Robert Swiecki [Sat, 10 Feb 2018 22:54:36 +0000 (23:54 +0100)]
util: remove unused functions
Robert Swiecki [Sat, 10 Feb 2018 22:46:15 +0000 (23:46 +0100)]
sandbox: convert kafel file/string as std::string
Robert Swiecki [Sat, 10 Feb 2018 20:19:47 +0000 (21:19 +0100)]
convert some funcs returning pointers to to TLS to std::string
Robert Swiecki [Sat, 10 Feb 2018 19:32:04 +0000 (20:32 +0100)]
change global vars to _ prefix
Robert Swiecki [Sat, 10 Feb 2018 19:16:17 +0000 (20:16 +0100)]
convert proc_path to std::string
Robert Swiecki [Sat, 10 Feb 2018 17:27:24 +0000 (18:27 +0100)]
config: rename macro
Robert Swiecki [Sat, 10 Feb 2018 17:22:51 +0000 (18:22 +0100)]
nsjail: iface_no_lo -> iface_lo
Robert Swiecki [Sat, 10 Feb 2018 17:18:40 +0000 (18:18 +0100)]
net: move all iface_vs* options from char* to std::string
Robert Swiecki [Sat, 10 Feb 2018 16:49:15 +0000 (17:49 +0100)]
log: rename log to logs due to clash with glibc's log
Robert Swiecki [Sat, 10 Feb 2018 14:51:47 +0000 (15:51 +0100)]
user: remove unnecessary structs
Robert Swiecki [Sat, 10 Feb 2018 14:50:12 +0000 (15:50 +0100)]
omit keyword 'struct'
Robert Swiecki [Sat, 10 Feb 2018 14:44:42 +0000 (15:44 +0100)]
make depend
Robert Swiecki [Sat, 10 Feb 2018 13:38:01 +0000 (14:38 +0100)]
mnt: replace sys/queue with std::vector
Robert Swiecki [Sat, 10 Feb 2018 04:25:55 +0000 (05:25 +0100)]
move common.h to macros.h
Robert Swiecki [Sat, 10 Feb 2018 04:13:25 +0000 (05:13 +0100)]
nsjail: move pids queue to a vector
Robert Swiecki [Sat, 10 Feb 2018 03:13:39 +0000 (04:13 +0100)]
log: open log file in cloexec mode
Robert Swiecki [Sat, 10 Feb 2018 03:10:18 +0000 (04:10 +0100)]
nsjail: convert a couple of struct fields to std::string
Robert Swiecki [Fri, 9 Feb 2018 23:37:23 +0000 (00:37 +0100)]
nsjail: convert gids/uids to vector of structs
Robert Swiecki [Fri, 9 Feb 2018 22:04:57 +0000 (23:04 +0100)]
nsjail: envs to vector of strings
Robert Swiecki [Fri, 9 Feb 2018 21:47:00 +0000 (22:47 +0100)]
nsjail: move openfd from queue to vector
Robert Swiecki [Fri, 9 Feb 2018 21:35:33 +0000 (22:35 +0100)]
nsjail: convert caps from queue to vector
Robert Swiecki [Fri, 9 Feb 2018 18:12:48 +0000 (19:12 +0100)]
net: faster struct cleaning
Robert Swiecki [Fri, 9 Feb 2018 18:07:29 +0000 (19:07 +0100)]
log: use __PRETTY_FUNCTION__ instead of __func__
Robert Swiecki [Fri, 9 Feb 2018 17:57:31 +0000 (18:57 +0100)]
