platform/upstream/nsjail.git
5 years agocmdline: make sure that argv[0] exists
Robert Swiecki [Mon, 1 Apr 2019 20:42:14 +0000 (22:42 +0200)]
cmdline: make sure that argv[0] exists

5 years agouser: function naming
Robert Swiecki [Sun, 31 Mar 2019 13:16:24 +0000 (15:16 +0200)]
user: function naming

5 years agoconfigs/firefox-with-cloned-net: add fontconfig config envvars
Robert Swiecki [Sat, 30 Mar 2019 15:20:04 +0000 (16:20 +0100)]
configs/firefox-with-cloned-net: add fontconfig config envvars

5 years agoconfigs/firefox: add fontconfig config envvars
Robert Swiecki [Sat, 30 Mar 2019 15:19:30 +0000 (16:19 +0100)]
configs/firefox: add fontconfig config envvars

5 years agocmdline: allow to override config cmdline with cmdline cmdline
Robert Swiecki [Sat, 30 Mar 2019 15:10:14 +0000 (16:10 +0100)]
cmdline: allow to override config cmdline with cmdline cmdline

5 years agoconfigs/conver: revert the last one to properly figure it out
Robert Swiecki [Sat, 30 Mar 2019 14:49:18 +0000 (15:49 +0100)]
configs/conver: revert the last one to properly figure it out

5 years agoMerge pull request #114 from disconnect3d/patch-1
robertswiecki [Sat, 30 Mar 2019 14:45:04 +0000 (15:45 +0100)]
Merge pull request #114 from disconnect3d/patch-1

Fixes issue #113

5 years agoFixes issue #113
Disconnect3d [Fri, 29 Mar 2019 22:48:56 +0000 (23:48 +0100)]
Fixes issue #113

5 years agonsjail: remove warning about CLONE_NEWUSER
Robert Swiecki [Fri, 29 Mar 2019 20:42:05 +0000 (21:42 +0100)]
nsjail: remove warning about CLONE_NEWUSER

5 years agoallow to use nsjail w/o namespaces
Robert Swiecki [Fri, 29 Mar 2019 20:38:14 +0000 (21:38 +0100)]
allow to use nsjail w/o namespaces

5 years agomnt: try /run/user/<uid>/nsjail as a root mount dir first
Robert Swiecki [Thu, 28 Mar 2019 22:25:15 +0000 (23:25 +0100)]
mnt: try /run/user/<uid>/nsjail as a root mount dir first

5 years agomnt: use /run/usr/<uid> first when mounting dirs
Robert Swiecki [Mon, 18 Mar 2019 15:37:04 +0000 (16:37 +0100)]
mnt: use /run/usr/<uid> first when mounting dirs

5 years agosubproc: save/restore errno when printing error message twice
Robert Swiecki [Tue, 12 Mar 2019 16:07:24 +0000 (17:07 +0100)]
subproc: save/restore errno when printing error message twice

5 years agoflush stdin after nsjail ends
Robert Swiecki [Sun, 10 Mar 2019 14:00:45 +0000 (15:00 +0100)]
flush stdin after nsjail ends

5 years agoMerge pull request #109 from disconnect3d/fix-cgroup-cpu-mount-option
robertswiecki [Wed, 6 Mar 2019 07:18:35 +0000 (08:18 +0100)]
Merge pull request #109 from disconnect3d/fix-cgroup-cpu-mount-option

Fix #108 - missing cgroup_cpu_mount option setting

5 years agoFix #108 - missing cgroup_cpu_mount option setting
disconnect3d [Tue, 5 Mar 2019 22:41:38 +0000 (16:41 -0600)]
Fix #108 - missing cgroup_cpu_mount option setting

5 years agoMerge pull request #107 from adamcarheden/tomcat
robertswiecki [Fri, 1 Mar 2019 15:48:18 +0000 (16:48 +0100)]
Merge pull request #107 from adamcarheden/tomcat

Added example config for tomcat

5 years agoAdded example config for tomcat
Adam Carheden [Tue, 12 Feb 2019 19:31:40 +0000 (12:31 -0700)]
Added example config for tomcat

5 years agoincrase the default RLIMIT_AS limit to 4GiB. 512MiB is not enough for many payloas...
Robert Swiecki [Wed, 6 Feb 2019 16:06:42 +0000 (17:06 +0100)]
incrase the default RLIMIT_AS limit to 4GiB. 512MiB is not enough for many payloas, and cgroups should be used for memory limiting anyway

