Daniel Golle
|
9d1431e130
jail: allow passing environment variable to procd jailed process
|
2 éve |
Daniel Golle
|
82dd39024f
jail: make use of per-container netifd via ubus
|
2 éve |
Daniel Golle
|
324ebd0a3c
jail: fs: add support for asymmetric mount bind
|
2 éve |
Daniel Golle
|
1eb4371e25
jail: start ubus and netifd instances for container with netns
|
2 éve |
Daniel Golle
|
482d1ab85f
Revert "jail: do not hack /etc/resolv.conf on container rootfs"
|
2 éve |
Daniel Golle
|
a23c888729
jail: prepare for adding process to existing namespace
|
2 éve |
Daniel Golle
|
167dc249b0
jail: protect against strcat buffer overflows
|
2 éve |
Daniel Golle
|
af048a34bc
jail: use portable sizeof(void *)
|
2 éve |
Daniel Golle
|
3edb7ebecb
jail: check return value when opening console
|
2 éve |
Daniel Golle
|
0603c8d5b0
jail: return to hook callback instead of just calling it
|
2 éve |
Daniel Golle
|
7f2398e789
jail: devices: create parent folder when creating devices
|
2 éve |
Daniel Golle
|
459b3e84ef
jail: fix several issues discovered by Coverity
|
2 éve |
Daniel Golle
|
516bdf26d4
jail: don't ignore return value of write()
|
2 éve |
Daniel Golle
|
220b7160db
jail: ignore return value when creating default /dev symlinks
|
2 éve |
Daniel Golle
|
548d057b5f
jail: don't ignore return value of seteuid()
|
2 éve |
Daniel Golle
|
9bd1b7f095
jail: refactor directory handling for rootfs and overlaydir
|
2 éve |
Daniel Golle
|
05459054fb
jail: make use of realpath() for rootfs and overlaydir
|
2 éve |
Daniel Golle
|
0114c6fc8b
jail: open() extroot folder before mounting
|
2 éve |
Daniel Golle
|
15997e67a5
jail: allow rootfs to be a symbolic link
|
2 éve |
Daniel Golle
|
92aba532aa
jail: increase max additional env records to 64
|
2 éve |
Daniel Golle
|
b0a8ea1c3f
jail: do not hack /etc/resolv.conf on container rootfs
|
2 éve |
Daniel Golle
|
2dcefbd609
jail: add support for cgroup devices as in OCI run-time spec
|
3 éve |
Rosen Penev
|
64e9f3a4ef
procd: fix compilation with newer musl
|
3 éve |
Daniel Golle
|
92c8e8f3c6
jail: remove duplicate check for hook file permissions
|
3 éve |
Daniel Golle
|
7f12c89d0b
treewide: replace local mkdir_p implementations
|
3 éve |
Daniel Golle
|
111416d10b
jail: remove unreachable code
|
3 éve |
Daniel Golle
|
09478ba230
jail: improve seccomp log output
|
3 éve |
Daniel Golle
|
f67a66f196
jail: always call cgroups_free()
|
3 éve |
Daniel Golle
|
31e0a46ded
jail: properly initialize timens_fd
|
3 éve |
Daniel Golle
|
b275b11d89
jail: enter existing cgroups namespace if given
|
3 éve |