提交線圖

7 次程式碼提交

作者 SHA1 備註 日期
c4072a7e95 Sandbox: Remove multiple stages
While interesitng in theory, there is nothing to be gained here,
because we don't really have user input at those early stages.

As we are also not a privileged process, those early stage
sandboxes in the end are not worth it, since they increase
complexity while there is no benefit in practise.

So, reduce those 3 stages to a single one (enable()), which we
activate after CLI server has launched.
2021-10-03 23:53:56 +02:00
67eb8b6428 sandbox: adjust to latest qssb.h 2021-09-23 17:13:08 +02:00
75f76f58eb sandbox: First version using qssb.h 2020-09-26 17:13:29 +02:00
2d0bd713e5 sandbox-linux: call seccomp_release, remove unnecessary iteration 2019-08-21 20:14:44 +02:00
1e150144e6 sandboxing: check whether debian specific patch disables user namespaces for unpriv users 2019-08-12 09:06:32 +02:00
e14aa99a4b sandbox: paths must be bind mounted in order of their length 2019-08-11 21:03:50 +02:00
f83c705230 Begin sandboxing support, README updates. 2019-08-11 20:10:38 +02:00