platform/upstream/nsjail.git
6 years agoLog to a duplicate of stderr initially
Robert Swiecki [Thu, 7 Jun 2018 16:42:34 +0000 (18:42 +0200)]
Log to a duplicate of stderr initially

6 years agomake indent depend
Robert Swiecki [Thu, 7 Jun 2018 16:37:17 +0000 (18:37 +0200)]
make indent depend

6 years agologs: lower logfile error to warning
Robert Swiecki [Thu, 7 Jun 2018 14:57:43 +0000 (16:57 +0200)]
logs: lower logfile error to warning

6 years agologs: use log file/level immediately
Robert Swiecki [Thu, 7 Jun 2018 14:51:50 +0000 (16:51 +0200)]
logs: use log file/level immediately

6 years agoMerge branch 'master' of github.com:google/nsjail
Robert Swiecki [Thu, 7 Jun 2018 12:59:32 +0000 (14:59 +0200)]
Merge branch 'master' of github.com:google/nsjail

6 years agosubproc: replicate bash behavior on exit values
Robert Swiecki [Thu, 7 Jun 2018 12:59:12 +0000 (14:59 +0200)]
subproc: replicate bash behavior on exit values

6 years agosubproc: better log messages
Robert Swiecki [Sun, 3 Jun 2018 01:22:50 +0000 (03:22 +0200)]
subproc: better log messages

6 years agoMerge branch 'master' of ssh://github.com/google/nsjail
Robert Swiecki [Sun, 3 Jun 2018 01:19:52 +0000 (03:19 +0200)]
Merge branch 'master' of ssh://github.com/google/nsjail

6 years agoconfig: add --iface_own to the proto config
Robert Swiecki [Sun, 3 Jun 2018 01:19:40 +0000 (03:19 +0200)]
config: add --iface_own to the proto config

6 years agoMerge pull request #79 from jvvv/master
robertswiecki [Sat, 2 Jun 2018 18:17:03 +0000 (20:17 +0200)]
Merge pull request #79 from jvvv/master

Update docs for options changes

6 years agoUpdate docs for options changes
John Vogel [Sat, 2 Jun 2018 15:02:09 +0000 (11:02 -0400)]
Update docs for options changes

Add new --iface_own option to docs.
Remove deprecated option from docs.

6 years agoconfigs/firefox - global user must be specified because of X11 permissions
Robert Swiecki [Fri, 1 Jun 2018 21:39:07 +0000 (23:39 +0200)]
configs/firefox - global user must be specified because of X11 permissions

6 years agocmdline: remove deprecated options
Robert Swiecki [Fri, 1 Jun 2018 15:15:47 +0000 (17:15 +0200)]
cmdline: remove deprecated options

6 years agoconfigs/firefox: no need to specify local users
Robert Swiecki [Fri, 1 Jun 2018 15:06:46 +0000 (17:06 +0200)]
configs/firefox: no need to specify local users

6 years agoconfigs: /etc/machine-id doesn't seem required
Robert Swiecki [Fri, 1 Jun 2018 10:22:03 +0000 (12:22 +0200)]
configs: /etc/machine-id doesn't seem required

6 years agoconfigs/firefox: disable clone_newnet for regular-user-firefox
Robert Swiecki [Fri, 1 Jun 2018 10:19:35 +0000 (12:19 +0200)]
configs/firefox: disable clone_newnet for regular-user-firefox

6 years agoconfigs: updated and synchronized for firefox
Robert Swiecki [Fri, 1 Jun 2018 10:17:27 +0000 (12:17 +0200)]
configs: updated and synchronized for firefox

6 years agonet: dbg message
Robert Swiecki [Fri, 1 Jun 2018 01:14:48 +0000 (03:14 +0200)]
net: dbg message

6 years agonet: separate function for interface configuration
Robert Swiecki [Fri, 1 Jun 2018 00:10:05 +0000 (02:10 +0200)]
net: separate function for interface configuration

