platform/upstream/nsjail.git
5 years agoMerge branch 'master' of ssh://github.com/google/nsjail
Robert Swiecki [Sat, 24 Nov 2018 16:22:13 +0000 (17:22 +0100)]
Merge branch 'master' of ssh://github.com/google/nsjail

5 years agoMerge pull request #98 from disconnect3d/fix-writeToFd-return-type
robertswiecki [Sat, 24 Nov 2018 16:21:48 +0000 (17:21 +0100)]
Merge pull request #98 from disconnect3d/fix-writeToFd-return-type

Fix utils::writeToFd return type

5 years agoFix utils::writeToFd return type
disconnect3d [Sat, 24 Nov 2018 15:23:45 +0000 (16:23 +0100)]
Fix utils::writeToFd return type

The `writeToFd` function in `util.cc` returns `ssize_t` but the only
returned values are either `false` or `true`.

```
ssize_t writeToFd(int fd, const void* buf, size_t len) {

(...) return false;

(...) return true;
```

5 years agomnt: better description for mounts
Robert Swiecki [Thu, 22 Nov 2018 07:44:43 +0000 (08:44 +0100)]
mnt: better description for mounts

5 years agoMerge branch 'master' of ssh://github.com/google/nsjail
Robert Swiecki [Thu, 22 Nov 2018 07:44:36 +0000 (08:44 +0100)]
Merge branch 'master' of ssh://github.com/google/nsjail

5 years agomnt: better description for mounts
Robert Swiecki [Thu, 22 Nov 2018 07:44:25 +0000 (08:44 +0100)]
mnt: better description for mounts

5 years agoUpdate kafel - fixes build on Ubuntu 14.04
Wiktor Garbacz [Wed, 21 Nov 2018 14:36:43 +0000 (15:36 +0100)]
Update kafel - fixes build on Ubuntu 14.04

6 years agoconfig.proto: renumber the fields 2.8
Robert Swiecki [Thu, 8 Nov 2018 06:09:41 +0000 (07:09 +0100)]
config.proto: renumber the fields

6 years agoconfig.proto: comments
Robert Swiecki [Tue, 6 Nov 2018 16:30:04 +0000 (17:30 +0100)]
config.proto: comments

6 years agomnt: simplify debug message #2
Robert Swiecki [Tue, 30 Oct 2018 00:44:08 +0000 (01:44 +0100)]
mnt: simplify debug message #2

6 years agomnt: simplify debug message
Robert Swiecki [Tue, 30 Oct 2018 00:33:09 +0000 (01:33 +0100)]
mnt: simplify debug message

6 years agomnt: simplify printing mnt points
Robert Swiecki [Sun, 28 Oct 2018 20:07:46 +0000 (21:07 +0100)]
mnt: simplify printing mnt points

6 years agocmdline/env: don't set empty envvars
Robert Swiecki [Sun, 28 Oct 2018 20:03:10 +0000 (21:03 +0100)]
cmdline/env: don't set empty envvars

6 years agocmdline: add ability to passthrough current envvars
Robert Swiecki [Sun, 28 Oct 2018 16:15:55 +0000 (17:15 +0100)]
cmdline: add ability to passthrough current envvars

6 years agoSupport --iface_vs_ma with libnl3
Robert Swiecki [Thu, 25 Oct 2018 12:49:46 +0000 (14:49 +0200)]
Support --iface_vs_ma with libnl3

6 years agoMerge branch 'master' of github.com:google/nsjail
Robert Swiecki [Thu, 25 Oct 2018 12:10:33 +0000 (14:10 +0200)]
Merge branch 'master' of github.com:google/nsjail

6 years agoconfigs/xchat: add LANG
Robert Swiecki [Thu, 25 Oct 2018 12:10:23 +0000 (14:10 +0200)]
configs/xchat: add LANG

6 years agocode formatting
Wiktor Garbacz [Wed, 24 Oct 2018 08:31:14 +0000 (10:31 +0200)]
code formatting

6 years agoMerge pull request #96 from mickydelfavero/master
happyCoder92 [Wed, 24 Oct 2018 08:27:17 +0000 (10:27 +0200)]
Merge pull request #96 from mickydelfavero/master

Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.

