nsjail

woj/nsjail

Author	SHA1	Message	Date
Jagger	827e1a4e7d	Init cgroups from parent	2016-06-19 15:50:25 +02:00
Jagger	c93d926189	Create sub-cgroups instead of using the parent one	2016-06-19 14:58:18 +02:00
Jagger	640ae23a71	More use examples	2016-06-19 14:32:27 +02:00
Jagger	0498920fce	Unmount cgroup FS after use	2016-06-19 14:25:41 +02:00
Jagger	edab0fe9e4	More debug for cgroups	2016-06-19 14:05:19 +02:00
Jagger	e3a351b335	More memory cgroup controls	2016-06-19 13:54:36 +02:00
Jagger	6223ccebf1	Rudimentary cgroup support	2016-06-19 12:47:28 +02:00
Jagger	a1f0ec7925	Support for CLONE_NEWCGROUP	2016-06-19 11:55:55 +02:00
Jagger	df97c0fe74	Use NULL as src for mounting proc and tmpfs	2016-06-19 01:35:06 +02:00
Jagger	2e523ae4b8	/proc is ro by defauly	2016-06-19 01:05:31 +02:00
Jagger	da0f4c0695	Better logging for closing(fd)	2016-06-18 11:08:35 +02:00
Jagger	53d8e16a01	cmdline typos	2016-06-18 01:24:57 +02:00
Jagger	86ddf16279	Implement --pass_fd	2016-06-18 00:46:57 +02:00
Jagger	d4912847ed	Make it compile with clang	2016-06-12 13:07:40 +02:00
Jagger	78bc1ce932	Logs LOG/PLOG	2016-06-05 19:09:14 +02:00
Jagger	842e54b0a0	LOG->PLOG	2016-05-15 02:32:50 +02:00
Jagger	f06084bbea	Order of includes	2016-05-14 03:38:15 +02:00
Robert Swiecki	3edc8bf4a7	Move PID ns to a separate module	2016-05-13 17:07:44 +02:00
Jagger	d78e141f70	Use a subprocess to setup unshare mount /proc	2016-05-12 22:25:48 +02:00
Robert Swiecki	0f8fbf7ad9	Use dummy init with -Me	2016-05-11 16:20:05 +02:00
Robert Swiecki	0339d0497f	Description for -Me	2016-05-10 15:54:10 +02:00
Robert Swiecki	5e0b5d92b8	Use %td instead of %tx for syscall number	2016-05-10 15:47:13 +02:00
Robert Swiecki	0493176513	Syscall printing	2016-05-10 15:45:48 +02:00
Jagger	19c9598631	Use examples	2016-05-10 00:54:25 +02:00
Jagger	a6062dd03a	Restart fcntl()	2016-05-09 23:45:56 +02:00
Jagger	4a5a796d26	Make it compile (de-facto) with clang	2016-05-09 23:16:26 +02:00
Jagger	95217d6d55	Restarts with interruptible syscalls	2016-05-09 23:11:18 +02:00
Robert Swiecki	6e25d47eba	Cover interruptible syscalls with TEMP_FAILURE_RETRY	2016-05-09 15:16:26 +02:00
Jagger	c77d2097ff	Print hex always as 0x	2016-05-08 04:00:33 +02:00
Jagger	994af12692	Indent	2016-05-08 03:36:31 +02:00
Jagger	d5162548b3	Print seccomp-bpf arguments in an organized way	2016-05-08 03:36:16 +02:00
Jagger	73c847fc98	Print /proc/<pid>/syscall upon SIGSYS	2016-05-08 03:09:43 +02:00
Jagger	590899b7b8	Make -Me work again	2016-05-05 05:44:12 +02:00
Jagger	2603deb84c	No need to set return value with timeouts	2016-05-05 05:39:57 +02:00
Jagger	5bbfd06dcc	Return 0 only of child returned 0	2016-05-05 05:12:06 +02:00
Jagger	87f1883c69	wait4 instead of waitpid	2016-05-05 05:07:21 +02:00
Jagger	070939e18a	Better check for SIGSYS	2016-05-05 05:04:01 +02:00
Jagger	99ca4c5df2	isprint misbehaves with some glibc versions	2016-05-05 03:53:53 +02:00
Jagger	dc66939d67	Have some syscall to test seccomp-bpf	2016-05-05 02:00:41 +02:00
Jagger	de9ff2382e	Report seccomp violations	2016-05-05 01:58:26 +02:00
Jagger	27f7bf9a8c	Add KILL as a synonym for DENY	2016-05-05 01:18:14 +02:00
Robert Swiecki	88e81e3e4b	No need to read from pipefd at the end of subproc	2016-04-25 16:06:19 +02:00
Robert Swiecki	56cf3d2b22	Enable seccomp for all archs	2016-04-25 15:49:26 +02:00
Jagger	8371afabb9	read() -> utilReadFromFd()	2016-04-25 02:01:26 +02:00
Jagger	57a523dd08	Use defer {} instead of DEFER()	2016-04-23 04:22:31 +02:00
Robert Swiecki	db4a90d225	Print warning with failing umount	2016-03-23 17:23:18 +01:00
Robert Swiecki	66d3a14530	Remove the tmpfs from /tmp is we are mounting / as root	2016-03-23 17:08:52 +01:00
Robert Swiecki	f17c13645c	Remove old log semantics	2016-03-15 20:45:20 +01:00
Robert Swiecki	3bc8cce90e	No need to redirect log fd anymore	2016-03-15 20:42:03 +01:00
Robert Swiecki	969750c4c9	Don't take CFLAGS into consideration with make depend	2016-03-11 15:48:23 +01:00

... 13 14 15 16 17 ...

898 Commits