5 years agoMerge pull request #104 from adamcarheden/libnl-dep
robertswiecki [Tue, 29 Jan 2019 20:04:25 +0000 (21:04 +0100)]
Merge pull request #104 from adamcarheden/libnl-dep

Fixed missing dependency on libnl-route-3-dev

5 years agoFixed missing dependency on libnl-route-3-dev
Adam Carheden [Tue, 29 Jan 2019 16:48:35 +0000 (09:48 -0700)]
Fixed missing dependency on libnl-route-3-dev

5 years agoutil: call ::syscall for syscall()
Robert Swiecki [Mon, 21 Jan 2019 21:42:34 +0000 (22:42 +0100)]
util: call ::syscall for syscall()

5 years agouse util::syscall whenever possible
Robert Swiecki [Mon, 21 Jan 2019 21:37:30 +0000 (22:37 +0100)]
use util::syscall whenever possible

5 years agoutil: introduce syscall to avoid vararg argument parsing
Robert Swiecki [Mon, 21 Jan 2019 21:25:37 +0000 (22:25 +0100)]
util: introduce syscall to avoid vararg argument parsing

5 years agocontain: log formatting
Robert Swiecki [Mon, 21 Jan 2019 19:03:17 +0000 (20:03 +0100)]
contain: log formatting

5 years agoconfigs/xorg: add /dev/[u]random
Robert Swiecki [Sun, 20 Jan 2019 20:41:10 +0000 (21:41 +0100)]
configs/xorg: add /dev/[u]random

5 years agocmdline: more bried debug output
Robert Swiecki [Sun, 20 Jan 2019 17:43:42 +0000 (18:43 +0100)]
cmdline: more bried debug output

5 years agolog: don't print description of level with HELP/HELP_BOLD
Robert Swiecki [Sun, 20 Jan 2019 17:41:44 +0000 (18:41 +0100)]
log: don't print description of level with HELP/HELP_BOLD

5 years agoMake netlink3-route mandatory
Robert Swiecki [Sun, 20 Jan 2019 17:37:47 +0000 (18:37 +0100)]
Make netlink3-route mandatory

5 years agoMerge pull request #103 from remexre/master
happyCoder92 [Wed, 9 Jan 2019 13:01:16 +0000 (14:01 +0100)]
Merge pull request #103 from remexre/master

Fixes typo in manpage.

5 years agoFixes typo in manpage.
Nathan Ringo [Wed, 9 Jan 2019 10:24:34 +0000 (00:24 -1000)]
Fixes typo in manpage.

5 years agoMerge pull request #102 from jvvv/master
happyCoder92 [Mon, 7 Jan 2019 13:39:57 +0000 (14:39 +0100)]
Merge pull request #102 from jvvv/master

README.md: update cgroup_cpu_ms_per_sec

5 years agoopen might return EINTR
Robert Swiecki [Sat, 5 Jan 2019 23:03:36 +0000 (00:03 +0100)]
open might return EINTR

5 years agosubproc: PLOG -> LOG
Robert Swiecki [Fri, 4 Jan 2019 00:41:26 +0000 (01:41 +0100)]
subproc: PLOG -> LOG

5 years agoMore of RETURN_ON_FAILURE
Robert Swiecki [Tue, 1 Jan 2019 10:36:02 +0000 (11:36 +0100)]
More of RETURN_ON_FAILURE

5 years agoREADME.md: update cgroup_cpu_ms_per_sec
John Vogel [Sat, 22 Dec 2018 06:03:34 +0000 (01:03 -0500)]
README.md: update cgroup_cpu_ms_per_sec

5 years agomake indent
Robert Swiecki [Mon, 17 Dec 2018 07:46:31 +0000 (08:46 +0100)]
make indent

5 years agologs: va_end() used too early
Robert Swiecki [Sun, 16 Dec 2018 13:22:01 +0000 (14:22 +0100)]
logs: va_end() used too early

5 years agologs: avoid multiple syscall(__NR_write) in logs
Robert Swiecki [Sun, 16 Dec 2018 10:55:33 +0000 (11:55 +0100)]
logs: avoid multiple syscall(__NR_write) in logs

5 years agologs: use anonymous struct
Robert Swiecki [Sun, 16 Dec 2018 06:47:22 +0000 (07:47 +0100)]
logs: use anonymous struct

5 years agocmdline: clarify cgroup_cpu_ms_per_sec
Robert Swiecki [Wed, 5 Dec 2018 13:35:16 +0000 (14:35 +0100)]
cmdline: clarify cgroup_cpu_ms_per_sec