6 years agoRemove duplicate code
Micky Del Favero [Tue, 23 Oct 2018 20:24:43 +0000 (22:24 +0200)]
Remove duplicate code

Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
6 years agoAdded --macvlan_vs_ma switch to be able to set macvlan's mac-address.
Micky Del Favero [Tue, 23 Oct 2018 13:05:50 +0000 (15:05 +0200)]
Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.

Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
6 years agoUpdated kafel
Robert Swiecki [Mon, 22 Oct 2018 12:44:12 +0000 (14:44 +0200)]
Updated kafel

6 years agouse new kafel features in configs and examples
Wiktor Garbacz [Thu, 6 Sep 2018 09:14:24 +0000 (11:14 +0200)]
use new kafel features in configs and examples

6 years agoupdate kafel
Wiktor Garbacz [Thu, 6 Sep 2018 09:12:06 +0000 (11:12 +0200)]
update kafel

6 years agoMerge pull request #94 from tomj/master
robertswiecki [Mon, 3 Sep 2018 05:22:32 +0000 (07:22 +0200)]
Merge pull request #94 from tomj/master

README Docker disambiguations

6 years agoREADME Docker disambiguations
tomj [Sun, 2 Sep 2018 15:39:41 +0000 (01:39 +1000)]
README Docker disambiguations

Disambiguate between nsjail _container_ and _command_ in README for easier reading.

- Being a n00b to this project I feel this makes the onboarding of use with Docker somewhat easier by removing duplicated/overloaded terms.

6 years agoMerge pull request #90 from disconnect3d/patch-1
robertswiecki [Tue, 31 Jul 2018 21:15:43 +0000 (23:15 +0200)]
Merge pull request #90 from disconnect3d/patch-1

Update config.proto

6 years agoUpdate config.proto
Disconnect3d [Tue, 31 Jul 2018 21:10:05 +0000 (23:10 +0200)]
Update config.proto

6 years agoUpdate config.proto
Disconnect3d [Tue, 31 Jul 2018 21:09:24 +0000 (23:09 +0200)]
Update config.proto

6 years agoconfig: correct way of setting pass_fd
Robert Swiecki [Tue, 31 Jul 2018 20:52:03 +0000 (22:52 +0200)]
config: correct way of setting pass_fd

6 years agomnt: function rename
Robert Swiecki [Sat, 28 Jul 2018 22:30:08 +0000 (00:30 +0200)]
mnt: function rename

6 years agoconfigs/bash: add noexec/nodev/nosuid to a mount
Robert Swiecki [Fri, 27 Jul 2018 20:54:28 +0000 (22:54 +0200)]
configs/bash: add noexec/nodev/nosuid to a mount

6 years agosubproc: reap processes after killing
Wiktor Garbacz [Fri, 27 Jul 2018 11:33:39 +0000 (13:33 +0200)]
subproc: reap processes after killing

Always try to release resources if possible.

Fixes #69

6 years agomnt: added nosuid/nodev/noexec flags to config
Wiktor Garbacz [Fri, 27 Jul 2018 09:27:01 +0000 (11:27 +0200)]
mnt: added nosuid/nodev/noexec flags to config

Closes #70

6 years agocgroup: refactor cgroup code
Wiktor Garbacz [Thu, 26 Jul 2018 12:16:55 +0000 (14:16 +0200)]
cgroup: refactor cgroup code

Extract common functions, use c++ strings.

Fixes #83

6 years agomnt: remount all filesystems
Wiktor Garbacz [Tue, 24 Jul 2018 14:30:31 +0000 (16:30 +0200)]
mnt: remount all filesystems

Explicitly specifying RW "/" mount in config did not yield desired
result.
The reason was a default RO "/" tmpfs is prepended to mountpoint
list. All filesystems are initially mounted RW to be able to create
directories for mountpoints. Read only filesystems were remounted
during a 2nd pass, effectively overriding RW flag of fs mounted
over them.

