woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
629 Commits 2 Branches 0 Tags 1.5 MiB
f703d615d8
Commit Graph

147 Commits

Author SHA1 Message Date
Robert Swiecki
f703d615d8 make indent 2017-10-08 00:17:47 +02:00
Robert Swiecki
c35857cff2 cmdline: use mountAddMountPt in the remaining calls 2017-10-08 00:14:24 +02:00
Robert Swiecki
0541d0dfc3 cmdline/mount: mount proc at the beginning 2017-10-07 23:32:25 +02:00
Robert Swiecki
dc2131cdd1 cmdline: use soft/hard literals instead of def/max for rlimits 2017-10-07 22:36:21 +02:00
Robert Swiecki
5d4f42a729 cmdline: missing flags for --chroot mount point 2017-10-07 22:33:46 +02:00
Robert Swiecki
a39f76924d cmdline: use mountAddMountPt instead of adding structs explicitly 2017-10-07 22:30:19 +02:00
Robert Swiecki
6ada77d4cf cmdline: better errors for setting rlimits 2017-10-07 12:37:26 +02:00
Robert Swiecki
e89a6f0c24 cmdline: 'inf' for rlimits 2017-10-07 12:33:19 +02:00
Robert Swiecki
aac3e112b4 cmdline: descriptions of flags 2017-10-07 12:31:54 +02:00
Robert Swiecki
5597783716 cmdline: implement --really_quiet option 2017-10-07 02:03:51 +02:00
Robert Swiecki
21d08eaa67 config: make config static so we can get rid of strdup() 2017-10-07 00:18:21 +02:00
Robert Swiecki
dbc6fab582 config: allow to use soft/hard/inf limits for rlimits 2017-10-06 22:44:27 +02:00
Robert Swiecki
c71c996143 Allow for running with --disable_newuser started as root 2017-10-01 05:32:07 +02:00
Robert Swiecki
5c3963e9a2 cmdline: various fixes of descriptions 2017-09-29 22:18:16 +02:00
Robert Swiecki
59657be88d cmdline: correct description for rlimit_ values 2017-09-29 14:46:03 +02:00
Hamid Ebadi
cf2b7c78a6 rlimit64 to getrlimit64 2017-09-29 14:11:48 +02:00
Robert Swiecki
f0e38692a8 cmdline: print error after usage and before fatal 2017-09-27 00:47:57 +02:00
Robert Swiecki
7b2b2194ca cmdline: configs/ for --config 2017-09-26 09:30:03 +02:00
Robert Swiecki
374f6cc4f0 config: Initial work on converting config.c to c++ protobuf lib 
config: Initial work on converting config.c to c++ protobuf lib #2

config: Initial work on converting config.c to c++ protobuf lib #3

config: Initial work on converting config.c to c++ protobuf lib #4

config: Initial work on converting config.c to c++ protobuf lib #5

config: Initial work on converting config.c to c++ protobuf lib #6
 2017-09-14 21:17:38 +02:00
Robert Swiecki
5683ea7e09 cmdline: better warning about uid/gid 0 2017-07-13 02:33:11 +02:00
Robert Swiecki
9cc85ad853 cmdline: remove unnecessary bracket 2017-07-07 15:05:22 +02:00
Robert Swiecki
39ce9d22a7 caps: just local caps 2017-07-05 17:29:57 +02:00
Robert Swiecki
54a522326f caps: simplify capability operations 2017-07-05 15:57:07 +02:00
Robert Swiecki
7ba602a6ed caps: move capability-setting code to caps.* 2017-07-05 13:03:14 +02:00
Robert Swiecki
b36c4fb26c make indent 2017-07-01 22:23:11 +02:00
Robert Swiecki
ac2928d1c2 cmdlink: use different name while printing symlinks/mount points 2017-06-29 00:38:20 +02:00
Robert Swiecki
e4aba73385 Allow to create symlinks 2017-06-29 00:32:20 +02:00
Robert Swiecki
7e0a4cdba8 Get number of CPUs early, as it's read from /proc 2017-06-22 03:06:53 +02:00
Robert Swiecki
7917222486 mount: Use /tmp/nsjail.[tmp|root].<orig_euid> 2017-06-21 18:29:02 +02:00
Robert Swiecki
69783dc200 config: max_cpu_num -> max_cpus 2017-06-21 17:52:16 +02:00
Robert Swiecki
f0d80bf435 cmdline: cast pid_t to unsigned long when using *rintf 2017-06-20 23:11:35 +02:00
Robert Swiecki
73f1d44c92 Allow to use IPv4 addr with --bindhost 2017-06-19 22:35:57 +02:00
Robert Swiecki
ceaed43133 config: implement max_cpu_num in PB 2017-06-19 17:05:01 +02:00
Robert Swiecki
0e7393cccf cmdline: implement affinity setting, to limit jailed process to n max cpus 2017-06-19 17:01:50 +02:00
Robert Swiecki
1dd3223b74 iface -> iface_vs 2017-06-12 22:20:21 +02:00
Robert Swiecki
63e4059f7a Slight fixes to log_fd 2017-06-12 00:27:27 +02:00
Tony Young
c55dc8cb12 Add an extra log_fd argument to specify an FD to log to. 
In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.
 2017-06-11 22:12:18 +00:00
Tony Young
d0261d281d Add an --exec_file argument to allow argv[0] to differ from the binary being exec'd. 2017-06-09 00:00:12 +00:00
Robert Swiecki
9519f1038b mount: introduce mountDescribeMountPt 2017-05-29 16:52:24 +02:00
Robert Swiecki
0271586e81 Get rid of pivot_root_only - achieve the same in different way 2017-05-29 03:11:32 +02:00
Robert Swiecki
7b2fc9cdac add configs/firefox-with-cloned-net.cfg 2017-05-28 16:56:16 +02:00
Robert Swiecki
d7ccf0c9d8 Simplify uids/gids maps 2017-05-28 01:05:27 +02:00
Robert Swiecki
ed72ce3762 cmdline: avoid using %s with nullptr 2017-05-27 17:40:30 +02:00
Robert Swiecki
ec50c1346d mount: nonmandatory mounts 2017-05-27 15:17:11 +02:00
Robert Swiecki
f0cb243a89 config: allow skipping arguments in mount points 2017-05-27 15:01:34 +02:00
Robert Swiecki
03e8578e79 config: executable in config 2017-05-27 02:24:41 +02:00
Robert Swiecki
53f825115f More work on uid mappings 2017-05-26 23:26:07 +02:00
Robert Swiecki
4eaa6cc9d3 Rewrite uid mapping system 2017-05-26 23:07:47 +02:00
Robert Swiecki
8e39afa25f config: more options in the config #5 2017-05-26 15:22:59 +02:00
Robert Swiecki
08de9db57c config: more options in the config #4 2017-05-26 14:08:09 +02:00