6 years agonet: support owning interfaces with libnl too
Robert Swiecki [Thu, 31 May 2018 12:45:44 +0000 (14:45 +0200)]
net: support owning interfaces with libnl too

6 years agocmdline: add iface_own to take ownership of one of the global interfaces
Robert Swiecki [Wed, 30 May 2018 13:26:09 +0000 (15:26 +0200)]
cmdline: add iface_own to take ownership of one of the global interfaces

6 years agocmdline: name of params
Robert Swiecki [Wed, 30 May 2018 13:03:01 +0000 (15:03 +0200)]
cmdline: name of params

6 years agonsjail: more debug messages
Robert Swiecki [Mon, 28 May 2018 00:04:03 +0000 (02:04 +0200)]
nsjail: more debug messages

6 years agonsjail: better return values
Robert Swiecki [Sun, 27 May 2018 23:40:02 +0000 (01:40 +0200)]
nsjail: better return values

6 years agouse strtoimax when needed
Robert Swiecki [Sat, 26 May 2018 11:54:17 +0000 (13:54 +0200)]
use strtoimax when needed

6 years agonew version of kafel
Robert Swiecki [Sat, 26 May 2018 01:34:27 +0000 (03:34 +0200)]
new version of kafel

6 years agonsjail: make listenMode return int
Robert Swiecki [Fri, 25 May 2018 23:24:58 +0000 (01:24 +0200)]
nsjail: make listenMode return int

6 years agocmdline: check val value before conversion
Robert Swiecki [Fri, 25 May 2018 22:40:28 +0000 (00:40 +0200)]
cmdline: check val value before conversion

6 years agobetter checks for strto*l errors
Robert Swiecki [Fri, 25 May 2018 21:53:11 +0000 (23:53 +0200)]
better checks for strto*l errors

6 years agonamespace'ize nsjail.cc
Robert Swiecki [Fri, 25 May 2018 00:15:47 +0000 (02:15 +0200)]
namespace'ize nsjail.cc

6 years agonsjail: change the owner of struct termios
Robert Swiecki [Fri, 25 May 2018 00:05:12 +0000 (02:05 +0200)]
nsjail: change the owner of struct termios

6 years agonsjail: save console just before we're prepared to run commands
Robert Swiecki [Thu, 24 May 2018 23:06:05 +0000 (01:06 +0200)]
nsjail: save console just before we're prepared to run commands

6 years agonsjail: save and restore console params
Robert Swiecki [Thu, 24 May 2018 23:04:29 +0000 (01:04 +0200)]
nsjail: save and restore console params

6 years agoutil: remove unused sSnPrintf
Robert Swiecki [Thu, 24 May 2018 16:32:01 +0000 (18:32 +0200)]
util: remove unused sSnPrintf

6 years agocaps: remove unused var
Robert Swiecki [Thu, 24 May 2018 13:38:09 +0000 (15:38 +0200)]
caps: remove unused var

6 years agocmdline: better description for --seccomp_log in nsjail.1
Robert Swiecki [Thu, 24 May 2018 13:34:16 +0000 (15:34 +0200)]
cmdline: better description for --seccomp_log in nsjail.1

6 years agocmdline: better description for --seccomp_log
Robert Swiecki [Thu, 24 May 2018 13:21:42 +0000 (15:21 +0200)]
cmdline: better description for --seccomp_log

6 years agoMerge pull request #77 from jvvv/master
robertswiecki [Thu, 24 May 2018 13:17:59 +0000 (15:17 +0200)]
Merge pull request #77 from jvvv/master

Add new --seccomp_log option to docs

6 years agoAdd new --seccomp_log option to docs
John Vogel [Thu, 24 May 2018 00:44:31 +0000 (20:44 -0400)]
Add new --seccomp_log option to docs

6 years agoA few c++isms more
Robert Swiecki [Wed, 23 May 2018 16:19:17 +0000 (18:19 +0200)]
A few c++isms more

6 years agosandbox: casting for syscall()
Robert Swiecki [Wed, 23 May 2018 13:46:25 +0000 (15:46 +0200)]
sandbox: casting for syscall()

