Eli Zrihen
|
5c8b3835b7
|
MACVLAN modes support
|
2021-06-16 16:59:12 +03:00 |
|
Robert Swiecki
|
056809ed3b
|
Initial support for CLONE_NEWTIME
|
2021-05-11 14:48:45 +02:00 |
|
Philip Papurt
|
32f2287fbb
|
net: add support for max_conns
|
2021-02-09 17:13:35 -05:00 |
|
Robert Swiecki
|
608618ea7b
|
subproc: kill a process once in the -Ml mode once the TCP connection has ended
|
2020-08-30 22:02:08 +02:00 |
|
Wiktor Garbacz
|
a47123b8a7
|
fix POLLNVAL in pipeTraffic
|
2020-02-17 15:57:13 +01:00 |
|
Robert Swiecki
|
2cf562160d
|
nsjail/pid/subproc: a). keep childrens' PIDs in a map indexed by pid b). correctly fetch remote IPv6 address text
|
2020-02-16 22:34:19 +01:00 |
|
Wiktor Garbacz
|
273ce6bc84
|
pipe socket traffic in and out of sandboxee
|
2020-02-14 17:07:14 +01:00 |
|
Jay Lees
|
86293b052e
|
Add flag to disable rlimits
|
2019-08-05 03:25:22 -07:00 |
|
Jay Lees
|
08f62b6f76
|
[cgroup-v2] support cgroup v2 for mem, cpu and pids
|
2019-07-26 07:02:17 -07:00 |
|
Robert Swiecki
|
494a5f63cd
|
Add nice_level to cmd-line/config options
|
2019-06-30 21:50:56 +02:00 |
|
Robert Swiecki
|
a2dacef5d7
|
allow to use nsjail w/o namespaces
|
2019-03-29 21:38:14 +01:00 |
|
Wiktor Garbacz
|
7fe87b41c7
|
code formatting
|
2018-10-24 10:31:14 +02:00 |
|
Micky Del Favero
|
233a7296fe
|
Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
|
2018-10-23 15:05:50 +02:00 |
|
Robert Swiecki
|
5bf23a0e58
|
cmdline: more stderr_to_null closer to is_silent
|
2018-06-25 04:10:42 +02:00 |
|
Robert Swiecki
|
272a85477a
|
config: Implement --stderr_to_null
|
2018-06-25 03:12:27 +02:00 |
|
Robert Swiecki
|
04627982d0
|
logs: use log file/level immediately
|
2018-06-07 16:51:50 +02:00 |
|
Robert Swiecki
|
7d57fc81be
|
cmdline: add iface_own to take ownership of one of the global interfaces
|
2018-05-30 15:26:09 +02:00 |
|
Robert Swiecki
|
b8798fc9a7
|
use strtoimax when needed
|
2018-05-26 13:54:17 +02:00 |
|
Robert Swiecki
|
4394fa725e
|
sandbox: add support for SECCOMP_FILTER_FLAG_LOG
|
2018-05-23 15:32:45 +02:00 |
|
Robert Swiecki
|
864b7fc718
|
cmdline: remove tmpfs_size from nsjconf_t
|
2018-02-18 02:47:46 +01:00 |
|
Robert Swiecki
|
dc5e6676a7
|
nsjail: ignore SIGTTIN/SIGTTOU
|
2018-02-15 01:33:33 +01:00 |
|
Robert Swiecki
|
8a22a4abb6
|
convert exec file and argv to string/vector
|
2018-02-12 16:52:05 +01:00 |
|
Robert Swiecki
|
5a35f00e28
|
mnt: move mnt_t to std::string
|
2018-02-11 23:44:43 +01:00 |
|
Robert Swiecki
|
7b9178f5d7
|
make indent depend
|
2018-02-11 04:02:43 +01:00 |
|
Robert Swiecki
|
d875f23ae0
|
cgroup: switch const char* to std::string
|
2018-02-11 03:39:07 +01:00 |
|
