Robert Swiecki
94b022fece
util: implement rLimName() to use in cmdline/config
2023-10-10 01:23:52 +02:00
Robert Swiecki
d7cf1a9c0d
make indent
2023-09-21 08:31:47 +02:00
Robert Swiecki
557633c1de
Makefile: move to c++17 to use [[maybe_unused]] and remove DEFER (actually not used) from macros.h
2023-09-21 08:29:36 +02:00
Robert Swiecki
439606be70
Makefile/indent: add AlwaysBreakBeforeMultilineStrings:false
2023-09-19 20:31:57 +02:00
Robert Swiecki
2e27593482
make indent: clang-format-18
2023-09-19 08:45:42 +02:00
Robert Swiecki
8308b91c04
subproc: mark cloneFunc as [[noreturn]]
2023-08-18 13:34:09 +02:00
Robert Swiecki
611ef1c435
subproc: support CLONE_CLEAR_SIGHAND
2023-08-18 13:26:01 +02:00
Robert Swiecki
5e494a6a78
subproc: display additional clone3 flags
2023-08-09 18:19:37 +02:00
Robert Swiecki
285ea15811
subproc/mount: use better types for flags, u64 for clone, unsigned long for mount
2022-10-24 13:12:20 +02:00
Robert Swiecki
c63e5b39e8
use QC() across the code
2022-08-10 15:23:53 +02:00
Robert Swiecki
b3fcc30aec
cpu: more debugging messages
2022-08-09 16:13:03 +02:00
Robert Swiecki
f628f74b00
mnt: quote paths in log messages
2022-08-09 12:06:42 +02:00
Robert Swiecki
38fcf4f752
subproc: type + const string& in the iterator
2022-08-09 10:44:25 +02:00
Robert Swiecki
8e3ca99c3f
cpu/subproc: better debugging strings
2022-08-09 00:03:20 +02:00
Patrick Steinhardt
a517934aba
subproc: Allow killing subprocesses with different signal
...
`subproc::killAndReapAll()` is always killing the child process with the
SIGKILL signal. We're about to make this configurable though so that we
may optionally forward signals received by nsjail to the child process.
Add a new parameter to `killAndReapAll()` to prepare for this change.
2022-06-05 19:36:50 +02:00
243f6a8885a308d313198a2e037
472932c6f0
subproc.cc: fix typo: SiUime -> SiUtime
2022-02-23 14:41:23 +09:00
Robert Swiecki
9b73eaa289
subproc: print correct si fields for SIGCHLD
2022-02-08 12:17:59 +01:00
Robert Swiecki
aa0becd547
make indent
2021-11-12 20:24:33 +01:00
ndrewh
b248125c5f
Fix compile using FROM ubuntu:20.04
...
Remove clone_args members that are only present in 5.5+ and 5.7+
2021-11-08 11:52:23 +01:00
Robert Swiecki
246d4721b1
macros: make NS_VALSTR_STRUCT accept unsigned/64-bit vals
2021-09-30 16:44:48 +02:00
Robert Swiecki
db9e34ebd3
subproc: warn about CLONE_NEWTIME and clone(), and remove notice about CLONE_NEWCGROUP as the kernel versions should be now new enough for its support
2021-07-16 22:53:40 +02:00
Robert Swiecki
737b300609
subproc: debug log for unshare()
2021-07-16 22:47:18 +02:00
Robert Swiecki
d1f332b911
Enable support for clone3() and for CLONE_NEWTIME
2021-05-18 14:38:01 +02:00
Mehul Arora
b09ad5e91c
Fixed macro in subproc.cc
2021-05-12 12:13:06 +05:30
Robert Swiecki
056809ed3b
Initial support for CLONE_NEWTIME
2021-05-11 14:48:45 +02:00
Robert Swiecki
e1e80e8efa
subproc: refer users to dmesg in case si_syscall==31 (SIGSYS)
2021-02-01 23:22:43 +01:00
Robert Swiecki
608618ea7b
subproc: kill a process once in the -Ml mode once the TCP connection has ended
2020-08-30 22:02:08 +02:00
Robert Swiecki
fc02a3911c
make indent
2020-08-26 16:09:55 +02:00
Christian Blichmann
910fb5498c
Fix a few typos.