6 years agoconfig: add support for seccomp_log
Robert Swiecki [Wed, 23 May 2018 13:38:45 +0000 (15:38 +0200)]
config: add support for seccomp_log

6 years agosandbox: add support for SECCOMP_FILTER_FLAG_LOG
Robert Swiecki [Wed, 23 May 2018 13:32:45 +0000 (15:32 +0200)]
sandbox: add support for SECCOMP_FILTER_FLAG_LOG

6 years agoMore c++ isms
Robert Swiecki [Tue, 22 May 2018 12:27:18 +0000 (14:27 +0200)]
More c++ isms

6 years agouser: cons'ifize a var
Robert Swiecki [Sun, 20 May 2018 21:52:55 +0000 (23:52 +0200)]
user: cons'ifize a var

6 years agomnt: add original_uid to directories created as new root by nsjail
Robert Swiecki [Wed, 16 May 2018 13:50:31 +0000 (15:50 +0200)]
mnt: add original_uid to directories created as new root by nsjail

6 years agomore C++-izations over places #2
Robert Swiecki [Sat, 28 Apr 2018 23:15:44 +0000 (01:15 +0200)]
more C++-izations over places #2

6 years agomore C++-izations over places
Robert Swiecki [Sat, 28 Apr 2018 23:10:09 +0000 (01:10 +0200)]
more C++-izations over places

6 years agomnt: better mount flag printing
Robert Swiecki [Sat, 28 Apr 2018 22:58:35 +0000 (00:58 +0200)]
mnt: better mount flag printing

6 years agoconfig.proto: deprecated --chroot and friends
Robert Swiecki [Sat, 28 Apr 2018 22:51:55 +0000 (00:51 +0200)]
config.proto: deprecated --chroot and friends

6 years agomnt: c++-ication
Robert Swiecki [Fri, 27 Apr 2018 21:58:53 +0000 (23:58 +0200)]
mnt: c++-ication

6 years agoMerge pull request #75 from D0han/master 2.6
robertswiecki [Wed, 18 Apr 2018 12:11:19 +0000 (14:11 +0200)]
Merge pull request #75 from D0han/master

Build docker image from current source

6 years agomissing macros.h include
Robert Swiecki [Thu, 12 Apr 2018 21:49:10 +0000 (23:49 +0200)]
missing macros.h include

6 years agoBuild docker image from current source
D0han [Wed, 11 Apr 2018 15:02:20 +0000 (17:02 +0200)]
Build docker image from current source

6 years agonewer kafel
Robert Swiecki [Mon, 9 Apr 2018 17:14:23 +0000 (19:14 +0200)]
newer kafel

6 years agoMerge pull request #74 from jvvv/master
robertswiecki [Sun, 25 Feb 2018 00:03:50 +0000 (01:03 +0100)]
Merge pull request #74 from jvvv/master

nsjail.1: update for new options.

6 years agoREADME.md: adjust to match manual page.
John Vogel [Sat, 24 Feb 2018 08:08:56 +0000 (03:08 -0500)]
README.md: adjust to match manual page.

6 years agonsjail.1: update for new options.
John Vogel [Sat, 24 Feb 2018 07:39:36 +0000 (02:39 -0500)]
nsjail.1: update for new options.

Also, move the --cap option description so that it follows the
--keep-caps option, which matches the README and seems logical.

6 years agomnt: simplify mountPt
Robert Swiecki [Wed, 21 Feb 2018 02:29:26 +0000 (03:29 +0100)]
mnt: simplify mountPt

6 years agocmdline: add tmp mounts after parsing of cmdline as tmpfs_size can be specified after -T
Robert Swiecki [Tue, 20 Feb 2018 20:03:22 +0000 (21:03 +0100)]
cmdline: add tmp mounts after parsing of cmdline as tmpfs_size can be specified after -T

6 years agomnt: simpler describeMountPt
Robert Swiecki [Tue, 20 Feb 2018 15:03:32 +0000 (16:03 +0100)]
mnt: simpler describeMountPt

