Jagger
|
8907d06693
|
Enable OOM-killer for cgroups
|
2016-06-19 18:40:16 +02:00 |
|
Jagger
|
3e91d44145
|
Use cgroups_mem_max to enable memory limits
|
2016-06-19 18:12:15 +02:00 |
|
Jagger
|
1798b0de21
|
Use fname in cgroups
|
2016-06-19 16:41:26 +02:00 |
|
Jagger
|
51797dd270
|
Disable oom_killer
|
2016-06-19 16:39:41 +02:00 |
|
Jagger
|
ac06ff56c9
|
Remove cgroup before reporting process being finished
|
2016-06-19 16:02:00 +02:00 |
|
Jagger
|
827e1a4e7d
|
Init cgroups from parent
|
2016-06-19 15:50:25 +02:00 |
|
Jagger
|
c93d926189
|
Create sub-cgroups instead of using the parent one
|
2016-06-19 14:58:18 +02:00 |
|
Jagger
|
640ae23a71
|
More use examples
|
2016-06-19 14:32:27 +02:00 |
|
Jagger
|
0498920fce
|
Unmount cgroup FS after use
|
2016-06-19 14:25:41 +02:00 |
|
Jagger
|
edab0fe9e4
|
More debug for cgroups
|
2016-06-19 14:05:19 +02:00 |
|
Jagger
|
e3a351b335
|
More memory cgroup controls
|
2016-06-19 13:54:36 +02:00 |
|
Jagger
|
6223ccebf1
|
Rudimentary cgroup support
|
2016-06-19 12:47:28 +02:00 |
|
Jagger
|
a1f0ec7925
|
Support for CLONE_NEWCGROUP
|
2016-06-19 11:55:55 +02:00 |
|
Jagger
|
df97c0fe74
|
Use NULL as src for mounting proc and tmpfs
|
2016-06-19 01:35:06 +02:00 |
|
Jagger
|
2e523ae4b8
|
/proc is ro by defauly
|
2016-06-19 01:05:31 +02:00 |
|
Jagger
|
da0f4c0695
|
Better logging for closing(fd)
|
2016-06-18 11:08:35 +02:00 |
|
Jagger
|
53d8e16a01
|
cmdline typos
|
2016-06-18 01:24:57 +02:00 |
|
Jagger
|
86ddf16279
|
Implement --pass_fd
|
2016-06-18 00:46:57 +02:00 |
|
Jagger
|
d4912847ed
|
Make it compile with clang
|
2016-06-12 13:07:40 +02:00 |
|
Jagger
|
78bc1ce932
|
Logs LOG/PLOG
|
2016-06-05 19:09:14 +02:00 |
|
Jagger
|
842e54b0a0
|
LOG->PLOG
|
2016-05-15 02:32:50 +02:00 |
|
Jagger
|
f06084bbea
|
Order of includes
|
2016-05-14 03:38:15 +02:00 |
|
Robert Swiecki
|
3edc8bf4a7
|
Move PID ns to a separate module
|
2016-05-13 17:07:44 +02:00 |
|
Jagger
|
d78e141f70
|
Use a subprocess to setup unshare mount /proc
|
2016-05-12 22:25:48 +02:00 |
|
Robert Swiecki
|
0f8fbf7ad9
|
Use dummy init with -Me
|
2016-05-11 16:20:05 +02:00 |
|
Robert Swiecki
|
0339d0497f
|
Description for -Me
|
2016-05-10 15:54:10 +02:00 |
|
Robert Swiecki
|
5e0b5d92b8
|
Use %td instead of %tx for syscall number
|
2016-05-10 15:47:13 +02:00 |
|
Robert Swiecki
|
0493176513
|
Syscall printing
|
2016-05-10 15:45:48 +02:00 |
|
Jagger
|
19c9598631
|
Use examples
|
2016-05-10 00:54:25 +02:00 |
|
Jagger
|
a6062dd03a
|
Restart fcntl()
|
2016-05-09 23:45:56 +02:00 |
|
Jagger
|
4a5a796d26
|
Make it compile (de-facto) with clang
|
2016-05-09 23:16:26 +02:00 |
|
Jagger
|
95217d6d55
|
Restarts with interruptible syscalls
|
2016-05-09 23:11:18 +02:00 |
|
Robert Swiecki
|
6e25d47eba
|
Cover interruptible syscalls with TEMP_FAILURE_RETRY
|
2016-05-09 15:16:26 +02:00 |
|
Jagger
|
c77d2097ff
|
Print hex always as 0x
|
2016-05-08 04:00:33 +02:00 |
|
Jagger
|
994af12692
|
Indent
|
2016-05-08 03:36:31 +02:00 |
|
Jagger
|
d5162548b3
|
Print seccomp-bpf arguments in an organized way
|
2016-05-08 03:36:16 +02:00 |
|
Jagger
|
73c847fc98
|
Print /proc/<pid>/syscall upon SIGSYS
|
2016-05-08 03:09:43 +02:00 |
|
Jagger
|
590899b7b8
|
Make -Me work again
|
2016-05-05 05:44:12 +02:00 |
|
Jagger
|
2603deb84c
|
No need to set return value with timeouts
|
2016-05-05 05:39:57 +02:00 |
|
Jagger
|
5bbfd06dcc
|
Return 0 only of child returned 0
|
2016-05-05 05:12:06 +02:00 |
|
Jagger
|
87f1883c69
|
wait4 instead of waitpid
|
2016-05-05 05:07:21 +02:00 |
|
Jagger
|
070939e18a
|
Better check for SIGSYS
|
2016-05-05 05:04:01 +02:00 |
|
Jagger
|
99ca4c5df2
|
isprint misbehaves with some glibc versions
|
2016-05-05 03:53:53 +02:00 |
|
Jagger
|
dc66939d67
|
Have some syscall to test seccomp-bpf
|
2016-05-05 02:00:41 +02:00 |
|
Jagger
|
de9ff2382e
|
Report seccomp violations
|
2016-05-05 01:58:26 +02:00 |
|
Jagger
|
27f7bf9a8c
|
Add KILL as a synonym for DENY
|
2016-05-05 01:18:14 +02:00 |
|
Robert Swiecki
|
88e81e3e4b
|
No need to read from pipefd at the end of subproc
|
2016-04-25 16:06:19 +02:00 |
|
Robert Swiecki
|
56cf3d2b22
|
Enable seccomp for all archs
|
2016-04-25 15:49:26 +02:00 |
|
Jagger
|
8371afabb9
|
read() -> utilReadFromFd()
|
2016-04-25 02:01:26 +02:00 |
|
Jagger
|
57a523dd08
|
Use defer {} instead of DEFER()
|
2016-04-23 04:22:31 +02:00 |
|