Fixes #88

6 years agoconifg: parse cgroup_cpu settings
Wiktor Garbacz [Tue, 24 Jul 2018 13:20:44 +0000 (15:20 +0200)]
conifg: parse cgroup_cpu settings

Fixes #87

6 years agoMerge pull request #85 from jvvv/master
robertswiecki [Mon, 23 Jul 2018 22:38:27 +0000 (00:38 +0200)]
Merge pull request #85 from jvvv/master

README.md, nsjail.1: add --stderr_to_null option

6 years agonsjail: clearer new_proc/reap_proc loop
Robert Swiecki [Mon, 23 Jul 2018 22:23:44 +0000 (00:23 +0200)]
nsjail: clearer new_proc/reap_proc loop

6 years agosubproc: better log messages
Robert Swiecki [Mon, 23 Jul 2018 21:35:01 +0000 (23:35 +0200)]
subproc: better log messages

6 years agoDon't re-run process if previous execution failed
Robert Swiecki [Mon, 23 Jul 2018 15:13:17 +0000 (17:13 +0200)]
Don't re-run process if previous execution failed

6 years agoREADME.md, nsjail.1: add --stderr_to_null option
John Vogel [Sat, 14 Jul 2018 14:20:34 +0000 (10:20 -0400)]
README.md, nsjail.1: add --stderr_to_null option

6 years agosubproc: correct casting for nsjconf->tlimit in printf
Robert Swiecki [Thu, 5 Jul 2018 12:32:07 +0000 (14:32 +0200)]
subproc: correct casting for nsjconf->tlimit in printf

6 years agoconfigs/bash: add stderr_to_null
Robert Swiecki [Mon, 25 Jun 2018 02:12:07 +0000 (04:12 +0200)]
configs/bash: add stderr_to_null

6 years agocmdline: more stderr_to_null closer to is_silent
Robert Swiecki [Mon, 25 Jun 2018 02:10:42 +0000 (04:10 +0200)]
cmdline: more stderr_to_null closer to is_silent

6 years agoconfig: Implement --stderr_to_null
Robert Swiecki [Mon, 25 Jun 2018 01:12:27 +0000 (03:12 +0200)]
config: Implement --stderr_to_null

6 years agonet: use memset to init stack structs
Robert Swiecki [Wed, 20 Jun 2018 13:36:44 +0000 (15:36 +0200)]
net: use memset to init stack structs

6 years agoMakefile: lower -Wformat to 1
Robert Swiecki [Tue, 19 Jun 2018 01:58:17 +0000 (03:58 +0200)]
Makefile: lower -Wformat to 1

6 years agoutil: c++ version of sprintf
Robert Swiecki [Sat, 16 Jun 2018 00:16:24 +0000 (02:16 +0200)]
util: c++ version of sprintf

6 years agoMerge pull request #82 from jvvv/master
robertswiecki [Tue, 12 Jun 2018 21:39:47 +0000 (23:39 +0200)]
Merge pull request #82 from jvvv/master

nsjail.1: update manpage to match README

6 years agonsjail.1: update manpage to match README
John Vogel [Tue, 12 Jun 2018 21:27:31 +0000 (17:27 -0400)]
nsjail.1: update manpage to match README

Added --symlink/-s option.
Removed --tmpfs_size option.
Changed --cpu_mount, --cpu_parent to
--cgroup_cpu_mount, --cgroup_cpu_parent.
Adjustments to match README.

6 years agonsjail.h: missed initialization of keep_env 2.7
Robert Swiecki [Tue, 12 Jun 2018 14:57:19 +0000 (16:57 +0200)]
nsjail.h: missed initialization of keep_env

6 years agoreadme
Robert Swiecki [Tue, 12 Jun 2018 13:47:32 +0000 (15:47 +0200)]
readme

6 years ago1. Give ability to specify sym-links from the command-line 2. Remove tmpfs_size....
Robert Swiecki [Tue, 12 Jun 2018 13:37:30 +0000 (15:37 +0200)]
1. Give ability to specify sym-links from the command-line 2. Remove tmpfs_size. -m none:dest:tmpfs:size=..... should be used for this

6 years agomove isatty after log_fd is set
Robert Swiecki [Thu, 7 Jun 2018 16:43:08 +0000 (18:43 +0200)]
move isatty after log_fd is set

6 years agoLog to a duplicate of stderr initially
Robert Swiecki [Thu, 7 Jun 2018 16:42:34 +0000 (18:42 +0200)]
Log to a duplicate of stderr initially

6 years agomake indent depend
Robert Swiecki [Thu, 7 Jun 2018 16:37:17 +0000 (18:37 +0200)]
make indent depend

