projects
/
project
/
procd.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
ujail-console: add missing error handling discovered by coverity
[project/procd.git]
/
jail
/
jail.c
2021-08-14
Daniel Golle
jail: fix several issues discovered by Coverity
blob
|
commitdiff
|
raw
2021-08-04
Daniel Golle
jail: don't ignore return value of write()
blob
|
commitdiff
|
raw
|
diff to current
2021-08-04
Daniel Golle
jail: ignore return value when creating default /dev...
blob
|
commitdiff
|
raw
|
diff to current
2021-08-04
Daniel Golle
jail: don't ignore return value of seteuid()
blob
|
commitdiff
|
raw
|
diff to current
2021-07-18
Daniel Golle
jail: refactor directory handling for rootfs and overlaydir
blob
|
commitdiff
|
raw
|
diff to current
2021-07-17
Daniel Golle
jail: make use of realpath() for rootfs and overlaydir
blob
|
commitdiff
|
raw
|
diff to current
2021-07-15
Daniel Golle
jail: open() extroot folder before mounting
blob
|
commitdiff
|
raw
|
diff to current
2021-07-15
Daniel Golle
jail: allow rootfs to be a symbolic link
blob
|
commitdiff
|
raw
|
diff to current
2021-07-15
Daniel Golle
jail: increase max additional env records to 64
blob
|
commitdiff
|
raw
|
diff to current
2021-07-15
Daniel Golle
jail: do not hack /etc/resolv.conf on container rootfs
blob
|
commitdiff
|
raw
|
diff to current
2021-07-10
Daniel Golle
jail: add support for cgroup devices as in OCI run...
blob
|
commitdiff
|
raw
|
diff to current
2021-03-02
Rosen Penev
procd: fix compilation with newer musl
blob
|
commitdiff
|
raw
|
diff to current
2021-02-02
Daniel Golle
jail: remove duplicate check for hook file permissions
blob
|
commitdiff
|
raw
|
diff to current
2020-12-12
Daniel Golle
treewide: replace local mkdir_p implementations
blob
|
commitdiff
|
raw
|
diff to current
2020-12-09
Daniel Golle
jail: remove unreachable code
blob
|
commitdiff
|
raw
|
diff to current
2020-12-01
Daniel Golle
jail: improve seccomp log output
blob
|
commitdiff
|
raw
|
diff to current
2020-11-30
Daniel Golle
jail: always call cgroups_free()
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: properly initialize timens_fd
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: enter existing cgroups namespace if given
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: don't attempt to mount /sys with noatime
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: fix typo in usage output
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: seteuid before clone(CLONE_NEWUSER)
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: don't fail if can't mount-bind /etc/resolv.conf
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: don't use NULL arguments for mount syscall
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: relax /etc/resolv.conf creation
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: fix and simplify userns uid/gid maps from OCI
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: fix segfault on missing name and refactor
blob
|
commitdiff
|
raw
|
diff to current
2020-11-27
Daniel Golle
jail: leak less memory
blob
|
commitdiff
|
raw
|
diff to current
2020-11-07
Daniel Golle
jail: fix capabilities
blob
|
commitdiff
|
raw
|
diff to current
2020-10-28
Daniel Golle
jail: don't fail if maskedPath cannot be found
blob
|
commitdiff
|
raw
|
diff to current
2020-10-28
Daniel Golle
jail: add support for absolute root path in OCI spec
blob
|
commitdiff
|
raw
|
diff to current
2020-10-28
Daniel Golle
jail: handle mount propagation flags
blob
|
commitdiff
|
raw
|
diff to current
2020-10-28
Daniel Golle
jail: add option for pidfile
blob
|
commitdiff
|
raw
|
diff to current
2020-10-28
Daniel Golle
jail: guard boolean blobmsg attributes
blob
|
commitdiff
|
raw
|
diff to current
2020-10-22
Daniel Golle
jail: mount more stuff read-only
blob
|
commitdiff
|
raw
|
diff to current
2020-10-21
Daniel Golle
jail: capabilities: apply in two phases
blob
|
commitdiff
|
raw
|
diff to current
2020-10-19
Daniel Golle
jail: nuke old capabilities code in favour of reusing...