6 years agoconfigs/ - typo
Robert Swiecki [Tue, 20 Feb 2018 14:54:28 +0000 (15:54 +0100)]
configs/ - typo

6 years agoutil: simplify string splitting
Robert Swiecki [Tue, 20 Feb 2018 13:16:28 +0000 (14:16 +0100)]
util: simplify string splitting

6 years agocompare behaves like strcmp with results
Robert Swiecki [Mon, 19 Feb 2018 16:41:37 +0000 (17:41 +0100)]
compare behaves like strcmp with results

6 years agostrcmp -> std::string::compare
Robert Swiecki [Sun, 18 Feb 2018 13:37:33 +0000 (14:37 +0100)]
strcmp -> std::string::compare

6 years agocmdline: remove tmpfs_size from nsjconf_t
Robert Swiecki [Sun, 18 Feb 2018 01:47:46 +0000 (02:47 +0100)]
cmdline: remove tmpfs_size from nsjconf_t

6 years agoMakefile: require all for depend
Robert Swiecki [Sat, 17 Feb 2018 14:28:13 +0000 (15:28 +0100)]
Makefile: require all for depend

6 years agomake indent depend
Robert Swiecki [Sat, 17 Feb 2018 14:27:27 +0000 (15:27 +0100)]
make indent depend

6 years agoutil: remove file only of O_CREAT was specified
Robert Swiecki [Sat, 17 Feb 2018 14:27:00 +0000 (15:27 +0100)]
util: remove file only of O_CREAT was specified

6 years agocaps: use standard CAP_TO_INDEX/CAP_TO_MASK
Robert Swiecki [Sat, 17 Feb 2018 02:28:10 +0000 (03:28 +0100)]
caps: use standard CAP_TO_INDEX/CAP_TO_MASK

6 years agocmdline: create specific funcs for argv and mnt setups
Robert Swiecki [Sat, 17 Feb 2018 02:14:54 +0000 (03:14 +0100)]
cmdline: create specific funcs for argv and mnt setups

6 years agocaps: simplify dbgmsg generation
Robert Swiecki [Fri, 16 Feb 2018 16:03:05 +0000 (17:03 +0100)]
caps: simplify dbgmsg generation

6 years agocmdline: simpler unique_ptr construction 2.5
Robert Swiecki [Fri, 16 Feb 2018 15:05:26 +0000 (16:05 +0100)]
cmdline: simpler unique_ptr construction

6 years agoMakefile: warn about missing libnl-route-3
Robert Swiecki [Fri, 16 Feb 2018 14:57:41 +0000 (15:57 +0100)]
Makefile: warn about missing libnl-route-3

6 years agomake it compile under c++11 (e.g. ubuntu trusty)
Robert Swiecki [Fri, 16 Feb 2018 14:43:03 +0000 (15:43 +0100)]
make it compile under c++11 (e.g. ubuntu trusty)

6 years agosandbox: missing include
Robert Swiecki [Fri, 16 Feb 2018 14:24:24 +0000 (15:24 +0100)]
sandbox: missing include

6 years agoMerge branch 'master' of github.com:google/nsjail
Robert Swiecki [Fri, 16 Feb 2018 14:23:14 +0000 (15:23 +0100)]
Merge branch 'master' of github.com:google/nsjail

6 years agocmdline: use standard strto*
Robert Swiecki [Fri, 16 Feb 2018 14:23:02 +0000 (15:23 +0100)]
cmdline: use standard strto*

6 years agoMerge branch 'master' of ssh://github.com/google/nsjail
Robert Swiecki [Thu, 15 Feb 2018 00:33:41 +0000 (01:33 +0100)]
Merge branch 'master' of ssh://github.com/google/nsjail

6 years agonsjail: ignore SIGTTIN/SIGTTOU
Robert Swiecki [Thu, 15 Feb 2018 00:33:33 +0000 (01:33 +0100)]
nsjail: ignore SIGTTIN/SIGTTOU

