Robert Swiecki
|
cc987ec775
|
Add locked mount flags during remounting
|
2016-03-01 15:36:32 +01:00 |
|
Robert Swiecki
|
f258316f5e
|
More specific error message for EACCES during mount()
|
2016-03-01 15:02:33 +01:00 |
|
Robert Swiecki
|
114ce7e976
|
Make it possible to compile with clang
|
2016-02-29 19:09:39 +01:00 |
|
Jagger
|
d2f47fff92
|
Add network configuration for the 'vs' interface
|
2016-02-29 02:51:55 +01:00 |
|
Jagger
|
43983cbb17
|
Add --iface_lo_up
|
2016-02-29 00:14:36 +01:00 |
|
Jagger
|
fb8eb88410
|
No need to update /proc/pid/setgroups if euid==0
|
2016-02-28 02:41:57 +01:00 |
|
Jagger
|
8d641169e3
|
Initialize user/group maps from the parent process
|
2016-02-28 02:34:43 +01:00 |
|
Jagger
|
ad4b0105a7
|
No need to add (default:none) in cmdline
|
2016-02-28 01:52:09 +01:00 |
|
Robert Swiecki
|
4ec7c12c99
|
Add MS_REC to MS_RDONLY
|
2016-02-25 18:27:42 +01:00 |
|
Robert Swiecki
|
87829e3f6e
|
Implement --skip_setsid
|
2016-01-25 18:09:32 +01:00 |
|
Jagger
|
d36deb5d0d
|
Use --user x:y notation (not working yet)
|
2016-01-23 07:05:24 +01:00 |
|
Robert Swiecki
|
307a6f0257
|
Create a file/dir inside jail beforemounting
|
2016-01-14 15:44:29 +01:00 |
|
Jagger
|
2765e58c4e
|
Use TAILQ instead of LIST to insert new mount entries at the end
|
2016-01-09 16:09:05 +01:00 |
|
Robert Swiecki
|
88e796e004
|
Set a separate session/process_group
|
2015-11-24 18:34:05 +01:00 |
|
Jamy Timmermans
|
bd5ed5ac63
|
Fix dereference in cwd option
|
2015-11-07 06:11:55 -06:00 |
|
Jamy Timmermans
|
93abc40dde
|
Add a cwd option
This way the process being spawned can be in a directory if the
spawner’s choosing (as ling as it’s available in the chroot)
|
2015-11-07 13:01:44 +01:00 |
|
Jagger
|
5f5e496179
|
Make it compile with -m32
|
2015-10-18 20:47:44 +02:00 |
|
Jagger
|
558ede7dfe
|
Make __user_cap_data_struct const
|
2015-10-18 20:39:06 +02:00 |
|
Jagger
|
49faea78b0
|
Use 0x%tx for uintptr_t
|
2015-10-17 19:14:57 +02:00 |
|
Jagger
|
59cedfe10f
|
Use just a single list for mount-points (RO, RW, chroot)
|
2015-10-17 16:48:30 +02:00 |
|
Robert Swiecki
|
5202a7fc07
|
Use rlimit64
|
2015-10-13 19:06:59 +02:00 |
|
Jagger
|
3c9c63b608
|
In case there's no CLONE_NEWNS, just chroot()
|
2015-08-16 10:55:14 +02:00 |
|
Jagger
|
cbb64d571d
|
Make --disable_proc work
|
2015-08-15 20:48:48 +02:00 |
|
Jagger
|
da4fc22eab
|
indent 100
|
2015-08-15 20:10:07 +02:00 |
|
Jagger
|
701825970a
|
Implementation of MODE_STANDALONE_EXECVE
|
2015-08-15 16:02:38 +02:00 |
|
Jagger
|
04fa1e9c1f
|
More verbose error messages for mounting files/dirs
|
2015-08-12 01:17:54 +02:00 |
|
Jagger
|
07df4307f5
|
Move tmpfs mounting before pivot_chroot
|
2015-08-12 00:58:26 +02:00 |
|
Jagger
|
a47a651999
|
Create a file for sockets/devs/files bind mounts
|
2015-08-11 14:34:17 +02:00 |
|
Jagger
|
8b951e6c28
|
Checks for strdup() result. Use remountBindMount since we have it
|
2015-07-15 03:33:13 +02:00 |
|
Jagger
|
e3fe2d183c
|
tmpfs_size (size_t) + indent
|
2015-07-08 00:54:59 +02:00 |
|
JT Olds
|
8841a08dd3
|
Make tmpfs size configurable
|
2015-07-07 15:42:25 -06:00 |
|
JT Olds
|
5b28785790
|
Don't mount NODEV so stuff like /dev/null works
Users now need to be careful about allowing device special files
in the jail.
|
2015-07-07 15:41:55 -06:00 |
|
JT Olds
|
821eb78054
|
Improve bindmount interface.
Now supports readonly bindmounts and
differentiating between source and target path.
|
2015-07-07 11:52:32 -06:00 |
|
Jagger
|
c6f8843c64
|
Indent
|
2015-06-18 03:07:22 +02:00 |
|
Jagger
|
5dfdb470cd
|
Replace self-made list of pointers with queue.h
|
2015-06-18 03:00:39 +02:00 |
|
Robert Swiecki
|
08d1add31d
|
More instructive error message
|
2015-05-21 18:40:34 +02:00 |
|
Jagger
|
ea9c3d1165
|
README.md
|
2015-05-16 05:10:13 +02:00 |
|
Robert Swiecki
|
ee68cd9d30
|
Log function names
|
2015-05-15 16:42:56 +02:00 |
|
Robert Swiecki
|
69622c17ae
|
Logs from the child process (namespaced) are proxied to the parent
process
|
2015-05-15 16:02:15 +02:00 |
|
Robert Swiecki
|
0ca35aa942
|
Initial import
|
2015-05-14 23:44:48 +02:00 |
|