5 years agosubproc: print more data on sigsys
Robert Swiecki [Wed, 5 Dec 2018 09:10:21 +0000 (10:10 +0100)]
subproc: print more data on sigsys

5 years agoMerge branch 'master' of ssh://github.com/google/nsjail
Robert Swiecki [Sun, 25 Nov 2018 22:12:43 +0000 (23:12 +0100)]
Merge branch 'master' of ssh://github.com/google/nsjail

5 years agoMerge pull request #99 from rutsky/writeToFd_return_type
robertswiecki [Sun, 25 Nov 2018 22:12:23 +0000 (23:12 +0100)]
Merge pull request #99 from rutsky/writeToFd_return_type

fix writeToFD() return type in declaration

5 years agofix writeToFD() return type in declaration
Vladimir Rutsky [Sun, 25 Nov 2018 17:26:52 +0000 (18:26 +0100)]
fix writeToFD() return type in declaration

In 25a7791d return type of writeToFD() was changed from `ssize_t` to `bool`, but header wasn't updated.

5 years agoMerge branch 'master' of ssh://github.com/google/nsjail
Robert Swiecki [Sat, 24 Nov 2018 16:22:13 +0000 (17:22 +0100)]
Merge branch 'master' of ssh://github.com/google/nsjail

5 years agoMerge pull request #98 from disconnect3d/fix-writeToFd-return-type
robertswiecki [Sat, 24 Nov 2018 16:21:48 +0000 (17:21 +0100)]
Merge pull request #98 from disconnect3d/fix-writeToFd-return-type

Fix utils::writeToFd return type

5 years agoFix utils::writeToFd return type
disconnect3d [Sat, 24 Nov 2018 15:23:45 +0000 (16:23 +0100)]
Fix utils::writeToFd return type

The `writeToFd` function in `util.cc` returns `ssize_t` but the only
returned values are either `false` or `true`.

```
ssize_t writeToFd(int fd, const void* buf, size_t len) {

(...) return false;

(...) return true;
```

5 years agomnt: better description for mounts
Robert Swiecki [Thu, 22 Nov 2018 07:44:43 +0000 (08:44 +0100)]
mnt: better description for mounts

5 years agoMerge branch 'master' of ssh://github.com/google/nsjail
Robert Swiecki [Thu, 22 Nov 2018 07:44:36 +0000 (08:44 +0100)]
Merge branch 'master' of ssh://github.com/google/nsjail

5 years agomnt: better description for mounts
Robert Swiecki [Thu, 22 Nov 2018 07:44:25 +0000 (08:44 +0100)]
mnt: better description for mounts

5 years agoUpdate kafel - fixes build on Ubuntu 14.04
Wiktor Garbacz [Wed, 21 Nov 2018 14:36:43 +0000 (15:36 +0100)]
Update kafel - fixes build on Ubuntu 14.04

6 years agoconfig.proto: renumber the fields 2.8
Robert Swiecki [Thu, 8 Nov 2018 06:09:41 +0000 (07:09 +0100)]
config.proto: renumber the fields

6 years agoconfig.proto: comments
Robert Swiecki [Tue, 6 Nov 2018 16:30:04 +0000 (17:30 +0100)]
config.proto: comments

6 years agomnt: simplify debug message #2
Robert Swiecki [Tue, 30 Oct 2018 00:44:08 +0000 (01:44 +0100)]
mnt: simplify debug message #2

6 years agomnt: simplify debug message
Robert Swiecki [Tue, 30 Oct 2018 00:33:09 +0000 (01:33 +0100)]
mnt: simplify debug message

6 years agomnt: simplify printing mnt points
Robert Swiecki [Sun, 28 Oct 2018 20:07:46 +0000 (21:07 +0100)]
mnt: simplify printing mnt points

6 years agocmdline/env: don't set empty envvars
Robert Swiecki [Sun, 28 Oct 2018 20:03:10 +0000 (21:03 +0100)]
cmdline/env: don't set empty envvars

6 years agocmdline: add ability to passthrough current envvars
Robert Swiecki [Sun, 28 Oct 2018 16:15:55 +0000 (17:15 +0100)]
cmdline: add ability to passthrough current envvars

6 years agoSupport --iface_vs_ma with libnl3
Robert Swiecki [Thu, 25 Oct 2018 12:49:46 +0000 (14:49 +0200)]
Support --iface_vs_ma with libnl3