6 years agouts: simplify sethostname
Robert Swiecki [Wed, 14 Feb 2018 15:38:36 +0000 (16:38 +0100)]
uts: simplify sethostname

6 years agocgroup: convert some const char* to std::string
Robert Swiecki [Tue, 13 Feb 2018 16:30:33 +0000 (17:30 +0100)]
cgroup: convert some const char* to std::string

6 years agoMakefile: check for existence of pkg-config
Robert Swiecki [Tue, 13 Feb 2018 16:12:55 +0000 (17:12 +0100)]
Makefile: check for existence of pkg-config

6 years agoMakefile: make some targets .PHONY
Robert Swiecki [Tue, 13 Feb 2018 16:09:31 +0000 (17:09 +0100)]
Makefile: make some targets .PHONY

6 years agorename ARRAYSIZE to ARR_SZ due to clash with protobufs headers
Robert Swiecki [Tue, 13 Feb 2018 15:53:45 +0000 (16:53 +0100)]
rename ARRAYSIZE to ARR_SZ due to clash with protobufs headers

6 years agomacros.h: surround ARRAYSIZE by guards
Robert Swiecki [Mon, 12 Feb 2018 21:39:42 +0000 (22:39 +0100)]
macros.h: surround ARRAYSIZE by guards

6 years agocmdline: correctly assign argv to nsjconf->argv
Robert Swiecki [Mon, 12 Feb 2018 16:31:45 +0000 (17:31 +0100)]
cmdline: correctly assign argv to nsjconf->argv

6 years agonsjail: free seccomp filter upon nsjail exit
Robert Swiecki [Mon, 12 Feb 2018 16:09:45 +0000 (17:09 +0100)]
nsjail: free seccomp filter upon nsjail exit

6 years agoconvert exec file and argv to string/vector
Robert Swiecki [Mon, 12 Feb 2018 15:52:05 +0000 (16:52 +0100)]
convert exec file and argv to string/vector

6 years agoutil: int -> size_t
Robert Swiecki [Mon, 12 Feb 2018 15:28:45 +0000 (16:28 +0100)]
util: int -> size_t

6 years agoswitc all == false cmps to !
Robert Swiecki [Mon, 12 Feb 2018 14:17:33 +0000 (15:17 +0100)]
switc all == false cmps to !

6 years agoconfig: remove unnecessary c_str()
Robert Swiecki [Mon, 12 Feb 2018 03:21:35 +0000 (04:21 +0100)]
config: remove unnecessary c_str()

6 years agologs: simplify timestr
Robert Swiecki [Mon, 12 Feb 2018 02:29:25 +0000 (03:29 +0100)]
logs: simplify timestr

6 years agomove sandboxing setup from cmdline to nsjail
Robert Swiecki [Mon, 12 Feb 2018 02:11:58 +0000 (03:11 +0100)]
move sandboxing setup from cmdline to nsjail

6 years agosandbox: policy levels
Robert Swiecki [Mon, 12 Feb 2018 02:06:28 +0000 (03:06 +0100)]
sandbox: policy levels

6 years agosandbox: simplify policy parsing
Robert Swiecki [Mon, 12 Feb 2018 02:05:21 +0000 (03:05 +0100)]
sandbox: simplify policy parsing

6 years agomnt: strtol -> std::strtol
Robert Swiecki [Sun, 11 Feb 2018 22:53:03 +0000 (23:53 +0100)]
mnt: strtol -> std::strtol

6 years agomnt: move mnt_t to std::string
Robert Swiecki [Sun, 11 Feb 2018 22:44:43 +0000 (23:44 +0100)]
mnt: move mnt_t to std::string

6 years agocmdline: missing TEMP_FAILURE_RETRY
Robert Swiecki [Sun, 11 Feb 2018 15:55:19 +0000 (16:55 +0100)]
cmdline: missing TEMP_FAILURE_RETRY

6 years agocmdline: allow to mount arbitrary FSes with -m
Robert Swiecki [Sun, 11 Feb 2018 14:07:24 +0000 (15:07 +0100)]
cmdline: allow to mount arbitrary FSes with -m