Robert Swiecki
d9cb28b97d
Use kafel unconditionally
2017-05-08 15:50:29 +02:00
Robert Swiecki
6596adb5e2
cmdline: 'i'
2017-05-07 21:10:39 +02:00
Robert Swiecki
ec765851f4
apply --rw to /proc as well
2017-04-22 23:54:33 +02:00
Robert Swiecki
cc5d4b65c9
cgroups: support for PIDs
2017-04-20 17:48:20 +02:00
Sam Clegg
74010d0c45
Exit with non-zero status on bad command line option
2017-02-15 17:23:55 -08:00
Robert Swiecki
478d2b3789
cmdline: provide both -v/verbose and -q/quiet for logging
2017-02-14 21:54:02 +01:00
Robert Swiecki
9f832aa35a
Uid/Gid fix
2017-02-08 00:42:23 +01:00
Robert Swiecki
4a154733e0
Allow to specify multiple uid/gid maps
2017-02-08 00:36:32 +01:00
Robert Swiecki
a0cc72aa5c
cmdline: typo
2017-01-28 14:25:09 +01:00
Robert Swiecki
c9847562dd
Less use of USE_KAFEL
2016-10-17 18:17:08 +02:00
Robert Swiecki
238df2ed87
Missing USE_KAFEL defines
2016-10-17 18:09:05 +02:00
Robert Swiecki
950c91e4dd
Allow to use kafel_string
2016-10-12 03:52:08 +02:00
Robert Swiecki
df38185c6f
Slight rework of kafel use
2016-10-12 03:15:33 +02:00
Robert Swiecki
a30e2f107c
Make indent
2016-10-12 00:59:10 +02:00
Stephen Röttger
f4d43e3336
New option pivot_root_only to support nested namespaces
...
If pivot_root_only is setthe chroot in the job setup will be skipped.
2016-09-30 16:30:59 +02:00
robertswiecki
f995ff9475
Merge pull request #9 from sroettger/newuidmap
...
Support more complex uid and gid mappings
2016-09-30 16:03:33 +02:00
Stephen Röttger
1c950391a1
Support more complex uid and gid mappings
...
Introduces the new options uid_mapping and gid_mapping that specify
arbitrary custom mappings. If these options are used, nsjail will
use newuidmap/newgidmap to write the map files.
2016-09-30 15:30:15 +02:00
robertswiecki
8a63a24981
Merge pull request #8 from sroettger/no_no_new_privs
...
new flag to skip no_new_privs: --disable_no_new_privs
2016-09-30 15:27:07 +02:00
Stephen Röttger
6501357f98
new flag to skip no_new_privs: --disable_no_new_privs
2016-09-30 15:23:04 +02:00
Jagger
06e353a8e1
seccomp_policy cmdline
2016-09-30 11:57:11 +02:00
Wiktor Garbacz
551ed4ca05
Kafel support
2016-09-29 16:22:09 +02:00
Jagger
1d9b33b06b
Make MODE_STANDALONE_ONCE the default mode
2016-08-18 21:31:07 +02:00
Jagger
a00f5a6424
Dont mount /proc as RO
2016-08-16 22:42:15 +02:00
Jagger
88ce7d240a
Default chroot is empty now
2016-08-16 22:07:44 +02:00
Robert Swiecki
432c82bb34
Make it a bit more standards friendly
2016-07-21 15:48:47 +02:00
Jagger
1a9de4ef91
cmdline help
2016-06-19 19:21:45 +02:00
Jagger
3e91d44145
Use cgroups_mem_max to enable memory limits
2016-06-19 18:12:15 +02:00
Jagger
827e1a4e7d
Init cgroups from parent
2016-06-19 15:50:25 +02:00
Jagger
c93d926189
Create sub-cgroups instead of using the parent one
2016-06-19 14:58:18 +02:00
Jagger
e3a351b335
More memory cgroup controls
2016-06-19 13:54:36 +02:00
Jagger
a1f0ec7925
Support for CLONE_NEWCGROUP
2016-06-19 11:55:55 +02:00
Jagger
df97c0fe74
Use NULL as src for mounting proc and tmpfs
2016-06-19 01:35:06 +02:00
Jagger
2e523ae4b8
/proc is ro by defauly
2016-06-19 01:05:31 +02:00
Jagger
53d8e16a01
cmdline typos
2016-06-18 01:24:57 +02:00
Jagger
86ddf16279
Implement --pass_fd
2016-06-18 00:46:57 +02:00
Robert Swiecki
0339d0497f
Description for -Me
2016-05-10 15:54:10 +02:00
Jagger
19c9598631
Use examples
2016-05-10 00:54:25 +02:00
Jagger
99ca4c5df2
isprint misbehaves with some glibc versions
2016-05-05 03:53:53 +02:00
Jagger
8f68fab29c
--bindhost help
2016-03-11 02:57:02 +01:00
Jagger
75f96e4ca8
cmdline: [val] -> VALUE
2016-03-10 01:33:58 +01:00
Jagger
a71371e327
Check for gcc in Makefile
2016-03-09 00:56:20 +01:00
Jagger
22f6e31e89
Make nsjconf initialization from const struct
2016-03-02 02:35:38 +01:00
Jagger
