Robert Swiecki
e67710005d
mount: mountFlagsToStr cannot be repeated as it uses TLS buffer
2017-10-18 15:31:15 +02:00
Robert Swiecki
152d6d68ae
simplify includes, remove unneeded, add needed
2017-10-18 14:46:17 +02:00
Robert Swiecki
58d6b3075c
Move struct nsjail_t definition to nsjail.h and leave only macros in common.h
2017-10-18 14:27:34 +02:00
Robert Swiecki
4ffec405de
Makefile: add columnt limit to the indent
2017-10-17 15:22:23 +02:00
Robert Swiecki
2df017ec56
cmdline: add --proc_path and --proc_rw options
2017-10-11 02:10:52 +02:00
Robert Swiecki
fe234f4830
move VALSTR_STRUCT to common.h
2017-10-08 23:06:40 +02:00
Robert Swiecki
d0afb19431
allow for indentation of more structures (now with clang-format)
2017-10-08 23:03:02 +02:00
Robert Swiecki
74b43346bd
make indent
2017-10-08 23:00:45 +02:00
Robert Swiecki
414e999787
switch indent to clang-format completely
2017-10-08 22:52:52 +02:00
Robert Swiecki
7695be383e
mount: make mountIsDir static
2017-10-08 15:17:57 +02:00
Robert Swiecki
b7def79d90
mount: don't R/O remount mounts which were not mounted (not mandatory)
2017-10-08 01:28:45 +02:00
Robert Swiecki
0541d0dfc3
cmdline/mount: mount proc at the beginning
2017-10-07 23:32:25 +02:00
Robert Swiecki
21d08eaa67
config: make config static so we can get rid of strdup()
2017-10-07 00:18:21 +02:00
Robert Swiecki
0fb8b9379b
mount: realpath is not needed as mount will realpath the path
2017-10-03 18:37:34 +02:00
Robert Swiecki
be25a24b5b
user: more comments
2017-10-01 15:54:04 +02:00
Robert Swiecki
6c889e7135
mount: print error when --disable_clone_newns is used but no --chroot was specified
2017-10-01 05:47:10 +02:00
Robert Swiecki
2b797a19fd
mount: allow to use --disable_newuser for root users
2017-10-01 05:16:01 +02:00
Robert Swiecki
769ff19306
mount: remount / as private before doing any new mounts
2017-10-01 04:51:56 +02:00
Robert Swiecki
c4a57d592d
Make it compile (maybe) under uClibc
2017-09-29 13:07:42 +02:00
Yoshisato Yanagisawa
1389da4c91
Use 0xff as nsjail error code.
...
For ease of distinguishing errors coming from a program executed by
nsjail and errors from nsjail, let me change nsjail error exit
status code to 0xff instead of 1.
I think most of programs use EXIT_FAILURE (i.e. 1) as a default
error exit status code.
2017-09-25 14:08:22 +09:00
Robert Swiecki
374f6cc4f0
config: Initial work on converting config.c to c++ protobuf lib
...
config: Initial work on converting config.c to c++ protobuf lib #2
config: Initial work on converting config.c to c++ protobuf lib #3
config: Initial work on converting config.c to c++ protobuf lib #4
config: Initial work on converting config.c to c++ protobuf lib #5
config: Initial work on converting config.c to c++ protobuf lib #6
2017-09-14 21:17:38 +02:00
Robert Swiecki
6ce7e253f9
mount: Use MS_BIND when remounting R/O
2017-07-06 19:39:12 +02:00
Robert Swiecki
5a68595a5b
mount: allow for non-mandatory symlinks
...
mount: allow for non-mandatory symlinks
2017-07-02 03:40:47 +02:00
Robert Swiecki
e4aba73385
Allow to create symlinks
2017-06-29 00:32:20 +02:00
Robert Swiecki
7e0a4cdba8
Get number of CPUs early, as it's read from /proc
2017-06-22 03:06:53 +02:00
Robert Swiecki
e802c5c9aa
mount: use /dev/shm first as a tmp dir
2017-06-22 01:21:09 +02:00
Robert Swiecki
ca732aafda
mount: use TMPDIR to create a temporary dir
2017-06-22 00:38:49 +02:00
Robert Swiecki
d259ee4f6d
mount: more extensive search for suitable root dir
2017-06-21 19:18:02 +02:00
Robert Swiecki
7917222486
mount: Use /tmp/nsjail.[tmp|root].<orig_euid>
2017-06-21 18:29:02 +02:00
Robert Swiecki
9519f1038b
mount: introduce mountDescribeMountPt
2017-05-29 16:52:24 +02:00
Robert Swiecki
aeb2e998b8
mount: mount src_content files from other tmpfs, to avoid shadowing / of the root tmpfs with some other FS
2017-05-29 16:39:08 +02:00
Robert Swiecki
f84d20632d
mount: remove tmp file after use
2017-05-29 04:50:29 +02:00
Robert Swiecki
6380474301
Simplify mountMount
2017-05-29 03:29:14 +02:00
Robert Swiecki
0271586e81
Get rid of pivot_root_only - achieve the same in different way
2017-05-29 03:11:32 +02:00
Robert Swiecki
7b2fc9cdac
add configs/firefox-with-cloned-net.cfg
2017-05-28 16:56:16 +02:00
Robert Swiecki
1df9e9d2e1
mount: fewer warnings in a mount pt is non-mandatory #2
2017-05-28 14:53:16 +02:00
Robert Swiecki
adc14c6f18
mount: fewer warnings in a mount pt is non-mandatory
2017-05-28 14:51:09 +02:00
Robert Swiecki
5697492122
mount: canonicalize paths
2017-05-28 03:19:13 +02:00
Robert Swiecki
e68acd68eb
Support envvars on mount path definitions
2017-05-28 00:15:53 +02:00
Robert Swiecki
f2b0d039aa
mount: less logging from mountIsDir
2017-05-27 20:19:36 +02:00
Robert Swiecki
a3e673847e
mountIsDir: PLOG_E() -> PLOG_W()
2017-05-27 19:18:56 +02:00
Robert Swiecki
278711062a
mount: better logging for failed mounts #2
2017-05-27 19:14:55 +02:00
Robert Swiecki
b09f2d0a5d
mount: better logging for failed mounts
2017-05-27 19:11:19 +02:00
Robert Swiecki
71588194f3
config: smaller fixes (logging/comments)
2017-05-27 16:47:12 +02:00
Robert Swiecki
ec50c1346d
mount: nonmandatory mounts
2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89
config: allow skipping arguments in mount points
2017-05-27 15:01:34 +02:00
Robert Swiecki
c1165cf120
mount: simplify checking for whether source is dir or file
2017-05-24 14:46:44 +02:00
Robert Swiecki
73aa285121
Rework RemountRO slightly
2017-05-22 03:34:54 +02:00
Robert Swiecki
0d5befbd6f
TLS semantics for subprocCloneFlagsToStr and mountFlagsToStr
2017-05-22 01:10:49 +02:00
Robert Swiecki
609cbd6480
mount: fix new_flags while remounting RO
2017-05-21 22:52:55 +02:00