Makefile: remove C'isms
Robert Swiecki [Fri, 9 Feb 2018 17:56:04 +0000 (18:56 +0100)]
make indent
Robert Swiecki [Fri, 9 Feb 2018 17:55:42 +0000 (18:55 +0100)]
all: move to C++
Robert Swiecki [Fri, 9 Feb 2018 17:45:50 +0000 (18:45 +0100)]
util: move to C++
Robert Swiecki [Fri, 9 Feb 2018 17:26:16 +0000 (18:26 +0100)]
mount: move to C++
Robert Swiecki [Fri, 9 Feb 2018 17:13:17 +0000 (18:13 +0100)]
cgroup: move to C++
Robert Swiecki [Fri, 9 Feb 2018 17:08:11 +0000 (18:08 +0100)]
user: move to C++
Robert Swiecki [Fri, 9 Feb 2018 16:59:51 +0000 (17:59 +0100)]
uts: move to C++
Robert Swiecki [Fri, 9 Feb 2018 16:57:19 +0000 (17:57 +0100)]
pid: move to C++
Robert Swiecki [Fri, 9 Feb 2018 16:49:13 +0000 (17:49 +0100)]
caps: move to C++
Robert Swiecki [Fri, 9 Feb 2018 16:41:16 +0000 (17:41 +0100)]
cpu: move to C++
Robert Swiecki [Fri, 9 Feb 2018 16:27:28 +0000 (17:27 +0100)]
net: move to C++
Robert Swiecki [Fri, 9 Feb 2018 16:16:41 +0000 (17:16 +0100)]
sandbox: move to C++
Robert Swiecki [Fri, 9 Feb 2018 16:09:58 +0000 (17:09 +0100)]
contain: move to C++
Robert Swiecki [Fri, 9 Feb 2018 16:03:02 +0000 (17:03 +0100)]
subproc: move to C++
Robert Swiecki [Fri, 9 Feb 2018 14:44:29 +0000 (15:44 +0100)]
cmdline: move to C++
Robert Swiecki [Thu, 8 Feb 2018 14:24:17 +0000 (15:24 +0100)]
nsjail: make nsjail.c nsjail.cc
Robert Swiecki [Thu, 8 Feb 2018 14:23:26 +0000 (15:23 +0100)]
Merge branch 'master' of github.com:google/nsjail
Robert Swiecki [Thu, 8 Feb 2018 14:23:15 +0000 (15:23 +0100)]
Add missing O_RDONLY here and there
Robert Swiecki [Sun, 4 Feb 2018 03:23:45 +0000 (04:23 +0100)]
cgroup: set cpu period as well
Robert Swiecki [Sun, 4 Feb 2018 03:15:19 +0000 (04:15 +0100)]
cgroups: add support for CPU cgroup
Robert Swiecki [Thu, 1 Feb 2018 13:19:01 +0000 (14:19 +0100)]
sandbox: compile seccomp-bpf policy once only
Robert Swiecki [Wed, 31 Jan 2018 15:04:39 +0000 (16:04 +0100)]
open kafel file in each kafel subproc individually to avoid file pos sharing
Robert Swiecki [Wed, 31 Jan 2018 13:40:23 +0000 (14:40 +0100)]
rewind kafel file before using
robertswiecki [Mon, 8 Jan 2018 01:50:30 +0000 (02:50 +0100)]
Merge pull request #72 from rutsky/fix_tmpfs_size
fix tmpfs size setting
Vladimir Rutsky [Mon, 8 Jan 2018 00:36:12 +0000 (01:36 +0100)]
fix tmpfs size setting
Broken since
c35857cff2c commit.
