Proto commits in google/nsjail

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

2024-06-27

config.proto: reflow field numbering

The documentation is generated from this commit.

2023-09-22

Makefile: indent .proto with the same cmd as *.cc *.h

2022-11-22

config.prot: document disable_tsc

2022-11-17

Setup cgroup.subtree_control controllers when necessary in cgroupsv2 This commit adds extra setup when cgroupsv2 is enabled. In particular, we make sure that the root namespace has setup cgroup.subtree_control with the controllers we need. If the necessary controller are not listed, we have to move all processes out of the root namespace before we can change this (the 'no internal processes' rule: https://unix.stackexchange.com/a/713343). Currently we only handle the case where the nsjail process is the only process in the cgroup. It seems like this would be relatively rare, but since nsjail is frequently the root process in a Docker container (e.g. for hosting CTF challenges), I think this case is common enough to make it worth implementing. This also adds `--detect_cgroupv2`, which will attempt to detect whether `--cgroupv2_mount` is a valid cgroupv2 mount, and if so it will set `use_cgroupv2`. This is useful in containerized environments where you may not know the kernel version ahead of time. References: https://github.com/redpwn/jail/blob/master/internal/cgroup/cgroup2.go

2022-06-05

nsjail: Optionally forward fatal signals Currently, we always kill children by sending them a SIGKILL signal in case we've got a fatal signal. This is rather inflexible and forbids some usecases where e.g. child process listen for specific signals to shut down gracefully. Add a new command configuration `--forward_signals` that allows the user to opt-in to forwarding fatal signals to the child process.

2022-02-17

Add `disable_tsc` option Implemented via prctl(PR_SET_TSC, PR_TSC_SIGSEGV, ...).

2021-11-01

cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max

2021-10-11

Add support for setting cgroup memory.memsw.limit_in_bytes

2021-08-10

config.proto: renumerate fields

2021-08-04

Fix duplicate field number

2021-08-03

Fix formatting

Merge branch 'use_switchroot'

2021-07-20

rtprio, msgqueue - defaulting to 'soft'

Renaming use_switchroot option with no_pivotroot

Consistentency with RLIMIT_* constant name

2021-07-19

Added rt, memlock & msgq limits

2021-06-17

Added use_switchroot option

2021-06-16

MACVLAN modes support

2021-05-18

Enable support for clone3() and for CLONE_NEWTIME

2021-05-11

Initial support for CLONE_NEWTIME

2021-02-09

net: add support for max_conns

2020-07-28

config.proto: make indent

config.proto: renumerate config fields

2020-07-16

Fixes #146: cgroups_mem_max unit in config.proto This commit fixes the incorrect cgroups_mem_max unit described in a config.proto comment. We do not perform any calculations on this value and we don't specify the values unit (k/M/G) when writing to memory cgroup controller files, so the value is specified in bytes.

2020-07-09

config: remove deprecated config options

2019-12-07

Fix default rlimit_stack value The default `rlimit_stack` value was set to 1048576. However, this value is in MiB and so is later multiplied by 1024*1024 in https://github.com/google/nsjail/blob/b3d544d155f5d1543dce1bd3e5327ef41583815a/config.cc#L161-L162 and it ends up as a limit of 1 TB for the stack size. This PR changes it to 8 MB which is a more sane default or, at least I took it from my virtual machine's ulimits: ``` $ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 31175 max locked memory (kbytes, -l) 16384 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 31175 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited ```

