nsjail

woj/nsjail

Fork 0

e0b941565d subproc: debug log when hotting SIHQUIT (Ctrl+\) Robert Swiecki 2020-02-17 14:11:58 +0100
ab8b319c13 subproc: verify that a pid in a pid map doesn't exist before inserting Robert Swiecki 2020-02-17 14:07:25 +0100
2cf562160d nsjail/pid/subproc: a). keep childrens' PIDs in a map indexed by pid b). correctly fetch remote IPv6 address text Robert Swiecki 2020-02-16 22:34:19 +0100
6d2503ee7b

Merge pull request #130 from happyCoder92/proxy robertswiecki 2020-02-14 17:08:41 +0100
a303054b50

Merge pull request #128 from disconnect3d/patch-2 robertswiecki 2020-02-14 17:08:07 +0100
273ce6bc84 pipe socket traffic in and out of sandboxee Wiktor Garbacz 2020-02-13 12:24:28 +0100
b3b28b7dbf Makefile: fix kafel submodule init for parallel build Wiktor Garbacz 2020-01-27 10:32:10 +0100
04e5fae0e3 subproc: recognize CLONE_PIDFD Robert Swiecki 2019-12-10 11:09:14 +0100
8407e0be46

Merge pull request #129 from disconnect3d/patch-3 robertswiecki 2019-12-07 17:24:29 +0100
7f9ed1ba12

Fix default rlimit_stack value Disconnect3d 2019-12-07 17:05:45 +0100
7eeab969f9

Update Dockerfile to use ubuntu:18.04 image Disconnect3d 2019-12-07 14:24:32 +0100
1111bb135a allow setgroups when using exclusively newgid Wiktor Garbacz 2019-11-01 13:40:25 +0100
2ca90bf208 configs/: indent Robert Swiecki 2019-10-29 01:40:52 +0100
a78019993f configs/znc: remove a problematic quote Robert Swiecki 2019-10-04 00:35:36 +0200
2c648d5879 nsjail: don't restore console if nsjail runs in background Robert Swiecki 2019-10-04 00:33:29 +0200
b3d544d155 config: simplify log/logfd setting Robert Swiecki 2019-10-02 19:43:58 +0200
0b12cedc01 configs: new config for znc - remove log_fd Robert Swiecki 2019-10-02 08:28:23 +0200
af9d4294d9 configs: new config for znc Robert Swiecki 2019-10-01 08:27:17 +0200
64275d1417 configs/xchat: daemonize by default Robert Swiecki 2019-09-28 23:00:21 +0200
8fd94f817a Merge branch 'master' of ssh://github.com/google/nsjail Robert Swiecki 2019-09-12 22:22:04 +0200
9f064737de user: better formatting directives for printf'like functions Robert Swiecki 2019-09-12 22:21:49 +0200
ba90b12234

Merge pull request #123 from LMMilewski/master robertswiecki 2019-09-07 02:04:39 +0200
0bc575063b Fix typo in config.proto: s/lofs/logs/ Lukasz Milewski 2019-09-06 15:08:30 -0700
3612c2a0b8 Merge branch 'master' of github.com:google/nsjail Robert Swiecki 2019-09-02 16:10:28 +0200
0773b75900 subproc: fix invalid conversions from util::syscall to syscall Robert Swiecki 2019-09-02 16:10:19 +0200
41305fdc4d mnt: shorter description of mount points Robert Swiecki 2019-08-31 22:08:02 +0200
e2c5c59bd3 standardize on envar vs envvar Robert Swiecki 2019-08-28 22:18:58 +0200
c1e40e809c log: close previous log descriptor a bit later: Robert Swiecki 2019-08-25 11:23:20 +0200
04f35c8848 mnt: use setcwd unconditionally with and w/o clone_newns Robert Swiecki 2019-08-25 11:17:12 +0200
d9efc0b3a7 mnt: use setcwd unconditionally with and w/o clone_newns Robert Swiecki 2019-08-25 11:16:12 +0200
b435292e9a log: a bit clearer calls to dup() Robert Swiecki 2019-08-22 13:59:15 +0200
c291b11ae6 Fix missing chdir in non-CLONE_NEWNS path Robert Swiecki 2019-08-21 14:29:35 +0200
5abfae7161 log: simplify logging code Robert Swiecki 2019-08-20 14:16:21 +0200
fe762a37b9 config.proto: move disable_rl higher Robert Swiecki 2019-08-19 14:28:45 +0200
a0cdc71ab2