6 years agologs: lower logfile error to warning
Robert Swiecki [Thu, 7 Jun 2018 14:57:43 +0000 (16:57 +0200)]
logs: lower logfile error to warning

6 years agologs: use log file/level immediately
Robert Swiecki [Thu, 7 Jun 2018 14:51:50 +0000 (16:51 +0200)]
logs: use log file/level immediately

6 years agoMerge branch 'master' of github.com:google/nsjail
Robert Swiecki [Thu, 7 Jun 2018 12:59:32 +0000 (14:59 +0200)]
Merge branch 'master' of github.com:google/nsjail

6 years agosubproc: replicate bash behavior on exit values
Robert Swiecki [Thu, 7 Jun 2018 12:59:12 +0000 (14:59 +0200)]
subproc: replicate bash behavior on exit values

6 years agosubproc: better log messages
Robert Swiecki [Sun, 3 Jun 2018 01:22:50 +0000 (03:22 +0200)]
subproc: better log messages

6 years agoMerge branch 'master' of ssh://github.com/google/nsjail
Robert Swiecki [Sun, 3 Jun 2018 01:19:52 +0000 (03:19 +0200)]
Merge branch 'master' of ssh://github.com/google/nsjail

6 years agoconfig: add --iface_own to the proto config
Robert Swiecki [Sun, 3 Jun 2018 01:19:40 +0000 (03:19 +0200)]
config: add --iface_own to the proto config

6 years agoMerge pull request #79 from jvvv/master
robertswiecki [Sat, 2 Jun 2018 18:17:03 +0000 (20:17 +0200)]
Merge pull request #79 from jvvv/master

Update docs for options changes

6 years agoUpdate docs for options changes
John Vogel [Sat, 2 Jun 2018 15:02:09 +0000 (11:02 -0400)]
Update docs for options changes

Add new --iface_own option to docs.
Remove deprecated option from docs.

6 years agoconfigs/firefox - global user must be specified because of X11 permissions
Robert Swiecki [Fri, 1 Jun 2018 21:39:07 +0000 (23:39 +0200)]
configs/firefox - global user must be specified because of X11 permissions

6 years agocmdline: remove deprecated options
Robert Swiecki [Fri, 1 Jun 2018 15:15:47 +0000 (17:15 +0200)]
cmdline: remove deprecated options

6 years agoconfigs/firefox: no need to specify local users
Robert Swiecki [Fri, 1 Jun 2018 15:06:46 +0000 (17:06 +0200)]
configs/firefox: no need to specify local users

6 years agoconfigs: /etc/machine-id doesn't seem required
Robert Swiecki [Fri, 1 Jun 2018 10:22:03 +0000 (12:22 +0200)]
configs: /etc/machine-id doesn't seem required

6 years agoconfigs/firefox: disable clone_newnet for regular-user-firefox
Robert Swiecki [Fri, 1 Jun 2018 10:19:35 +0000 (12:19 +0200)]
configs/firefox: disable clone_newnet for regular-user-firefox

6 years agoconfigs: updated and synchronized for firefox
Robert Swiecki [Fri, 1 Jun 2018 10:17:27 +0000 (12:17 +0200)]
configs: updated and synchronized for firefox

6 years agonet: dbg message
Robert Swiecki [Fri, 1 Jun 2018 01:14:48 +0000 (03:14 +0200)]
net: dbg message

6 years agonet: separate function for interface configuration
Robert Swiecki [Fri, 1 Jun 2018 00:10:05 +0000 (02:10 +0200)]
net: separate function for interface configuration

6 years agonet: support owning interfaces with libnl too
Robert Swiecki [Thu, 31 May 2018 12:45:44 +0000 (14:45 +0200)]
net: support owning interfaces with libnl too

6 years agocmdline: add iface_own to take ownership of one of the global interfaces
Robert Swiecki [Wed, 30 May 2018 13:26:09 +0000 (15:26 +0200)]
cmdline: add iface_own to take ownership of one of the global interfaces

6 years agocmdline: name of params
Robert Swiecki [Wed, 30 May 2018 13:03:01 +0000 (15:03 +0200)]
cmdline: name of params