Signed-off-by: Vladimir Rutsky <rutsky@google.com>
robertswiecki [Tue, 2 Jan 2018 21:55:42 +0000 (22:55 +0100)]
Merge pull request #68 from rutsky/fix_mode_in_error_messages
fix permission values in error messages
Vladimir Rutsky [Tue, 2 Jan 2018 21:43:45 +0000 (22:43 +0100)]
fix permission values in error messages
Signed-off-by: Vladimir Rutsky <rutsky@google.com>
robertswiecki [Wed, 20 Dec 2017 21:32:47 +0000 (22:32 +0100)]
Merge pull request #67 from maxmati/master
Remove redundant check if UTS namespace is enabled
Mateusz Nowotyński [Wed, 20 Dec 2017 18:56:44 +0000 (19:56 +0100)]
Remove redundant check if UTS namespace is enabled
Robert Swiecki [Mon, 18 Dec 2017 01:04:44 +0000 (02:04 +0100)]
new kafel
robertswiecki [Sat, 9 Dec 2017 13:13:11 +0000 (14:13 +0100)]
Merge pull request #66 from kant/patch-1
Minor fixes (proposal)
Darío Hereñú [Sat, 9 Dec 2017 12:05:37 +0000 (09:05 -0300)]
Minor fixes (proposal)
Robert Swiecki [Thu, 7 Dec 2017 14:35:52 +0000 (15:35 +0100)]
configs: use rlimit_cpu_type instead of rlimit_cpu:
18446744073709551615
Robert Swiecki [Thu, 7 Dec 2017 14:06:31 +0000 (15:06 +0100)]
configs/ #typos
Robert Swiecki [Thu, 7 Dec 2017 14:03:23 +0000 (15:03 +0100)]
New config for xchat2 #typos
Robert Swiecki [Thu, 7 Dec 2017 13:39:19 +0000 (14:39 +0100)]
New config for xchat2
Robert Swiecki [Tue, 5 Dec 2017 21:23:48 +0000 (22:23 +0100)]
configs/firefox*: add fontconfig
Robert Swiecki [Tue, 5 Dec 2017 21:13:00 +0000 (22:13 +0100)]
configs/imagemagick: more syscalls allowed
Robert Swiecki [Tue, 5 Dec 2017 14:44:53 +0000 (15:44 +0100)]
config.cc: set exec_file only if arg0 is set
Robert Swiecki [Tue, 5 Dec 2017 14:01:27 +0000 (15:01 +0100)]
configs: some fixes thanks to the write-up at https://offbyinfinity.com/2017/12/sandboxing-imagemagick-with-nsjail/
Robert Swiecki [Sat, 2 Dec 2017 01:53:32 +0000 (02:53 +0100)]
user: correct check for getpwnam/gegrpnam failures
Robert Swiecki [Mon, 20 Nov 2017 16:03:06 +0000 (17:03 +0100)]
remove _NSConcreteStackBlock as we don't use defer{} any more
Robert Swiecki [Wed, 8 Nov 2017 16:20:57 +0000 (17:20 +0100)]
nsjail.h: different if guards for TEMP_FAILURE_RETRY
robertswiecki [Wed, 8 Nov 2017 16:16:53 +0000 (17:16 +0100)]
Merge pull request #64 from ebadi/master
Minor fixes
Hamid Ebadi [Wed, 8 Nov 2017 15:45:02 +0000 (16:45 +0100)]
Minor fixes
robertswiecki [Sat, 4 Nov 2017 16:52:59 +0000 (17:52 +0100)]
Merge pull request #63 from ShikChen/master
Fix max_conns_per_ip
shik [Sat, 4 Nov 2017 14:15:31 +0000 (22:15 +0800)]
fix max_conns_per_ip
Robert Swiecki [Thu, 2 Nov 2017 12:13:07 +0000 (13:13 +0100)]
cmdline: comment on skip_setsid
Robert Swiecki [Thu, 2 Nov 2017 12:08:08 +0000 (13:08 +0100)]
config.proto: comment on skip_setsid
Robert Swiecki [Wed, 1 Nov 2017 13:21:50 +0000 (14:21 +0100)]
subproc: actually si_syscall don't show syscalls
robertswiecki [Sat, 28 Oct 2017 21:36:02 +0000 (23:36 +0200)]
Merge pull request #61 from jvvv/master
Adjust documents for clone_newcgroup change.
John Vogel [Fri, 27 Oct 2017 04:25:59 +0000 (00:25 -0400)]
Adjust documents for clone_newcgroup change.
