Commit Graph

127 Commits

Author SHA1 Message Date
edf144bbc7 Allow overriding HAVE_LANDLOCK irrespectible of kernel verison 2021-05-09 12:59:58 +02:00
67e1afc904 Remove unused policy flag QSSB_FS_ALLOW_NOTHING 2021-05-09 12:59:58 +02:00
2c94fe8225 qssb_path_policy: rename 'mountpoint' to 'path', make 'policy' unsigned 2021-05-09 12:59:58 +02:00
4674638e9a Add landlock policy flags if landlock is supported 2021-05-09 12:59:58 +02:00
8697fd8b84 qssb.h: Add copyright header 2021-05-09 10:02:31 +02:00
ed6a2a1067 Rename general QSSB_MOUNT* flags to QSSB_FS* 2021-05-09 09:35:17 +02:00
9df2e9ee90 seccomp_enable(): Replace param types with correct unsigned int versions 2021-04-18 13:24:49 +02:00
23f697bcc9 Update README.md: Update example projects links, minor improvements 2020-09-26 17:23:51 +02:00
763c65c3fe qssb_enable_policy: check for empty str instead of NULL ptr
This was missed in 0a851790b8
2020-09-26 16:09:43 +02:00
dbdb35db37 Remove wrong static keywords from some qssb_*_policy functions 2020-04-13 23:00:33 +02:00
0a851790b8 change chroot_target_path from pointer to array
Fixes memory leak.

Breaks existing API.
2020-04-13 22:50:30 +02:00
60776be416 only chdir to / by default when actually chrooting and no dir given 2019-12-07 23:44:55 +01:00
ff2bc24c6b only create chroot directory when path policies are available 2019-12-07 23:26:27 +01:00
7547644013 silence multiple compiler warnings 2019-11-17 15:13:25 +01:00
8f104a231c bugfix: qssb_enable_policy: pointer to stack-local variable 2019-11-17 12:50:27 +01:00
fbf51e095f introduce path policies, replacing readonly/writable paths vars 2019-11-16 23:35:08 +01:00
1b8504c052 updated README 2019-11-15 21:53:26 +01:00
6f1b27ee51 qssb_init_policy: explicit cast (for C++) 2019-11-15 21:40:56 +01:00
ee6bd18027 begin a default blacklist of syscalls 2019-11-15 21:17:33 +01:00
8298a30e7c make PATH_MAX consistent across all buffers throughout the code 2019-11-10 12:29:53 +01:00
338e578350 seccomp_enable: fix unused default_action parameter 2019-11-10 12:10:37 +01:00
069349eaf6 generate a random directory for chroot if none given 2019-11-10 12:08:35 +01:00
1de1ae0b32 introduce bitmasks indicating which namespaces to unshare 2019-11-09 21:13:40 +01:00
bad600b3a8 set #defines only if not set already 2019-11-09 20:55:12 +01:00
a7c6ef6c57 bind mount recursively 2019-11-09 16:27:54 +01:00
7a2cf18c19 check drop_caps() return value ; silence compiler warning 2019-11-09 15:47:08 +01:00
200cd7878c Initial commit 2019-11-09 15:41:54 +01:00