Robert Swiecki
|
e2529ce04f
|
Makefile/indent: base it on the google template with modifications
|
2017-10-26 00:26:02 +02:00 |
|
Robert Swiecki
|
5ef11f65a4
|
No need to use '== true'
|
2017-10-18 15:41:16 +02:00 |
|
Robert Swiecki
|
152d6d68ae
|
simplify includes, remove unneeded, add needed
|
2017-10-18 14:46:17 +02:00 |
|
Robert Swiecki
|
4ffec405de
|
Makefile: add columnt limit to the indent
|
2017-10-17 15:22:23 +02:00 |
|
Robert Swiecki
|
74b43346bd
|
make indent
|
2017-10-08 23:00:45 +02:00 |
|
Robert Swiecki
|
7fa94b8e8c
|
contain: remove unnecessary includes
|
2017-10-01 19:08:31 +02:00 |
|
Robert Swiecki
|
02951e0ac8
|
user: simplify login when running with --disable_clonew_newuser by using prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_NO_SETUID_FIXUP)
|
2017-10-01 16:11:46 +02:00 |
|
Robert Swiecki
|
c71c996143
|
Allow for running with --disable_newuser started as root
|
2017-10-01 05:32:07 +02:00 |
|
Robert Swiecki
|
2b797a19fd
|
mount: allow to use --disable_newuser for root users
|
2017-10-01 05:16:01 +02:00 |
|
Robert Swiecki
|
3c0e300794
|
contain: use setrlimit64 instead of syscall(__NR_prlimit64)
|
2017-09-29 14:32:39 +02:00 |
|
Robert Swiecki
|
c4a57d592d
|
Make it compile (maybe) under uClibc
|
2017-09-29 13:07:42 +02:00 |
|
Robert Swiecki
|
39ce9d22a7
|
caps: just local caps
|
2017-07-05 17:29:57 +02:00 |
|
Robert Swiecki
|
7ba602a6ed
|
caps: move capability-setting code to caps.*
|
2017-07-05 13:03:14 +02:00 |
|
Robert Swiecki
|
d259ee4f6d
|
mount: more extensive search for suitable root dir
|
2017-06-21 19:18:02 +02:00 |
|
Robert Swiecki
|
0e7393cccf
|
cmdline: implement affinity setting, to limit jailed process to n max cpus
|
2017-06-19 17:01:50 +02:00 |
|
Robert Swiecki
|
a55ff63861
|
make indent
|
2017-06-11 01:34:20 +02:00 |
|
Robert Swiecki
|
b5d3bf64cb
|
contain: use open('abc', O_DIRECTORY|O_CLOEXEC) instead of opendir()
|
2017-06-09 14:40:44 +02:00 |
|
Robert Swiecki
|
5b07ba1d32
|
contain: capabilities
|
2017-02-12 16:54:39 +01:00 |
|
Robert Swiecki
|
341832d755
|
Duplicate logging fd, so it can be used from child process
|
2017-02-11 20:33:54 +01:00 |
|
Robert Swiecki
|
3b83267cfd
|
Init user-ns setresuid/setresgid before initializing other NSes
|
2017-02-07 18:31:50 +01:00 |
|
Robert Swiecki
|
7917aae84d
|
keep_caps: make effective caps eq to permitted
|
2017-01-23 12:02:48 +01:00 |
|
Robert Swiecki
|
20745a455d
|
Support for ambient capabilities
|
2017-01-21 00:15:03 +01:00 |
|
Stephen Röttger
|
6501357f98
|
new flag to skip no_new_privs: --disable_no_new_privs
|
2016-09-30 15:23:04 +02:00 |
|
Robert Swiecki
|
1dc33c7bcf
|
Remove defer{} calls
|
2016-07-29 15:38:22 +02:00 |
|
Robert Swiecki
|
f3b70cc314
|
Remove -lBlocksRuntime
|
2016-07-27 14:04:03 +02:00 |
|
Robert Swiecki
|
432c82bb34
|
Make it a bit more standards friendly
|
2016-07-21 15:48:47 +02:00 |
|
Jagger
|
4bc5632af4
|
Report failure of setting fcntl(FD_CLOEXEC) as error
|
2016-06-20 22:59:29 +02:00 |
|
Jagger
|
827e1a4e7d
|
Init cgroups from parent
|
2016-06-19 15:50:25 +02:00 |
|
Jagger
|
6223ccebf1
|
Rudimentary cgroup support
|
2016-06-19 12:47:28 +02:00 |
|
Jagger
|
da0f4c0695
|
Better logging for closing(fd)
|
2016-06-18 11:08:35 +02:00 |
|
Jagger
|
86ddf16279
|
Implement --pass_fd
|
2016-06-18 00:46:57 +02:00 |
|
Robert Swiecki
|
3edc8bf4a7
|
Move PID ns to a separate module
|
2016-05-13 17:07:44 +02:00 |
|
Jagger
|
a6062dd03a
|
Restart fcntl()
|
2016-05-09 23:45:56 +02:00 |
|
Robert Swiecki
|
6e25d47eba
|
Cover interruptible syscalls with TEMP_FAILURE_RETRY
|
2016-05-09 15:16:26 +02:00 |
|
Jagger
|
57a523dd08
|
Use defer {} instead of DEFER()
|
2016-04-23 04:22:31 +02:00 |
|
Robert Swiecki
|
3bc8cce90e
|
No need to redirect log fd anymore
|
2016-03-15 20:42:03 +01:00 |
|
Jagger
|
4ae2c027ac
|
Cleaner impl. of DEFER
|
2016-03-10 22:56:26 +01:00 |
|
Jagger
|
09e08a2c1f
|
More defers
|
2016-03-08 22:54:35 +01:00 |
|
Robert Swiecki
|
eb52ab9a2b
|
Move contain fnctions into contain.c
|
2016-03-08 15:57:09 +01:00 |
|
Robert Swiecki
|
8793dc4c9e
|
Remove caps from the bounding set
|
2016-03-08 15:10:21 +01:00 |
|
Robert Swiecki
|
9cc41e820f
|
Separate uts.* module
|
2016-03-03 16:09:25 +01:00 |
|
Robert Swiecki
|
2c1ff531e3
|
Clearer naming of net functions
|
2016-03-03 15:43:40 +01:00 |
|
Robert Swiecki
|
e02d4e4edf
|
Separate mount.c module
|
2016-03-03 15:37:04 +01:00 |
|
Robert Swiecki
|
b89b8cfbc7
|
Fix common.h includes
|
2016-03-01 17:03:11 +01:00 |
|
Robert Swiecki
|
b0c5baa45d
|
Comment on statvfs
|
2016-03-01 16:01:39 +01:00 |
|
Robert Swiecki
|
60ece3a192
|
Typo
|
2016-03-01 15:38:58 +01:00 |
|
Robert Swiecki
|
cc987ec775
|
Add locked mount flags during remounting
|
2016-03-01 15:36:32 +01:00 |
|
Robert Swiecki
|
f258316f5e
|
More specific error message for EACCES during mount()
|
2016-03-01 15:02:33 +01:00 |
|
Robert Swiecki
|
114ce7e976
|
Make it possible to compile with clang
|
2016-02-29 19:09:39 +01:00 |
|
Jagger
|
d2f47fff92
|
Add network configuration for the 'vs' interface
|
2016-02-29 02:51:55 +01:00 |
|