2019-10-02

config: simplify log/logfd setting

2019-09-06

Fix typo in config.proto: s/lofs/logs/

2019-08-28

standardize on envar vs envvar

2019-08-19

config.proto: move disable_rl higher

2019-08-05

Add flag to disable rlimits

2019-08-04

make indent depend

2019-07-26

[cgroup-v2] support cgroup v2 for mem, cpu and pids

2019-06-30

Add nice_level to cmd-line/config options

2019-06-28

user: don't fail on setgroup() if not groups were specified

2019-04-01

config.proto: Exe.path is required

2019-03-30

cmdline: allow to override config cmdline with cmdline cmdline

2019-03-18

mnt: use /run/usr/<uid> first when mounting dirs

2019-03-12

subproc: save/restore errno when printing error message twice

2019-02-06

incrase the default RLIMIT_AS limit to 4GiB. 512MiB is not enough for many payloas, and cgroups should be used for memory limiting anyway

2018-12-05

cmdline: clarify cgroup_cpu_ms_per_sec

2018-11-08

config.proto: renumber the fields

2018-11-06

config.proto: comments

2018-10-28

cmdline: add ability to passthrough current envvars

2018-10-24

code formatting

2018-10-23

Remove duplicate code Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>

Added --macvlan_vs_ma switch to be able to set macvlan's mac-address. Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>

2018-07-31

Update config.proto

Update config.proto

2018-07-27

mnt: added nosuid/nodev/noexec flags to config Closes #70

2018-06-25

config: Implement --stderr_to_null

2018-06-03

config: add --iface_own to the proto config

2018-05-23

config: add support for seccomp_log

2018-04-28

config.proto: deprecated --chroot and friends

2018-02-11

mnt: move mnt_t to std::string

2018-02-04

cgroups: add support for CPU cgroup

2017-11-02

config.proto: comment on skip_setsid

2017-10-26

cmdline/config: make --enable_clone_newcgroup obsolete by enabling CLONE_NEWCGROUP by default. This can be disabled by flags/config

2017-10-25

config.proto: reflow field numbering

Makefile/indent: add clang-format for proto

Support cgroup net_cls subsystem

2017-10-18

cmdline: add option --execute_fd and support for it, in order to use execveat()

2017-10-08

config.proto: reflow numbering of fields

2017-10-06

config.proto: comments

config: indent

config: allow to use soft/hard/inf limits for rlimits

2017-09-27

config: make defaults work correctly

2017-09-14

config: Initial work on converting config.c to c++ protobuf lib config: Initial work on converting config.c to c++ protobuf lib #2 config: Initial work on converting config.c to c++ protobuf lib #3 config: Initial work on converting config.c to c++ protobuf lib #4 config: Initial work on converting config.c to c++ protobuf lib #5 config: Initial work on converting config.c to c++ protobuf lib #6

2017-07-05

config: bind caps

caps: just local caps

caps: simplify capability operations

2017-07-01

config.proto: reflow field numbering to make it sequential

2017-06-28

Allow to create symlinks

2017-06-21

config: max_cpu_num -> max_cpus

2017-06-19

config: implement max_cpu_num in PB

2017-06-12

config: give ability to override argv[0]

config.proto: clang-format

2017-06-11

Slight fixes to log_fd

Add an extra log_fd argument to specify an FD to log to. In some situations, setting --log to /proc/self/fd/# is not sufficient to log out to a different FD. For instance, if a master process passes its stderr to the child nsjail process as fd 3, the nsjail child may not always be able to log to /proc/self/fd/3, e.g. if the master process is running under systemd, whose /proc/self/fd/2 is actually a socket and not a pipe. However, having nsjail write to fd 3 directly is fine and there's no other good way to handle this situation.

2017-05-29

Get rid of pivot_root_only - achieve the same in different way

2017-05-28

config: implement keep caps

add configs/firefox-with-cloned-net.cfg

2017-05-27

config: switch is_ro to rw

Support envvars on mount path definitions

config: add name and description

config: smaller fixes (logging/comments)

config: indent

mount: nonmandatory mounts

config: allow skipping arguments in mount points

config: support for envvars

clang-format on config.proto

config: description

config: description

config: description

config: description

config: executable in config

config: presumably all options

2017-05-26

config: support seccomp filters

config: support mounts

config: compact-ize uid/gid map options