blob
|
commitdiff
|
raw
|
diff to current
2020-10-19
Daniel Golle
jail: adapt to new ubus socket path
blob
|
commitdiff
|
raw
|
diff to current
2020-08-06
Daniel Golle
jail: fix freeing cgroups avl
blob
|
commitdiff
|
raw
|
diff to current
2020-08-06
Daniel Golle
jail: only free cgroups if they were allocated
blob
|
commitdiff
|
raw
|
diff to current
2020-08-06
Daniel Golle
jail: parse OCI cgroups resources
blob
|
commitdiff
|
raw
|
diff to current
2020-08-06
Daniel Golle
jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
blob
|
commitdiff
|
raw
|
diff to current
2020-08-06
Daniel Golle
jail: use pidns semantics also for timens
blob
|
commitdiff
|
raw
|
diff to current
2020-07-29
Daniel Golle
jail: add 'kill' method to container.%s object
blob
|
commitdiff
|
raw
|
diff to current
2020-07-28
Daniel Golle
jail: add some remaining OCI features
blob
|
commitdiff
|
raw
|
diff to current
2020-07-25
Daniel Golle
jail: serialize hook execution
blob
|
commitdiff
|
raw
|
diff to current
2020-07-25
Daniel Golle
jail: fix build on glibc and uclibc
blob
|
commitdiff
|
raw
|
diff to current
2020-07-21
Daniel Golle
jail: add support for referencing existing namespaces
blob
|
commitdiff
|
raw
|
diff to current
2020-07-20
Rosen Penev
jail: fix wrong format for 32-bit
blob
|
commitdiff
|
raw
|
diff to current
2020-07-20
Daniel Golle
jail: re-implement /proc/sys/net read-write in netns...
blob
|
commitdiff
|
raw
|
diff to current
2020-07-20
Daniel Golle
jail: refactor default mounts into new structure
blob
|
commitdiff
|
raw
|
diff to current
2020-07-20
Daniel Golle
jail: add support for defining devices
blob
|
commitdiff
|
raw
|
diff to current
2020-07-20
Daniel Golle
jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
blob
|
commitdiff
|
raw
|
diff to current
2020-07-19
Daniel Golle
jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj
blob
|
commitdiff
|
raw
|
diff to current
2020-07-19
Daniel Golle
jail: parse and apply POSIX rlimits
blob
|
commitdiff
|
raw
|
diff to current
2020-07-19
Daniel Golle
jail: read and apply umask from OCI if defined
blob
|
commitdiff
|
raw
|
diff to current
2020-07-19
Daniel Golle
jail: implement OCI user additionalGIDs
blob
|
commitdiff
|
raw
|
diff to current
2020-07-19
Daniel Golle
jail: parse and apply OCI sysctl values
blob
|
commitdiff
|
raw
|
diff to current
2020-07-19
Daniel Golle
jail: fix hooks
blob
|
commitdiff
|
raw
|
diff to current
2020-07-17
Daniel Golle
jail: add support for maskedPaths and readonlyPaths
blob
|
commitdiff
|
raw
|
diff to current
2020-07-13
Daniel Golle
jail: don't make mount source read-only
blob
|
commitdiff
|
raw
|
diff to current
2020-07-13
Daniel Golle
jail: refactor mount support to cover OCI spec
blob
|
commitdiff
|
raw
|
diff to current
2020-07-13
Daniel Golle
jail: memory allocation fixes
blob
|
commitdiff
|
raw
|
diff to current
2020-07-13
Daniel Golle
jail: parse and run OCI hooks
blob
|
commitdiff
|
raw
|
diff to current
2020-07-13
Daniel Golle
jail: actually chdir into OCI defined CWD
blob
|
commitdiff
|
raw
|
diff to current
2020-07-13
Daniel Golle
jail: consider PATH for argv in OCI container
blob
|
commitdiff
|
raw
|
diff to current
2020-07-13
Daniel Golle
jail: fix segfault with len(uidmap/gidmap) > 1
blob
|
commitdiff
|
raw
|
diff to current
2020-07-11
Rosen Penev
procd: fix compilation with uClibc-ng
blob
|
commitdiff
|
raw
|
diff to current
2020-07-10
Daniel Golle
jail: add support for running OCI bundle
blob
|
commitdiff
|
raw
|
diff to current
2020-05-28
Daniel Golle
jail: handle containers seperately
blob
|
commitdiff
|
raw
|
diff to current
2020-05-15
Daniel Golle
jail: add option to provide /dev/console to containers
blob
|
commitdiff
|
raw
|
diff to current
2020-05-15
Leonardo Mörlein
jail: unnamed jails can not have netns (fix segfault)
blob
|
commitdiff
|
raw
|
diff to current
2020-05-15
Leonardo Mörlein
jail: SIGSEGV must not be forwarded to the child process
blob
|
commitdiff
|
raw
|
diff to current
2020-04-25
Daniel Golle
jail: don't load libpreload-seccomp.so if it doesn...