Change --enable_clone_newcgroup to --disable_clone_newcgroup.
Add comment about kernel version for clone_newcgroup option.
Robert Swiecki [Thu, 26 Oct 2017 23:53:05 +0000 (01:53 +0200)]
Makefile: remove relro,now as it doesn't allow to compile under some archs
Robert Swiecki [Thu, 26 Oct 2017 21:00:15 +0000 (23:00 +0200)]
mount: add info about mounting /proc
Robert Swiecki [Thu, 26 Oct 2017 20:57:14 +0000 (22:57 +0200)]
subproc: reflow comments
Robert Swiecki [Thu, 26 Oct 2017 14:19:30 +0000 (16:19 +0200)]
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config #2
Robert Swiecki [Thu, 26 Oct 2017 14:16:05 +0000 (16:16 +0200)]
cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config
Robert Swiecki [Thu, 26 Oct 2017 00:43:40 +0000 (02:43 +0200)]
configs/ increas rlimit_nofile for firefox
Robert Swiecki [Thu, 26 Oct 2017 00:29:15 +0000 (02:29 +0200)]
mount: const'antize the mountPair struct
Robert Swiecki [Thu, 26 Oct 2017 00:27:18 +0000 (02:27 +0200)]
mount: an array of known mount/vfsmount flag pairs
Robert Swiecki [Thu, 26 Oct 2017 00:17:52 +0000 (02:17 +0200)]
mount: don't reuse flags from statvfs directly for remounting
Robert Swiecki [Wed, 25 Oct 2017 22:35:59 +0000 (00:35 +0200)]
config.proto: reflow field numbering
Robert Swiecki [Wed, 25 Oct 2017 22:34:32 +0000 (00:34 +0200)]
Makefile/indent: add clang-format for proto
Robert Swiecki [Wed, 25 Oct 2017 22:26:02 +0000 (00:26 +0200)]
Makefile/indent: base it on the google template with modifications
Robert Swiecki [Wed, 25 Oct 2017 14:04:28 +0000 (16:04 +0200)]
Robert Swiecki [Wed, 25 Oct 2017 13:57:17 +0000 (15:57 +0200)]
cgroup: remove duplicated check for values
Robert Swiecki [Wed, 25 Oct 2017 13:51:06 +0000 (15:51 +0200)]
nsjail: make njsconf::cgroup_pids_max unsigned int #2
Robert Swiecki [Wed, 25 Oct 2017 13:50:24 +0000 (15:50 +0200)]
nsjail: make njsconf::cgroup_pids_max unsigned int
Robert Swiecki [Wed, 25 Oct 2017 13:44:35 +0000 (15:44 +0200)]
Use uint64_t instead of __rlim64_t
robertswiecki [Wed, 25 Oct 2017 13:35:35 +0000 (15:35 +0200)]
Merge pull request #58 from pandax381/support-cgroup-net-cls
Support cgroup net_cls subsystem
YAMAMOTO Masaya [Wed, 25 Oct 2017 08:56:14 +0000 (17:56 +0900)]
Update documents
YAMAMOTO Masaya [Wed, 25 Oct 2017 08:15:03 +0000 (17:15 +0900)]
Support cgroup net_cls subsystem
Robert Swiecki [Tue, 24 Oct 2017 23:45:39 +0000 (01:45 +0200)]
mount: don't complain about ability to create mount dirs
Robert Swiecki [Tue, 24 Oct 2017 23:34:10 +0000 (01:34 +0200)]
pid: Don't start new ns-init id CLONE_NEWPID is not requested
Robert Swiecki [Tue, 24 Oct 2017 14:20:51 +0000 (16:20 +0200)]
log: do isatty(log_fd) in log constructor
Robert Swiecki [Fri, 20 Oct 2017 13:56:32 +0000 (15:56 +0200)]
subproc: use SIG_SETMASK to unblock all signals
projects / platform / upstream / nsjail.git / log