6 years agoMerge branch 'master' of github.com:google/nsjail
Robert Swiecki [Thu, 25 Oct 2018 12:10:33 +0000 (14:10 +0200)]
Merge branch 'master' of github.com:google/nsjail

6 years agoconfigs/xchat: add LANG
Robert Swiecki [Thu, 25 Oct 2018 12:10:23 +0000 (14:10 +0200)]
configs/xchat: add LANG

6 years agocode formatting
Wiktor Garbacz [Wed, 24 Oct 2018 08:31:14 +0000 (10:31 +0200)]
code formatting

6 years agoMerge pull request #96 from mickydelfavero/master
happyCoder92 [Wed, 24 Oct 2018 08:27:17 +0000 (10:27 +0200)]
Merge pull request #96 from mickydelfavero/master

Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.

6 years agoRemove duplicate code
Micky Del Favero [Tue, 23 Oct 2018 20:24:43 +0000 (22:24 +0200)]
Remove duplicate code

Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
6 years agoAdded --macvlan_vs_ma switch to be able to set macvlan's mac-address.
Micky Del Favero [Tue, 23 Oct 2018 13:05:50 +0000 (15:05 +0200)]
Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.

Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
6 years agoUpdated kafel
Robert Swiecki [Mon, 22 Oct 2018 12:44:12 +0000 (14:44 +0200)]
Updated kafel

6 years agouse new kafel features in configs and examples
Wiktor Garbacz [Thu, 6 Sep 2018 09:14:24 +0000 (11:14 +0200)]
use new kafel features in configs and examples

6 years agoupdate kafel
Wiktor Garbacz [Thu, 6 Sep 2018 09:12:06 +0000 (11:12 +0200)]
update kafel

6 years agoMerge pull request #94 from tomj/master
robertswiecki [Mon, 3 Sep 2018 05:22:32 +0000 (07:22 +0200)]
Merge pull request #94 from tomj/master

README Docker disambiguations

6 years agoREADME Docker disambiguations
tomj [Sun, 2 Sep 2018 15:39:41 +0000 (01:39 +1000)]
README Docker disambiguations

Disambiguate between nsjail _container_ and _command_ in README for easier reading.

- Being a n00b to this project I feel this makes the onboarding of use with Docker somewhat easier by removing duplicated/overloaded terms.

6 years agoMerge pull request #90 from disconnect3d/patch-1
robertswiecki [Tue, 31 Jul 2018 21:15:43 +0000 (23:15 +0200)]
Merge pull request #90 from disconnect3d/patch-1

Update config.proto

6 years agoUpdate config.proto
Disconnect3d [Tue, 31 Jul 2018 21:10:05 +0000 (23:10 +0200)]
Update config.proto

6 years agoUpdate config.proto
Disconnect3d [Tue, 31 Jul 2018 21:09:24 +0000 (23:09 +0200)]
Update config.proto

6 years agoconfig: correct way of setting pass_fd
Robert Swiecki [Tue, 31 Jul 2018 20:52:03 +0000 (22:52 +0200)]
config: correct way of setting pass_fd

6 years agomnt: function rename
Robert Swiecki [Sat, 28 Jul 2018 22:30:08 +0000 (00:30 +0200)]
mnt: function rename

6 years agoconfigs/bash: add noexec/nodev/nosuid to a mount
Robert Swiecki [Fri, 27 Jul 2018 20:54:28 +0000 (22:54 +0200)]
configs/bash: add noexec/nodev/nosuid to a mount

6 years agosubproc: reap processes after killing
Wiktor Garbacz [Fri, 27 Jul 2018 11:33:39 +0000 (13:33 +0200)]
subproc: reap processes after killing

Always try to release resources if possible.

Fixes #69

6 years agomnt: added nosuid/nodev/noexec flags to config
Wiktor Garbacz [Fri, 27 Jul 2018 09:27:01 +0000 (11:27 +0200)]
mnt: added nosuid/nodev/noexec flags to config

Closes #70

6 years agocgroup: refactor cgroup code
Wiktor Garbacz [Thu, 26 Jul 2018 12:16:55 +0000 (14:16 +0200)]
cgroup: refactor cgroup code

Extract common functions, use c++ strings.

Fixes #83

6 years agomnt: remount all filesystems
Wiktor Garbacz [Tue, 24 Jul 2018 14:30:31 +0000 (16:30 +0200)]
mnt: remount all filesystems

Explicitly specifying RW "/" mount in config did not yield desired
result.
The reason was a default RO "/" tmpfs is prepended to mountpoint
list. All filesystems are initially mounted RW to be able to create
directories for mountpoints. Read only filesystems were remounted
during a 2nd pass, effectively overriding RW flag of fs mounted
over them.