Merge pull request #120 from jaylees14/disable-rlimits robertswiecki 2019-08-19 14:26:27 +0200
ac6e19d4ec Merge branch 'master' of github.com:google/nsjail Robert Swiecki 2019-08-19 11:35:17 +0200
f07c523543 net/cmdline: better checks for TCP port values Robert Swiecki 2019-08-19 11:34:34 +0200
86293b052e Add flag to disable rlimits Jay Lees 2019-08-05 03:25:22 -0700
0b1d5ac039 cgroup-code: remove some spaces to make code more consistent Robert Swiecki 2019-08-04 09:54:38 +0200
b120acd5b5 make indent depend Robert Swiecki 2019-08-04 09:50:34 +0200
5376996acc

Merge pull request #119 from jaylees14/cgroup-v2 robertswiecki 2019-08-04 09:49:35 +0200
08f62b6f76 [cgroup-v2] support cgroup v2 for mem, cpu and pids Jay Lees 2019-07-26 07:02:17 -0700
2044488520 configs/imagemagick-convert: add madvise Robert Swiecki 2019-07-12 16:07:06 +0200
4628ded479 Merge branch 'master' of github.com:google/nsjail Robert Swiecki 2019-07-01 14:52:32 +0200
d10c9fb90d Disable securebits again to avoid spawned programs unexpectedly retaining capabilities after a UID/GID change Robert Swiecki 2019-07-01 14:51:32 +0200
28d2220b1e cmdline: no need to check for nice values Robert Swiecki 2019-06-30 22:03:57 +0200
494a5f63cd Add nice_level to cmd-line/config options Robert Swiecki 2019-06-30 21:50:56 +0200
21413c4157 user: typo Robert Swiecki 2019-06-28 19:08:21 +0200
317555b687 user: don't fail on setgroup() if not groups were specified Robert Swiecki 2019-06-28 13:31:43 +0200
d56adc39c9

Merge pull request #116 from pks-t/pks/setgroups-without-userns robertswiecki 2019-06-24 14:26:19 +0200
91848d22bf user: allow setting multiple groups without user namespaces Patrick Steinhardt 2019-06-20 11:45:27 +0200
83a28cd0d3 use TEMP_FAILURE_RETRY with some restartable funcs Robert Swiecki 2019-04-17 23:10:18 +0200
c861be28a9 configs/image-magic: make convert be overridable Robert Swiecki 2019-04-01 23:32:06 +0200
8d9aaec7f0 cmdline: don't clear cmdline exec_file is arguments are provided on cmdline Robert Swiecki 2019-04-01 22:46:39 +0200
1f022a2187 config.proto: Exe.path is required Robert Swiecki 2019-04-01 22:43:17 +0200
7aa8916077 cmdline: make sure that argv[0] exists Robert Swiecki 2019-04-01 22:42:14 +0200
56b99003b4 user: function naming Robert Swiecki 2019-03-31 15:16:24 +0200
7b8da74e9f configs/firefox-with-cloned-net: add fontconfig config envvars Robert Swiecki 2019-03-30 16:20:04 +0100
8b339db721 configs/firefox: add fontconfig config envvars Robert Swiecki 2019-03-30 16:19:30 +0100
2b1bad6b5b cmdline: allow to override config cmdline with cmdline cmdline Robert Swiecki 2019-03-30 16:10:14 +0100
e3db427f0b configs/conver: revert the last one to properly figure it out Robert Swiecki 2019-03-30 15:49:18 +0100
e9d380e21f

Merge pull request #114 from disconnect3d/patch-1 robertswiecki 2019-03-30 15:45:04 +0100
e6abcae13b

Fixes issue #113 Disconnect3d 2019-03-29 23:48:56 +0100
3a69090a89 nsjail: remove warning about CLONE_NEWUSER Robert Swiecki 2019-03-29 21:42:05 +0100
a2dacef5d7 allow to use nsjail w/o namespaces Robert Swiecki 2019-03-29 21:38:14 +0100
331f2bcd74 mnt: try /run/user/<uid>/nsjail as a root mount dir first Robert Swiecki 2019-03-28 23:25:15 +0100
9fe225dbe2 mnt: use /run/usr/<uid> first when mounting dirs Robert Swiecki 2019-03-18 16:37:04 +0100
8059747016 subproc: save/restore errno when printing error message twice Robert Swiecki 2019-03-12 17:07:24 +0100
46f463a62c flush stdin after nsjail ends Robert Swiecki 2019-03-10 15:00:45 +0100
f80318fe2c