blob
|
commitdiff
|
raw
|
diff to current
2020-04-25
Daniel Golle
jail: don't fail unless requirejail is set
blob
|
commitdiff
|
raw
|
diff to current
2020-04-19
Daniel Golle
jail: include /etc/nsswitch.conf in jail for glibc.
blob
|
commitdiff
|
raw
|
diff to current
2020-04-14
Daniel Golle
jail: always mount /dev as additional tmpfs
blob
|
commitdiff
|
raw
|
diff to current
2020-04-13
Daniel Golle
jail: replace /etc/resolv.conf with symlink in extroot...
blob
|
commitdiff
|
raw
|
diff to current
2020-04-13
Daniel Golle
jail: mount /sys read-only
blob
|
commitdiff
|
raw
|
diff to current
2020-04-13
Daniel Golle
jail: make /proc more secure
blob
|
commitdiff
|
raw
|
diff to current
2020-04-12
Daniel Golle
jail: only mess with rootfs if CLONE_NEWNS was set
blob
|
commitdiff
|
raw
|
diff to current
2020-04-09
Daniel Golle
jail: add support for (ram-)overlayfs
blob
|
commitdiff
|
raw
|
diff to current
2020-04-09
Daniel Golle
jail: add support for userns and cgroupsns
blob
|
commitdiff
|
raw
|
diff to current
2020-04-09
Daniel Golle
jail: add support for launching extroot containers
blob
|
commitdiff
|
raw
|
diff to current
2020-03-12
Daniel Golle
jail: mount-bind /etc/resolv.conf for non-netns jails
blob
|
commitdiff
|
raw
|
diff to current
2020-01-21
Daniel Golle
jail: more strict mount options for /tmp/resolv.conf.d/
blob
|
commitdiff
|
raw
|
diff to current
2020-01-21
Daniel Golle
jail: create resolv.conf symlink for netns jails
blob
|
commitdiff
|
raw
|
diff to current
2020-01-21
Daniel Golle
jail: add basic support for network namespaces
blob
|
commitdiff
|
raw
|
diff to current
2019-12-30
Daniel Golle
jail: remove accidentally added lines
blob
|
commitdiff
|
raw
|
diff to current
2019-12-30
Daniel Golle
jail: set user and group inside jail
blob
|
commitdiff
|
raw
|
diff to current
2018-01-02
Rosen Penev
procd: Replace strerror(errno) with %m.
blob
|
commitdiff
|
raw
|
diff to current
2017-02-08
John Crispin
ujail: fix signal forwarding
blob
|
commitdiff
|
raw
|
diff to current
2017-01-10
Etienne CHAMPETIER
ujail: add basic /dev files
blob
|
commitdiff
|
raw
|
diff to current
2016-12-02
Felix Fietkau
ujail: send SIGKILL to jail process if SIGTERM fails
blob
|
commitdiff
|
raw
|
diff to current
2016-06-03
Etienne CHAMPETIER
jail: don't always CLONE_NEWUTS
blob
|
commitdiff
|
raw
|
diff to current
2016-06-01
Etienne CHAMPETIER
jail: ensure mounts are not MS_SHARED to avoid pivot_ro...
blob
|
commitdiff
|
raw
|
diff to current
2016-06-01
Etienne CHAMPETIER
jail: improve some logs
blob
|
commitdiff
|
raw
|
diff to current
2016-06-01
Etienne CHAMPETIER
jail: don't include capabilities config (-C) inside...
blob
|
commitdiff
|
raw
|
diff to current
2016-06-01
Etienne CHAMPETIER
jail: call build_envp() just before execve()
blob
|
commitdiff
|
raw
|
diff to current
2016-06-01
Etienne CHAMPETIER
jail: regroup add_path_and_deps() calls
blob
|
commitdiff
|
raw
|
diff to current
next