|
2c94fe8225
|
qssb_path_policy: rename 'mountpoint' to 'path', make 'policy' unsigned
|
2021-05-09 12:59:58 +02:00 |
|
|
4674638e9a
|
Add landlock policy flags if landlock is supported
|
2021-05-09 12:59:58 +02:00 |
|
|
8697fd8b84
|
qssb.h: Add copyright header
|
2021-05-09 10:02:31 +02:00 |
|
|
ed6a2a1067
|
Rename general QSSB_MOUNT* flags to QSSB_FS*
|
2021-05-09 09:35:17 +02:00 |
|
|
9df2e9ee90
|
seccomp_enable(): Replace param types with correct unsigned int versions
|
2021-04-18 13:24:49 +02:00 |
|
|
23f697bcc9
|
Update README.md: Update example projects links, minor improvements
|
2020-09-26 17:23:51 +02:00 |
|
|
763c65c3fe
|
qssb_enable_policy: check for empty str instead of NULL ptr
This was missed in 0a851790b8
|
2020-09-26 16:09:43 +02:00 |
|
|
dbdb35db37
|
Remove wrong static keywords from some qssb_*_policy functions
|
2020-04-13 23:00:33 +02:00 |
|
|
0a851790b8
|
change chroot_target_path from pointer to array
Fixes memory leak.
Breaks existing API.
|
2020-04-13 22:50:30 +02:00 |
|
|
60776be416
|
only chdir to / by default when actually chrooting and no dir given
|
2019-12-07 23:44:55 +01:00 |
|
|
ff2bc24c6b
|
only create chroot directory when path policies are available
|
2019-12-07 23:26:27 +01:00 |
|
|
7547644013
|
silence multiple compiler warnings
|
2019-11-17 15:13:25 +01:00 |
|
|
8f104a231c
|
bugfix: qssb_enable_policy: pointer to stack-local variable
|
2019-11-17 12:50:27 +01:00 |
|
|
fbf51e095f
|
introduce path policies, replacing readonly/writable paths vars
|
2019-11-16 23:35:08 +01:00 |
|
|
1b8504c052
|
updated README
|
2019-11-15 21:53:26 +01:00 |
|
|
6f1b27ee51
|
qssb_init_policy: explicit cast (for C++)
|
2019-11-15 21:40:56 +01:00 |
|
|
ee6bd18027
|
begin a default blacklist of syscalls
|
2019-11-15 21:17:33 +01:00 |
|
|
8298a30e7c
|
make PATH_MAX consistent across all buffers throughout the code
|
2019-11-10 12:29:53 +01:00 |
|
|
338e578350
|
seccomp_enable: fix unused default_action parameter
|
2019-11-10 12:10:37 +01:00 |
|
|
069349eaf6
|
generate a random directory for chroot if none given
|
2019-11-10 12:08:35 +01:00 |
|
|
1de1ae0b32
|
introduce bitmasks indicating which namespaces to unshare
|
2019-11-09 21:13:40 +01:00 |
|
|
bad600b3a8
|
set #defines only if not set already
|
2019-11-09 20:55:12 +01:00 |
|
|
a7c6ef6c57
|
bind mount recursively
|
2019-11-09 16:27:54 +01:00 |
|
|
7a2cf18c19
|
check drop_caps() return value ; silence compiler warning
|
2019-11-09 15:47:08 +01:00 |
|
|
200cd7878c
|
Initial commit
|
2019-11-09 15:41:54 +01:00 |
|