Fixes #88

6 years agoconifg: parse cgroup_cpu settings
Wiktor Garbacz [Tue, 24 Jul 2018 13:20:44 +0000 (15:20 +0200)]
conifg: parse cgroup_cpu settings

Fixes #87

6 years agoMerge pull request #85 from jvvv/master
robertswiecki [Mon, 23 Jul 2018 22:38:27 +0000 (00:38 +0200)]
Merge pull request #85 from jvvv/master

README.md, nsjail.1: add --stderr_to_null option

6 years agonsjail: clearer new_proc/reap_proc loop
Robert Swiecki [Mon, 23 Jul 2018 22:23:44 +0000 (00:23 +0200)]
nsjail: clearer new_proc/reap_proc loop

6 years agosubproc: better log messages
Robert Swiecki [Mon, 23 Jul 2018 21:35:01 +0000 (23:35 +0200)]
subproc: better log messages

6 years agoDon't re-run process if previous execution failed
Robert Swiecki [Mon, 23 Jul 2018 15:13:17 +0000 (17:13 +0200)]
Don't re-run process if previous execution failed

6 years agoREADME.md, nsjail.1: add --stderr_to_null option
John Vogel [Sat, 14 Jul 2018 14:20:34 +0000 (10:20 -0400)]
README.md, nsjail.1: add --stderr_to_null option

6 years agosubproc: correct casting for nsjconf->tlimit in printf
Robert Swiecki [Thu, 5 Jul 2018 12:32:07 +0000 (14:32 +0200)]
subproc: correct casting for nsjconf->tlimit in printf

6 years agoconfigs/bash: add stderr_to_null
Robert Swiecki [Mon, 25 Jun 2018 02:12:07 +0000 (04:12 +0200)]
configs/bash: add stderr_to_null

6 years agocmdline: more stderr_to_null closer to is_silent
Robert Swiecki [Mon, 25 Jun 2018 02:10:42 +0000 (04:10 +0200)]
cmdline: more stderr_to_null closer to is_silent

6 years agoconfig: Implement --stderr_to_null
Robert Swiecki [Mon, 25 Jun 2018 01:12:27 +0000 (03:12 +0200)]
config: Implement --stderr_to_null

6 years agonet: use memset to init stack structs
Robert Swiecki [Wed, 20 Jun 2018 13:36:44 +0000 (15:36 +0200)]
net: use memset to init stack structs

6 years agoMakefile: lower -Wformat to 1
Robert Swiecki [Tue, 19 Jun 2018 01:58:17 +0000 (03:58 +0200)]
Makefile: lower -Wformat to 1

6 years agoutil: c++ version of sprintf
Robert Swiecki [Sat, 16 Jun 2018 00:16:24 +0000 (02:16 +0200)]
util: c++ version of sprintf

6 years agoMerge pull request #82 from jvvv/master
robertswiecki [Tue, 12 Jun 2018 21:39:47 +0000 (23:39 +0200)]
Merge pull request #82 from jvvv/master

nsjail.1: update manpage to match README

6 years agonsjail.1: update manpage to match README
John Vogel [Tue, 12 Jun 2018 21:27:31 +0000 (17:27 -0400)]
nsjail.1: update manpage to match README

Added --symlink/-s option.
Removed --tmpfs_size option.
Changed --cpu_mount, --cpu_parent to
--cgroup_cpu_mount, --cgroup_cpu_parent.
Adjustments to match README.

6 years agonsjail.h: missed initialization of keep_env 2.7
Robert Swiecki [Tue, 12 Jun 2018 14:57:19 +0000 (16:57 +0200)]
nsjail.h: missed initialization of keep_env

6 years agoreadme
Robert Swiecki [Tue, 12 Jun 2018 13:47:32 +0000 (15:47 +0200)]
readme

6 years ago1. Give ability to specify sym-links from the command-line 2. Remove tmpfs_size....
Robert Swiecki [Tue, 12 Jun 2018 13:37:30 +0000 (15:37 +0200)]
1. Give ability to specify sym-links from the command-line 2. Remove tmpfs_size. -m none:dest:tmpfs:size=..... should be used for this

6 years agomove isatty after log_fd is set
Robert Swiecki [Thu, 7 Jun 2018 16:43:08 +0000 (18:43 +0200)]
move isatty after log_fd is set