6 years agonsjail: more debug messages
Robert Swiecki [Mon, 28 May 2018 00:04:03 +0000 (02:04 +0200)]
nsjail: more debug messages

6 years agonsjail: better return values
Robert Swiecki [Sun, 27 May 2018 23:40:02 +0000 (01:40 +0200)]
nsjail: better return values

6 years agouse strtoimax when needed
Robert Swiecki [Sat, 26 May 2018 11:54:17 +0000 (13:54 +0200)]
use strtoimax when needed

6 years agonew version of kafel
Robert Swiecki [Sat, 26 May 2018 01:34:27 +0000 (03:34 +0200)]
new version of kafel

6 years agonsjail: make listenMode return int
Robert Swiecki [Fri, 25 May 2018 23:24:58 +0000 (01:24 +0200)]
nsjail: make listenMode return int

6 years agocmdline: check val value before conversion
Robert Swiecki [Fri, 25 May 2018 22:40:28 +0000 (00:40 +0200)]
cmdline: check val value before conversion

6 years agobetter checks for strto*l errors
Robert Swiecki [Fri, 25 May 2018 21:53:11 +0000 (23:53 +0200)]
better checks for strto*l errors

6 years agonamespace'ize nsjail.cc
Robert Swiecki [Fri, 25 May 2018 00:15:47 +0000 (02:15 +0200)]
namespace'ize nsjail.cc

6 years agonsjail: change the owner of struct termios
Robert Swiecki [Fri, 25 May 2018 00:05:12 +0000 (02:05 +0200)]
nsjail: change the owner of struct termios

6 years agonsjail: save console just before we're prepared to run commands
Robert Swiecki [Thu, 24 May 2018 23:06:05 +0000 (01:06 +0200)]
nsjail: save console just before we're prepared to run commands

6 years agonsjail: save and restore console params
Robert Swiecki [Thu, 24 May 2018 23:04:29 +0000 (01:04 +0200)]
nsjail: save and restore console params

6 years agoutil: remove unused sSnPrintf
Robert Swiecki [Thu, 24 May 2018 16:32:01 +0000 (18:32 +0200)]
util: remove unused sSnPrintf

6 years agocaps: remove unused var
Robert Swiecki [Thu, 24 May 2018 13:38:09 +0000 (15:38 +0200)]
caps: remove unused var

6 years agocmdline: better description for --seccomp_log in nsjail.1
Robert Swiecki [Thu, 24 May 2018 13:34:16 +0000 (15:34 +0200)]
cmdline: better description for --seccomp_log in nsjail.1

6 years agocmdline: better description for --seccomp_log
Robert Swiecki [Thu, 24 May 2018 13:21:42 +0000 (15:21 +0200)]
cmdline: better description for --seccomp_log

6 years agoMerge pull request #77 from jvvv/master
robertswiecki [Thu, 24 May 2018 13:17:59 +0000 (15:17 +0200)]
Merge pull request #77 from jvvv/master

Add new --seccomp_log option to docs

6 years agoAdd new --seccomp_log option to docs
John Vogel [Thu, 24 May 2018 00:44:31 +0000 (20:44 -0400)]
Add new --seccomp_log option to docs

6 years agoA few c++isms more
Robert Swiecki [Wed, 23 May 2018 16:19:17 +0000 (18:19 +0200)]
A few c++isms more

6 years agosandbox: casting for syscall()
Robert Swiecki [Wed, 23 May 2018 13:46:25 +0000 (15:46 +0200)]
sandbox: casting for syscall()

6 years agoconfig: add support for seccomp_log
Robert Swiecki [Wed, 23 May 2018 13:38:45 +0000 (15:38 +0200)]
config: add support for seccomp_log

6 years agosandbox: add support for SECCOMP_FILTER_FLAG_LOG
Robert Swiecki [Wed, 23 May 2018 13:32:45 +0000 (15:32 +0200)]
sandbox: add support for SECCOMP_FILTER_FLAG_LOG

6 years agoMore c++ isms
Robert Swiecki [Tue, 22 May 2018 12:27:18 +0000 (14:27 +0200)]
More c++ isms

6 years agouser: cons'ifize a var
Robert Swiecki [Sun, 20 May 2018 21:52:55 +0000 (23:52 +0200)]
user: cons'ifize a var