: Don't start new ns-init id CLONE_NEWPID is not requested
|
2017-10-25 01:34:10 +02:00 |
|
Robert Swiecki
|
b6f703629e
|
log: do isatty(log_fd) in log constructor
|
2017-10-24 16:20:51 +02:00 |
|
Robert Swiecki
|
80f902fc06
|
subproc: use SIG_SETMASK to unblock all signals
|
2017-10-20 15:56:32 +02:00 |
|
Robert Swiecki
|
a415506619
|
configs/busybox: indicate that the busybox must be statically compiled
|
2017-10-20 14:46:43 +02:00 |
|
Robert Swiecki
|
86f444d00b
|
Merge branch 'master' of ssh://github.com/google/nsjail
|
2017-10-20 14:44:07 +02:00 |
|
Robert Swiecki
|
d990777261
|
subproc: unblock all signals before executing a process
|
2017-10-20 14:43:56 +02:00 |
|
Robert Swiecki
|
ec789a4d64
|
mount: use NS_DIR_TRUE instead of true in cmdline
|
2017-10-20 13:02:15 +02:00 |
|
Robert Swiecki
|
7e49be4dc3
|
mount: try creating starting tmpfs's in /run/user/<uid> first
|
2017-10-19 22:39:37 +02:00 |
|
Robert Swiecki
|
4152f3ea93
|
mount: merge string line in log
|
2017-10-19 15:58:57 +02:00 |
|
Robert Swiecki
|
29ff5e49b5
|
mount: missing 'return false' if the mount fails
|
2017-10-19 15:46:31 +02:00 |
|
Robert Swiecki
|
4c5aebf23b
|
nsjail: use CTRL+\ (SIGQUIT) to display active sessions
|
2017-10-19 15:25:20 +02:00 |
|
Robert Swiecki
|
2687f33a07
|
use O_CLOEXEC with utilWriteBufToFile wherever possible
|
2017-10-19 14:56:45 +02:00 |
|
Robert Swiecki
|
94e593eb68
|
subproc: comments around new proc stack
|
2017-10-19 13:11:41 +02:00 |
|
Robert Swiecki
|
c33b1c87af
|
subproc: typos
|
2017-10-19 02:32:55 +02:00 |
|
Robert Swiecki
|
123ef0b46b
|
make indent
|
2017-10-19 02:24:34 +02:00 |
|
robertswiecki
|
064d024f6d
|
Merge pull request #56 from VCTLabs/stack-alignment
align stack for child process
|
2017-10-19 02:22:08 +02:00 |
|
Robert Swiecki
|
00fa26f696
|
user: avoid calling setresgid twice on machines that support setres(g|u)id32
|
2017-10-19 02:14:58 +02:00 |
|
robertswiecki
|
5870d6bb00
|
Merge pull request #55 from jvvv/master
manpage: add --execute_fd option
|
2017-10-18 23:32:13 +02:00 |
|
John Vogel
|
221b53f8d2
|
manpage: add --execute_fd option
|
2017-10-18 14:48:24 -04:00 |
|
Robert Swiecki
|
9fbe753a6a
|
cmdline: typo
|
2017-10-18 18:02:23 +02:00 |
|
Robert Swiecki
|
9c2f19b972
|
cmdline: add option --execute_fd and support for it, in order to use execveat()
|
2017-10-18 17:57:52 +02:00 |
|
Robert Swiecki
|
5ef11f65a4
|
No need to use '== true'
|
2017-10-18 15:41:16 +02:00 |
|
Robert Swiecki
|
9465e794eb
|
No need to add custom flags when remounting RO
|
2017-10-18 15:41:02 +02:00 |
|
Robert Swiecki
|
e67710005d
|
mount: mountFlagsToStr cannot be repeated as it uses TLS buffer
|
2017-10-18 15:31:15 +02:00 |
|
Robert Swiecki
|
152d6d68ae
|
simplify includes, remove unneeded, add needed
|
2017-10-18 14:46:17 +02:00 |
|
Robert Swiecki
|
58d6b3075c
|
Move struct nsjail_t definition to nsjail.h and leave only macros in common.h
|
2017-10-18 14:27:34 +02:00 |
|
Robert Swiecki
|
1b4577e53f
|
subproc: clear signal handlers in the child process
|
2017-10-18 12:33:24 +02:00 |
|