Merge pull request #109 from disconnect3d/fix-cgroup-cpu-mount-option robertswiecki 2019-03-06 08:18:35 +0100
de872dc6b8 Fix #108 - missing cgroup_cpu_mount option setting disconnect3d 2019-03-05 16:41:38 -0600
86f0f088ae

Merge pull request #107 from adamcarheden/tomcat robertswiecki 2019-03-01 16:48:18 +0100
6f7a3fb8e9 Added example config for tomcat Adam Carheden 2019-02-12 12:31:40 -0700
9b8d91bd7f incrase the default RLIMIT_AS limit to 4GiB. 512MiB is not enough for many payloas, and cgroups should be used for memory limiting anyway Robert Swiecki 2019-02-06 17:06:42 +0100
5b374bbf8c

Merge pull request #104 from adamcarheden/libnl-dep robertswiecki 2019-01-29 21:04:25 +0100
7969e2b2aa Fixed missing dependency on libnl-route-3-dev Adam Carheden 2019-01-29 09:48:35 -0700
9782f7bb39 util: call ::syscall for syscall() Robert Swiecki 2019-01-21 22:42:34 +0100
061e32839f use util::syscall whenever possible Robert Swiecki 2019-01-21 22:37:30 +0100
681fce1cc4 util: introduce syscall to avoid vararg argument parsing Robert Swiecki 2019-01-21 22:25:37 +0100
d1151ea4bd contain: log formatting Robert Swiecki 2019-01-21 20:03:17 +0100
fafef711ad configs/xorg: add /dev/[u]random Robert Swiecki 2019-01-20 21:41:10 +0100
91b81f4e7a cmdline: more bried debug output Robert Swiecki 2019-01-20 18:43:42 +0100
1619efd2a9 log: don't print description of level with HELP/HELP_BOLD Robert Swiecki 2019-01-20 18:41:44 +0100
83fc152d7c Make netlink3-route mandatory Robert Swiecki 2019-01-20 18:37:47 +0100
c7a313123b

Merge pull request #103 from remexre/master happyCoder92 2019-01-09 14:01:16 +0100
d1d61fc837

Fixes typo in manpage. Nathan Ringo 2019-01-09 00:24:34 -1000
bc18f0ef0f

Merge pull request #102 from jvvv/master happyCoder92 2019-01-07 14:39:57 +0100
f2fc5a9406 open might return EINTR Robert Swiecki 2019-01-06 00:03:36 +0100
48f67f131a subproc: PLOG -> LOG Robert Swiecki 2019-01-04 01:41:26 +0100
6a4315f318 More of RETURN_ON_FAILURE Robert Swiecki 2019-01-01 11:36:02 +0100
a6e069f514 README.md: update cgroup_cpu_ms_per_sec John Vogel 2018-12-22 01:03:34 -0500
6a4f5c110b make indent Robert Swiecki 2018-12-17 08:46:31 +0100
28092c45ce logs: va_end() used too early Robert Swiecki 2018-12-16 14:22:01 +0100
451f064851 logs: avoid multiple syscall(__NR_write) in logs Robert Swiecki 2018-12-16 11:55:33 +0100
40083ed115 logs: use anonymous struct Robert Swiecki 2018-12-16 07:47:22 +0100
432c38ad23 cmdline: clarify cgroup_cpu_ms_per_sec Robert Swiecki 2018-12-05 14:35:16 +0100
864aa72a2a subproc: print more data on sigsys Robert Swiecki 2018-12-05 10:10:21 +0100
dfba744bfc Merge branch 'master' of ssh://github.com/google/nsjail Robert Swiecki 2018-11-25 23:12:43 +0100
7a5cf69883

Merge pull request #99 from rutsky/writeToFd_return_type robertswiecki 2018-11-25 23:12:23 +0100
ec0d4174f1 fix writeToFD() return type in declaration Vladimir Rutsky 2018-11-25 18:26:52 +0100

Commit Graph Select branches Hide Pull Requests master stat Mono Color

Commit Graph

Select branches

Hide Pull Requests

master

stat