woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
997 Commits 2 Branches 0 Tags 1.5 MiB
d56adc39c9
Commit Graph

21 Commits

Author SHA1 Message Date
Patrick Steinhardt
91848d22bf user: allow setting multiple groups without user namespaces 
When not using a user namespace, then we'll completely ignore
whether multiple groups have been specified by the user and only set
up the process's GID. With user namespaces, we in fact cannot set up
supplementary groups as we have set up "/proc/self/setgroups" to
deny any call to setgroups(2). But we can do better than that when
not using user namespaces, as we're free to use that syscall.

As nsjail(1) documents that "--group" can be specified multiple
times without mentioning that this won't work with
"--disable_clone_newuser", change the code to make that
constellation work.
 2019-06-20 12:12:16 +02:00
Robert Swiecki
56b99003b4 user: function naming 2019-03-31 15:16:24 +02:00
Robert Swiecki
a2dacef5d7 allow to use nsjail w/o namespaces 2019-03-29 21:38:14 +01:00
Robert Swiecki
061e32839f use util::syscall whenever possible 2019-01-21 22:37:30 +01:00
Robert Swiecki
6a4315f318 More of RETURN_ON_FAILURE 2019-01-01 11:36:02 +01:00
Robert Swiecki
b8798fc9a7 use strtoimax when needed 2018-05-26 13:54:17 +02:00
Robert Swiecki
a42203a6dd user: cons'ifize a var 2018-05-20 23:52:55 +02:00
Robert Swiecki
810394cf16 switc all == false cmps to ! 2018-02-12 15:17:33 +01:00
Robert Swiecki
f1a6b08962 cmdline: simplify string splitting 2018-02-11 14:56:30 +01:00
Robert Swiecki
7b9178f5d7 make indent depend 2018-02-11 04:02:43 +01:00
Robert Swiecki
ac89fbb44f user: simplify creation of uid/gid maps 2018-02-11 04:02:14 +01:00
Robert Swiecki
97278f191b log: rename log to logs due to clash with glibc's log 2018-02-10 17:49:15 +01:00
Robert Swiecki
05304b3ba5 user: remove unnecessary structs 2018-02-10 15:51:47 +01:00
Robert Swiecki
4494deffa7 omit keyword 'struct' 2018-02-10 15:50:12 +01:00
Robert Swiecki
ecd4c32d9a mnt: replace sys/queue with std::vector 2018-02-10 14:38:01 +01:00
Robert Swiecki
1761ed4fdc move common.h to macros.h 2018-02-10 05:25:55 +01:00
Robert Swiecki
93005ef03d nsjail: convert gids/uids to vector of structs 2018-02-10 00:37:23 +01:00
Robert Swiecki
7f72cbd497 all: move to C++ 2018-02-09 18:55:42 +01:00
Robert Swiecki
a6c34999f2 util: move to C++ 2018-02-09 18:45:50 +01:00
Robert Swiecki
15170f9d6c cgroup: move to C++ 2018-02-09 18:13:17 +01:00
Robert Swiecki
27a226ad28 user: move to C++ 2018-02-09 18:08:11 +01:00