e35b345163
Support for --chroot ""
2016-03-02 02:30:30 +01:00
Robert Swiecki
b89b8cfbc7
Fix common.h includes
2016-03-01 17:03:11 +01:00
Robert Swiecki
cc987ec775
Add locked mount flags during remounting
2016-03-01 15:36:32 +01:00
Jagger
6c5c80256d
Make valgrind silent
2016-02-29 22:22:03 +01:00
Robert Swiecki
296ef302e4
Better cmdline descriptions
2016-02-29 20:20:38 +01:00
Robert Swiecki
af6a6bb2dc
Don't initialize the 'vs' interface by default
2016-02-29 17:50:25 +01:00
Robert Swiecki
872a561b4c
Better description for --user / --group
2016-02-29 15:47:33 +01:00
Robert Swiecki
4cb1c01938
Default values for 'vs' interface
2016-02-29 15:36:31 +01:00
Jagger
e4ac7f411c
Default net values for 'vs'
2016-02-29 02:59:59 +01:00
Jagger
d2f47fff92
Add network configuration for the 'vs' interface
2016-02-29 02:51:55 +01:00
Jagger
43983cbb17
Add --iface_lo_up
2016-02-29 00:14:36 +01:00
Jagger
6218fe2336
Implementation of netSystemSbinIp
2016-02-28 23:40:34 +01:00
Jagger
8d641169e3
Initialize user/group maps from the parent process
2016-02-28 02:34:43 +01:00
Jagger
ad4b0105a7
No need to add (default:none) in cmdline
2016-02-28 01:52:09 +01:00
Robert Swiecki
be639261b5
Automatically create destination dir for 'proc' and 'tmpfs' mounts
2016-02-25 18:45:23 +01:00
Robert Swiecki
9852028522
Implement --bindhost
2016-02-25 18:27:48 +01:00
Robert Swiecki
5b78d31f3f
Remove (disable: false) from cmdline.c as it's obvious
2016-02-16 18:56:52 +01:00
Robert Swiecki
aebc3dba41
Env variables (setting/clearing)
2016-01-26 17:42:10 +01:00
Jagger
fd98f4009e
Default re-chroot to '/'
2016-01-25 22:27:06 +01:00
Robert Swiecki
87829e3f6e
Implement --skip_setsid
2016-01-25 18:09:32 +01:00
Jagger
d36deb5d0d
Use --user x:y notation (not working yet)
2016-01-23 07:05:24 +01:00
Jagger
24af1c6d98
Introduce util.c
2016-01-17 04:14:09 +01:00
Robert Swiecki
307a6f0257
Create a file/dir inside jail beforemounting
2016-01-14 15:44:29 +01:00
Robert Swiecki
42efeb6073
Add --cmd
2016-01-14 15:26:18 +01:00
Jagger
dcd80af9bc
Revert of .chroot = NULL
2016-01-09 16:11:31 +01:00
Jagger
2765e58c4e
Use TAILQ instead of LIST to insert new mount entries at the end
2016-01-09 16:09:05 +01:00
Jamy Timmermans
93abc40dde
Add a cwd
option
...
This way the process being spawned can be in a directory if the
spawner’s choosing (as ling as it’s available in the chroot)
2015-11-07 13:01:44 +01:00
Jagger
5f5e496179
Make it compile with -m32
2015-10-18 20:47:44 +02:00
Jagger
49faea78b0
Use 0x%tx for uintptr_t
2015-10-17 19:14:57 +02:00
Jagger
59cedfe10f
Use just a single list for mount-points (RO, RW, chroot)
2015-10-17 16:48:30 +02:00
Robert Swiecki
5202a7fc07
Use rlimit64
2015-10-13 19:06:59 +02:00
Jagger
da4fc22eab
indent 100
2015-08-15 20:10:07 +02:00
Jagger
c93ac358e1
Fixed flag description for --log
2015-08-15 16:05:57 +02:00
Jagger
701825970a
Implementation of MODE_STANDALONE_EXECVE
2015-08-15 16:02:38 +02:00
Jagger
292a8af67f
Use 'R' as an alias for bindmount_ro
2015-08-12 04:27:57 +02:00
Jagger
e3fe2d183c
tmpfs_size (size_t) + indent
2015-07-08 00:54:59 +02:00
JT Olds
8841a08dd3
Make tmpfs size configurable
2015-07-07 15:42:25 -06:00
JT Olds
821eb78054
Improve bindmount interface.
...
Now supports readonly bindmounts and
differentiating between source and target path.
2015-07-07 11:52:32 -06:00
Jagger
5dfdb470cd
Replace self-made list of pointers with queue.h
2015-06-18 03:00:39 +02:00
Robert Swiecki
1c99a839ac
Initialize nsjconf structure in the commandline module:
2015-06-17 16:52:51 +02:00
Jagger
9960304cab
A crude way of cloning an eth interface
2015-05-28 03:37:08 +02:00
Jagger
ab68730861
More descriptive help for -T
2015-05-21 00:36:28 +02:00
Robert Swiecki
0ca35aa942
Initial import
2015-05-14 23:44:48 +02:00