woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,217 Commits 2 Branches 0 Tags 1.5 MiB
fbeac46568
Commit Graph

54 Commits

Author SHA1 Message Date
Robert Swiecki
439606be70 Makefile/indent: add AlwaysBreakBeforeMultilineStrings:false 2023-09-19 20:31:57 +02:00
Robert Swiecki
2e27593482 make indent: clang-format-18 2023-09-19 08:45:42 +02:00
Wiktor Garbacz
f920c9194e Mount read-only directly if mounting rw fails 
For new mounts if MNT_LOCK_READONLY is locked on the visible mnt
mount_too_revealing will fail and the whole mount will fail.
Those mounts need to be created with the readonly flag set.
 2023-05-16 14:07:22 +02:00
Robert Swiecki
285ea15811 subproc/mount: use better types for flags, u64 for clone, unsigned long for mount 2022-10-24 13:12:20 +02:00
Robert Swiecki
c63e5b39e8 use QC() across the code 2022-08-10 15:23:53 +02:00
Robert Swiecki
f628f74b00 mnt: quote paths in log messages 2022-08-09 12:06:42 +02:00
Robert Swiecki
4128a7cbd9 mnt: remove unnecessary quote in a debug message 2022-08-09 11:32:49 +02:00
Robert Swiecki
999d4631f3 mnt: better error messages with mandatory mount points 2022-02-10 09:51:13 +01:00
Robert Swiecki
246d4721b1 macros: make NS_VALSTR_STRUCT accept unsigned/64-bit vals 2021-09-30 16:44:48 +02:00
Wiktor Garbacz
95e112cf41 Fix formatting 2021-08-03 17:46:08 +02:00
Eli Zrihen
b83d6f7421 Renaming use_switchroot option with no_pivotroot 2021-07-20 15:45:58 +03:00
Eli Zrihen
b6576fcde7 Adding a warning when switchroot is used 2021-07-20 10:20:23 +03:00
Eli Zrihen
99507c5920 Merge branch '_test_switchroot_alternative' 2021-07-13 15:40:21 +03:00
Eli Zrihen
15205a23f9 No Yoda 2021-07-08 21:47:13 +03:00
Eli Zrihen
be302c4cc9 Comment fix 2021-06-23 14:51:34 +03:00
Eli Zrihen
dab1713ac9 Added use_switchroot option 2021-06-17 14:57:01 +03:00
Robert Swiecki
d1f332b911 Enable support for clone3() and for CLONE_NEWTIME 2021-05-18 14:38:01 +02:00
Robert Swiecki
f7554882fe make indent 2020-07-09 17:29:02 +02:00
Christian Blichmann
910fb5498c
Fix a few typos. 
These were found by external tooling while preparing the Debian package.

* Uknown -> Unknown
* Writting -> Writing
* commited -> committed
* processess -> processes

Signed-off-by: Christian Blichmann <mail@blichmann.eu>
 2020-07-07 14:07:22 +02:00
Robert Swiecki
41305fdc4d mnt: shorter description of mount points 2019-08-31 22:08:02 +02:00
Robert Swiecki
e2c5c59bd3 standardize on envar vs envvar 2019-08-28 22:18:58 +02:00
Robert Swiecki
d9efc0b3a7 mnt: use setcwd unconditionally with and w/o clone_newns 2019-08-25 11:16:12 +02:00
Robert Swiecki
a2dacef5d7 allow to use nsjail w/o namespaces 2019-03-29 21:38:14 +01:00
Robert Swiecki
331f2bcd74 mnt: try /run/user/<uid>/nsjail as a root mount dir first 2019-03-28 23:25:15 +01:00
Robert Swiecki
9fe225dbe2 mnt: use /run/usr/<uid> first when mounting dirs 2019-03-18 16:37:04 +01:00
Robert Swiecki
061e32839f use util::syscall whenever possible 2019-01-21 22:37:30 +01:00
Robert Swiecki
6217d27d61 mnt: better description for mounts 2018-11-22 08:44:25 +01:00
Robert Swiecki
122f251efd mnt: simplify debug message #2 2018-10-30 01:44:08 +01:00
Robert Swiecki
28c80845ea mnt: simplify debug message 2018-10-30 01:33:09 +01:00
Robert Swiecki
cfdf71043e mnt: simplify printing mnt points 2018-10-28 21:07:46 +01:00
Robert Swiecki
6af9565a1d mnt: function rename 2018-07-29 00:30:08 +02:00
Wiktor Garbacz
ba14675185 mnt: added nosuid/nodev/noexec flags to config 
Closes #70
 2018-07-27 11:29:15 +02:00
Wiktor Garbacz
c23d02e5f3 mnt: remount all filesystems 
Explicitly specifying RW "/" mount in config did not yield desired
result.
The reason was a default RO "/" tmpfs is prepended to mountpoint
list. All filesystems are initially mounted RW to be able to create
directories for mountpoints. Read only filesystems were remounted
during a 2nd pass, effectively overriding RW flag of fs mounted
over them.

Fixes #88
 2018-07-24 16:30:31 +02:00
Robert Swiecki
2b6955e48c A few c++isms more 2018-05-23 18:19:17 +02:00
Robert Swiecki
c365eb1766 More c++ isms 2018-05-22 14:27:18 +02:00
Robert Swiecki
f8db8c7eea mnt: add original_uid to directories created as new root by nsjail 2018-05-16 15:50:31 +02:00
Robert Swiecki
6e2e64e73e mnt: better mount flag printing 2018-04-29 00:58:35 +02:00
Robert Swiecki
6d5a2c37ff mnt: c++-ication 2018-04-27 23:58:53 +02:00
Robert Swiecki
6b74580a89 mnt: simplify mountPt 2018-02-21 03:29:26 +01:00
Robert Swiecki
2b109ea687 mnt: simpler describeMountPt 2018-02-20 16:03:32 +01:00
Robert Swiecki
70b9565250 compare behaves like strcmp with results 2018-02-19 17:41:37 +01:00
Robert Swiecki
b04b3af8e0 strcmp -> std::string::compare 2018-02-18 14:37:33 +01:00
Robert Swiecki
11195999a3 rename ARRAYSIZE to ARR_SZ due to clash with protobufs headers 2018-02-13 16:53:45 +01:00
Robert Swiecki
5a35f00e28 mnt: move mnt_t to std::string 2018-02-11 23:44:43 +01:00
Robert Swiecki
0513124b4f mnt: convert describeMountPt from const char* to std::string 2018-02-11 00:24:43 +01:00
Robert Swiecki
f2a52533be convert some funcs returning pointers to to TLS to std::string 2018-02-10 21:19:47 +01:00
Robert Swiecki
97278f191b log: rename log to logs due to clash with glibc's log 2018-02-10 17:49:15 +01:00
Robert Swiecki
4494deffa7 omit keyword 'struct' 2018-02-10 15:50:12 +01:00
Robert Swiecki
ecd4c32d9a mnt: replace sys/queue with std::vector 2018-02-10 14:38:01 +01:00
Robert Swiecki
1761ed4fdc move common.h to macros.h 2018-02-10 05:25:55 +01:00