Robert Swiecki
c63e5b39e8
use QC() across the code
2022-08-10 15:23:53 +02:00
Robert Swiecki
9aee3dd831
Make logs more efficient by avoiding argument evaluation for LOG* if
...
it's not needed at the current level
2022-08-05 08:42:37 +02:00
Robert Swiecki
856cb0f2ec
When setting CPU affinity, take into consideration the current CPU
...
affinity set. Use only CPU numbers, which exist in the current affinity
set. Maybe fixes https://github.com/google/nsjail/issues/200
2022-08-04 19:22:33 +02:00
Patrick Steinhardt
df21a972b6
nsjail: Optionally forward fatal signals
...
Currently, we always kill children by sending them a SIGKILL signal in
case we've got a fatal signal. This is rather inflexible and forbids
some usecases where e.g. child process listen for specific signals to
shut down gracefully.
Add a new command configuration `--forward_signals` that allows the user
to opt-in to forwarding fatal signals to the child process.
2022-06-05 19:38:32 +02:00
Michał Kowalczyk
f4abf7b726
config: Add more docs for disable_tsc
2022-02-18 00:33:52 +01:00
Robert Swiecki
cdf8e8f14c
config: info about prctl(PR_SET_TSC, PR_TSC_ENABLE) being intel-only
2022-02-18 00:15:12 +01:00
Michał Kowalczyk
16b4416d75
Add disable_tsc option
...
Implemented via prctl(PR_SET_TSC, PR_TSC_SIGSEGV, ...).
2022-02-17 23:53:13 +01:00
Philip
bf93e8a25d
cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max
2021-11-01 10:28:41 +01:00
Johan Kartiwa
29a556068a
Add support for setting cgroup memory.memsw.limit_in_bytes
2021-10-11 15:46:36 +02:00
James Kay
e09610e789
Allow mount options to contain colons.
...
This is particularly important for overlayfs, which allows multiple
layers to be given to `lowerdir` separated by colons: see
<https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt >,
section ‘Multiple lower layers’.
2021-10-11 15:46:16 +02:00
Colin Stolley
8a1f3b5f4d
The default rlimit_as value is 4096, not 512.
...
In 9b8d91bd7f
2021-09-14 11:57:30 -05:00
Wiktor Garbacz
4136dd50d8
Merge branch 'use_switchroot'
2021-08-03 17:44:57 +02:00
Eli Zrihen
7aace9bdc6
rtprio, msgqueue - defaulting to 'soft'
2021-07-20 16:00:13 +03:00
Eli Zrihen
b83d6f7421
Renaming use_switchroot option with no_pivotroot
2021-07-20 15:45:58 +03:00
Eli Zrihen
9f4b4f41e7
Consistentency with RLIMIT_* constant name
2021-07-20 15:20:47 +03:00
Eli Zrihen
b6576fcde7
Adding a warning when switchroot is used
2021-07-20 10:20:23 +03:00
Eli Zrihen
0f903ba9a0
Added rt, memlock & msgq limits
2021-07-19 17:21:34 +03:00
Eli Zrihen
0e0e34c33d
Merge remote-tracking branch 'origin/HEAD' into _use_switchroot
2021-07-13 11:13:35 +03:00
Robert Swiecki
62879de5de
cmdline: clone_newcgroup -> true by default; clone_newtime should be false
2021-07-07 11:55:17 +02:00
Eli Zrihen
dab1713ac9
Added use_switchroot option
2021-06-17 14:57:01 +03:00
Robert Swiecki
2e9fd0e2e4
make indent
2021-06-16 17:44:07 +02:00
Eli Zrihen
5c8b3835b7
MACVLAN modes support
2021-06-16 16:59:12 +03:00
Robert Swiecki
d1f332b911
Enable support for clone3() and for CLONE_NEWTIME
2021-05-18 14:38:01 +02:00
Robert Swiecki
056809ed3b
Initial support for CLONE_NEWTIME
2021-05-11 14:48:45 +02:00
Ziqin Wang
5cddbaf07e
Fix typo in command line description
2021-04-03 23:31:56 +08:00
Philip Papurt
32f2287fbb
net: add support for max_conns
2021-02-09 17:13:35 -05:00
Christian Blichmann
910fb5498c
Fix a few typos.
...
These were found by external tooling while preparing the Debian package.
* Uknown -> Unknown
* Writting -> Writing
* commited -> committed
* processess -> processes
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-07-07 14:07:22 +02:00
Robert Swiecki
b3d544d155
config: simplify log/logfd setting
2019-10-02 19:43:58 +02:00
Robert Swiecki
e2c5c59bd3
standardize on envar vs envvar
2019-08-28 22:18:58 +02:00
robertswiecki
a0cdc71ab2
Merge pull request #120 from jaylees14/disable-rlimits
...
Add flag to disable rlimits
2019-08-19 14:26:27 +02:00
Robert Swiecki
ac6e19d4ec
Merge branch 'master' of github.com:google/nsjail
2019-08-19 11:35:17 +02:00
Robert Swiecki
f07c523543
net/cmdline: better checks for TCP port values
2019-08-19 11:34:34 +02:00
Jay Lees
86293b052e
Add flag to disable rlimits
2019-08-05 03:25:22 -07:00
Jay Lees
08f62b6f76
[cgroup-v2] support cgroup v2 for mem, cpu and pids
2019-07-26 07:02:17 -07:00
Robert Swiecki
28d2220b1e
cmdline: no need to check for nice values
2019-06-30 22:03:57 +02:00
Robert Swiecki
494a5f63cd
Add nice_level to cmd-line/config options
2019-06-30 21:50:56 +02:00
Robert Swiecki
8d9aaec7f0
cmdline: don't clear cmdline exec_file is arguments are provided on cmdline
2019-04-01 22:46:39 +02:00
Robert Swiecki
7aa8916077
cmdline: make sure that argv[0] exists
2019-04-01 22:42:14 +02:00
Robert Swiecki
2b1bad6b5b
cmdline: allow to override config cmdline with cmdline cmdline
2019-03-30 16:10:14 +01:00
Robert Swiecki
a2dacef5d7
allow to use nsjail w/o namespaces
2019-03-29 21:38:14 +01:00
disconnect3d
de872dc6b8
Fix #108 - missing cgroup_cpu_mount option setting
2019-03-05 16:41:38 -06:00
Robert Swiecki
9b8d91bd7f
incrase the default RLIMIT_AS limit to 4GiB. 512MiB is not enough for many payloas, and cgroups should be used for memory limiting anyway
2019-02-06 17:06:42 +01:00
Robert Swiecki
91b81f4e7a
cmdline: more bried debug output
2019-01-20 18:43:42 +01:00
Robert Swiecki
6a4f5c110b
make indent
2018-12-17 08:46:31 +01:00
Robert Swiecki
432c38ad23
cmdline: clarify cgroup_cpu_ms_per_sec
2018-12-05 14:35:16 +01:00
Robert Swiecki
6217d27d61
mnt: better description for mounts
2018-11-22 08:44:25 +01:00
Robert Swiecki
c05b47b3b6
cmdline/env: don't set empty envvars
2018-10-28 21:03:10 +01:00
Robert Swiecki
c7dd18c612
cmdline: add ability to passthrough current envvars
2018-10-28 17:15:55 +01:00
Micky Del Favero
303f7ab7f0
Remove duplicate code
...
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
2018-10-23 22:24:43 +02:00
Micky Del Favero
233a7296fe
Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.
...
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
2018-10-23 15:05:50 +02:00