...
These were found by external tooling while preparing the Debian package.
* Uknown -> Unknown
* Writting -> Writing
* commited -> committed
* processess -> processes
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-07-07 14:07:22 +02:00
Piotr Krysiuk
b582491e02
fix non-functional max_conns_per_ip
...
Starting with nsjail::listenMode update to pipe socket traffic [commit 273ce6bc84
], a pipe file descriptor is passed as connsock parameter when calling net::limitConns and also as sock parameter when calling addProc in subproc::runChild.
This breaks net::limitConns because pid.remote_addr and also local variable addr are left uninitialized despite net::connToText calls when counting number of existing network connections from the same peer.
The subsequent correction to fetch remote address [commit 2cf562160d
] made the bug even more interesting, since the loop in net::limitConns now compares unsanitized content of stack with network addresses of already connected clients.
2020-03-19 00:13:28 +00:00
Robert Swiecki
59abcc476e
subproc: debug log when hotting SIHQUIT (Ctrl+\) #2 - better check
2020-02-17 14:13:17 +01:00
Robert Swiecki
e0b941565d
subproc: debug log when hotting SIHQUIT (Ctrl+\)
2020-02-17 14:11:58 +01:00
Robert Swiecki
ab8b319c13
subproc: verify that a pid in a pid map doesn't exist before inserting
2020-02-17 14:07:25 +01:00
Robert Swiecki
2cf562160d
nsjail/pid/subproc: a). keep childrens' PIDs in a map indexed by pid b). correctly fetch remote IPv6 address text
2020-02-16 22:34:19 +01:00
Robert Swiecki
04e5fae0e3
subproc: recognize CLONE_PIDFD
2019-12-10 11:09:14 +01:00
Robert Swiecki
0773b75900
subproc: fix invalid conversions from util::syscall to syscall
2019-09-02 16:10:19 +02:00
Jay Lees
08f62b6f76
[cgroup-v2] support cgroup v2 for mem, cpu and pids
2019-07-26 07:02:17 -07:00
Robert Swiecki
8059747016
subproc: save/restore errno when printing error message twice
2019-03-12 17:07:24 +01:00
Robert Swiecki
061e32839f
use util::syscall whenever possible
2019-01-21 22:37:30 +01:00
Robert Swiecki
83fc152d7c
Make netlink3-route mandatory
2019-01-20 18:37:47 +01:00
Robert Swiecki
48f67f131a
subproc: PLOG -> LOG
2019-01-04 01:41:26 +01:00
Robert Swiecki
864aa72a2a
subproc: print more data on sigsys
2018-12-05 10:10:21 +01:00
disconnect3d
25a7791d34
Fix utils::writeToFd return type
...
The `writeToFd` function in `util.cc` returns `ssize_t` but the only
returned values are either `false` or `true`.
```
ssize_t writeToFd(int fd, const void* buf, size_t len) {
(...) return false;
(...) return true;
```
2018-11-24 16:40:30 +01:00
Robert Swiecki
5a8a178290
configs/bash: add noexec/nodev/nosuid to a mount
2018-07-27 22:54:28 +02:00
Wiktor Garbacz
bb4e77686d
subproc: reap processes after killing
...
Always try to release resources if possible.
Fixes #69
2018-07-27 13:33:39 +02:00
Robert Swiecki
d355e1dc08
subproc: better log messages
2018-07-23 23:35:01 +02:00
Robert Swiecki
4c87531bcc
Don't re-run process if previous execution failed
2018-07-23 17:13:17 +02:00
Robert Swiecki
4ef480546d
subproc: correct casting for nsjconf->tlimit in printf
2018-07-05 14:32:07 +02:00
Robert Swiecki
5176140e3f
Merge branch 'master' of github.com:google/nsjail
2018-06-07 14:59:32 +02:00
Robert Swiecki
ffd836018d
subproc: replicate bash behavior on exit values
2018-06-07 14:59:12 +02:00