Robert Swiecki
f703d615d8
make indent
2017-10-08 00:17:47 +02:00
Robert Swiecki
c35857cff2
cmdline: use mountAddMountPt in the remaining calls
2017-10-08 00:14:24 +02:00
Robert Swiecki
0541d0dfc3
cmdline/mount: mount proc at the beginning
2017-10-07 23:32:25 +02:00
Robert Swiecki
dc2131cdd1
cmdline: use soft/hard literals instead of def/max for rlimits
2017-10-07 22:36:21 +02:00
Robert Swiecki
5d4f42a729
cmdline: missing flags for --chroot mount point
2017-10-07 22:33:46 +02:00
Robert Swiecki
a39f76924d
cmdline: use mountAddMountPt instead of adding structs explicitly
2017-10-07 22:30:19 +02:00
Robert Swiecki
6ada77d4cf
cmdline: better errors for setting rlimits
2017-10-07 12:37:26 +02:00
Robert Swiecki
e89a6f0c24
cmdline: 'inf' for rlimits
2017-10-07 12:33:19 +02:00
Robert Swiecki
aac3e112b4
cmdline: descriptions of flags
2017-10-07 12:31:54 +02:00
Robert Swiecki
5597783716
cmdline: implement --really_quiet option
2017-10-07 02:03:51 +02:00
Robert Swiecki
21d08eaa67
config: make config static so we can get rid of strdup()
2017-10-07 00:18:21 +02:00
Robert Swiecki
dbc6fab582
config: allow to use soft/hard/inf limits for rlimits
2017-10-06 22:44:27 +02:00
Robert Swiecki
c71c996143
Allow for running with --disable_newuser started as root
2017-10-01 05:32:07 +02:00
Robert Swiecki
5c3963e9a2
cmdline: various fixes of descriptions
2017-09-29 22:18:16 +02:00
Robert Swiecki
59657be88d
cmdline: correct description for rlimit_ values
2017-09-29 14:46:03 +02:00
Hamid Ebadi
cf2b7c78a6
rlimit64 to getrlimit64
2017-09-29 14:11:48 +02:00
Robert Swiecki
f0e38692a8
cmdline: print error after usage and before fatal
2017-09-27 00:47:57 +02:00
Robert Swiecki
7b2b2194ca
cmdline: configs/ for --config
2017-09-26 09:30:03 +02:00
Robert Swiecki
374f6cc4f0
config: Initial work on converting config.c to c++ protobuf lib
...
config: Initial work on converting config.c to c++ protobuf lib #2
config: Initial work on converting config.c to c++ protobuf lib #3
config: Initial work on converting config.c to c++ protobuf lib #4
config: Initial work on converting config.c to c++ protobuf lib #5
config: Initial work on converting config.c to c++ protobuf lib #6
2017-09-14 21:17:38 +02:00
Robert Swiecki
5683ea7e09
cmdline: better warning about uid/gid 0
2017-07-13 02:33:11 +02:00
Robert Swiecki
9cc85ad853
cmdline: remove unnecessary bracket
2017-07-07 15:05:22 +02:00
Robert Swiecki
39ce9d22a7
caps: just local caps
2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f
caps: simplify capability operations
2017-07-05 15:57:07 +02:00
Robert Swiecki
7ba602a6ed
caps: move capability-setting code to caps.*
2017-07-05 13:03:14 +02:00
Robert Swiecki
b36c4fb26c
make indent
2017-07-01 22:23:11 +02:00
Robert Swiecki
ac2928d1c2
cmdlink: use different name while printing symlinks/mount points
2017-06-29 00:38:20 +02:00
Robert Swiecki
e4aba73385
Allow to create symlinks
2017-06-29 00:32:20 +02:00
Robert Swiecki
7e0a4cdba8
Get number of CPUs early, as it's read from /proc
2017-06-22 03:06:53 +02:00
Robert Swiecki
7917222486
mount: Use /tmp/nsjail.[tmp|root].<orig_euid>
2017-06-21 18:29:02 +02:00
Robert Swiecki
69783dc200
config: max_cpu_num -> max_cpus
2017-06-21 17:52:16 +02:00
Robert Swiecki
f0d80bf435
cmdline: cast pid_t to unsigned long when using *rintf
2017-06-20 23:11:35 +02:00
Robert Swiecki
73f1d44c92
Allow to use IPv4 addr with --bindhost
2017-06-19 22:35:57 +02:00
Robert Swiecki
ceaed43133
config: implement max_cpu_num in PB
2017-06-19 17:05:01 +02:00
Robert Swiecki
0e7393cccf
cmdline: implement affinity setting, to limit jailed process to n max cpus
2017-06-19 17:01:50 +02:00
Robert Swiecki
1dd3223b74
iface -> iface_vs
2017-06-12 22:20:21 +02:00
Robert Swiecki
63e4059f7a
Slight fixes to log_fd
2017-06-12 00:27:27 +02:00
Tony Young
c55dc8cb12
Add an extra log_fd argument to specify an FD to log to.
...
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
2017-06-11 22:12:18 +00:00
Tony Young
d0261d281d
Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd.
2017-06-09 00:00:12 +00:00
Robert Swiecki
9519f1038b
mount: introduce mountDescribeMountPt
2017-05-29 16:52:24 +02:00
Robert Swiecki
0271586e81
Get rid of pivot_root_only - achieve the same in different way
2017-05-29 03:11:32 +02:00
Robert Swiecki
7b2fc9cdac
add configs/firefox-with-cloned-net.cfg
2017-05-28 16:56:16 +02:00
Robert Swiecki
d7ccf0c9d8
Simplify uids/gids maps
2017-05-28 01:05:27 +02:00
Robert Swiecki
ed72ce3762
cmdline: avoid using %s with nullptr
2017-05-27 17:40:30 +02:00
Robert Swiecki
ec50c1346d
mount: nonmandatory mounts
2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89
config: allow skipping arguments in mount points
2017-05-27 15:01:34 +02:00
Robert Swiecki
03e8578e79
config: executable in config
2017-05-27 02:24:41 +02:00
Robert Swiecki
53f825115f
More work on uid mappings
2017-05-26 23:26:07 +02:00
Robert Swiecki
4eaa6cc9d3
Rewrite uid mapping system
2017-05-26 23:07:47 +02:00
Robert Swiecki
8e39afa25f
config: more options in the config #5
2017-05-26 15:22:59 +02:00
Robert Swiecki
08de9db57c
config: more options in the config #4
2017-05-26 14:08:09 +02:00