Daniel Golle
|
6c5233a16a
jail: capabilities: apply in two phases
|
3 anni fa |
Daniel Golle
|
ebc5a7fe03
jail: nuke old capabilities code in favour of reusing OCI code
|
3 anni fa |
Daniel Golle
|
12a5b97711
jail: adapt to new ubus socket path
|
3 anni fa |
Daniel Golle
|
ab55357dfe
jail: fix freeing cgroups avl
|
3 anni fa |
Daniel Golle
|
282ff0c9a6
jail: only free cgroups if they were allocated
|
3 anni fa |
Daniel Golle
|
16159bb1f7
jail: parse OCI cgroups resources
|
3 anni fa |
Daniel Golle
|
759e9f8b20
jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
|
3 anni fa |
Daniel Golle
|
ead60fe102
jail: use pidns semantics also for timens
|
3 anni fa |
Daniel Golle
|
2d811a4b88
jail: add 'kill' method to container.%s object
|
3 anni fa |
Daniel Golle
|
8ff89701c1
jail: add some remaining OCI features
|
3 anni fa |
Daniel Golle
|
c3ca99f111
jail: serialize hook execution
|
3 anni fa |
Daniel Golle
|
5cb3715a07
jail: fix build on glibc and uclibc
|
3 anni fa |
Daniel Golle
|
c482c5de77
jail: add support for referencing existing namespaces
|
3 anni fa |
Rosen Penev
|
a4df90f257
jail: fix wrong format for 32-bit
|
3 anni fa |
Daniel Golle
|
66ae2d947e
jail: re-implement /proc/sys/net read-write in netns hack
|
3 anni fa |
Daniel Golle
|
f91009a254
jail: refactor default mounts into new structure
|
3 anni fa |
Daniel Golle
|
6f078ae8bb
jail: add support for defining devices
|
3 anni fa |
Daniel Golle
|
f5f305e297
jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
|
3 anni fa |
Daniel Golle
|
76adac5ef4
jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj
|
3 anni fa |
Daniel Golle
|
1c46cc3f84
jail: parse and apply POSIX rlimits
|
3 anni fa |
Daniel Golle
|
0e1920cb00
jail: read and apply umask from OCI if defined
|
3 anni fa |
Daniel Golle
|
c049047be4
jail: implement OCI user additionalGIDs
|
3 anni fa |
Daniel Golle
|
1b1286bd18
jail: parse and apply OCI sysctl values
|
3 anni fa |
Daniel Golle
|
9eddf0ff53
jail: fix hooks
|
3 anni fa |
Daniel Golle
|
268126a3b1
jail: add support for maskedPaths and readonlyPaths
|
3 anni fa |
Daniel Golle
|
b586e7d693
jail: don't make mount source read-only
|
3 anni fa |
Daniel Golle
|
71e75f4011
jail: refactor mount support to cover OCI spec
|
3 anni fa |
Daniel Golle
|
02eec92886
jail: memory allocation fixes
|
3 anni fa |
Daniel Golle
|
fc9f614bf7
jail: parse and run OCI hooks
|
3 anni fa |
Daniel Golle
|
83f4b72ab1
jail: actually chdir into OCI defined CWD
|
3 anni fa |