Robert Swiecki
|
55e8e09c4a
|
net: convert net::connToText to std::string
|
2018-02-11 00:17:44 +01:00 |
|
Robert Swiecki
|
7a55ffb3a6
|
sandbox: convert kafel file/string as std::string
|
2018-02-10 23:46:15 +01:00 |
|
Robert Swiecki
|
de3f1371f0
|
convert proc_path to std::string
|
2018-02-10 20:16:17 +01:00 |
|
Robert Swiecki
|
b691b8796c
|
nsjail: iface_no_lo -> iface_lo
|
2018-02-10 18:22:51 +01:00 |
|
Robert Swiecki
|
7bddb40d87
|
net: move all iface_vs* options from char* to std::string
|
2018-02-10 18:18:40 +01:00 |
|
Robert Swiecki
|
97278f191b
|
log: rename log to logs due to clash with glibc's log
|
2018-02-10 17:49:15 +01:00 |
|
Robert Swiecki
|
ecd4c32d9a
|
mnt: replace sys/queue with std::vector
|
2018-02-10 14:38:01 +01:00 |
|
Robert Swiecki
|
1761ed4fdc
|
move common.h to macros.h
|
2018-02-10 05:25:55 +01:00 |
|
Robert Swiecki
|
381e6a1af7
|
nsjail: move pids queue to a vector
|
2018-02-10 05:13:25 +01:00 |
|
Robert Swiecki
|
c34b52ab78
|
nsjail: convert a couple of struct fields to std::string
|
2018-02-10 04:10:18 +01:00 |
|
Robert Swiecki
|
93005ef03d
|
nsjail: convert gids/uids to vector of structs
|
2018-02-10 00:37:23 +01:00 |
|
Robert Swiecki
|
9399373ee7
|
nsjail: envs to vector of strings
|
2018-02-09 23:04:57 +01:00 |
|
Robert Swiecki
|
63eb13ecde
|
nsjail: move openfd from queue to vector
|
2018-02-09 22:47:00 +01:00 |
|
Robert Swiecki
|
d1d310e70f
|
nsjail: convert caps from queue to vector
|
2018-02-09 22:35:33 +01:00 |
|
Robert Swiecki
|
7f72cbd497
|
all: move to C++
|
2018-02-09 18:55:42 +01:00 |
|
Robert Swiecki
|
0a311af2ad
|
nsjail: make nsjail.c nsjail.cc
|
2018-02-08 15:24:17 +01:00 |
|
Robert Swiecki
|
3ee825c4aa
|
cgroups: add support for CPU cgroup
|
2018-02-04 04:15:19 +01:00 |
|
Robert Swiecki
|
19ea0703f2
|
sandbox: compile seccomp-bpf policy once only
|
2018-02-01 14:19:01 +01:00 |
|
Robert Swiecki
|
354c5ae47b
|
open kafel file in each kafel subproc individually to avoid file pos sharing
|
2018-01-31 16:04:39 +01:00 |
|
Robert Swiecki
|
d7bcad2076
|
nsjail.h: different if guards for TEMP_FAILURE_RETRY
|
2017-11-08 17:20:57 +01:00 |
|
Hamid Ebadi
|
be8fb2ad73
|
Minor fixes
|
2017-11-08 16:45:02 +01:00 |
|
Robert Swiecki
|
e2529ce04f
|
Makefile/indent: base it on the google template with modifications
|
2017-10-26 00:26:02 +02:00 |
|
Robert Swiecki
|
61727949ca
|
nsjail: make njsconf::cgroup_pids_max unsigned int
|
2017-10-25 15:50:24 +02:00 |
|
Robert Swiecki
|
a1260e49f3
|
Use uint64_t instead of __rlim64_t
|
2017-10-25 15:44:35 +02:00 |
|
YAMAMOTO Masaya
|
315b3837b4
|
Support cgroup net_cls subsystem
|
2017-10-25 17:15:03 +09:00 |
|