Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fixes merge related problems with branch feature/jail_packet | lns | 2019-02-04 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | Merge branch 'feature/jail_packet' | lns | 2019-02-04 |
|\ | |||
| * | Introduced the protocol->jail binary packet.feature/jail_packet | lns | 2019-02-04 |
| | | | | | | | | | | | | | | | | We are using a handler/callback functions to obtain additional information from the protocol handler and transmit it to the sandbox. Signed-off-by: lns <matzeton@googlemail.com> | ||
| * | event buffer fill/drain | lns | 2018-08-22 |
| | | | | | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
| * | basic jail packet parsing functions | lns | 2018-08-13 |
| | | | | | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
| * | setup basic jail packet structs/funcs | Toni Uhlig | 2018-08-11 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | x86/x86_64 require arch_prctl() | lns | 2019-02-04 |
| | | | | | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | | mount /proc readonly in sandbox | Toni Uhlig | 2019-01-24 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | adjusted allowed/disabled syscalls regarding OpenWrt compatibility, enable ↵ | Toni Uhlig | 2019-01-24 |
| | | | | | | | | | | | | ptrace support for sandboxed apps (disabled by default), setsid/setpgrp during jail init Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | delegate/save errno in pevent forward_connection | Toni Uhlig | 2019-01-24 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | pseccomp: allow old x32 chown32 syscall for default allowed | Toni Uhlig | 2019-01-22 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | SECCOMP: allow getdents for protocol/jail | Toni Uhlig | 2019-01-17 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | - use per target LIBS to skip linking other apps with superfluous libs | Toni Uhlig | 2018-09-10 |
| | | | | | | | | | | | | - print ./configure (C|LD)FLAGS and LIBS Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | fake /sbin/init skeleton | Toni Uhlig | 2018-09-09 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | do not print an error if network namespace does not exist, which happens on ↵ | Toni Uhlig | 2018-08-30 |
| | | | | | | | | | | | | purpose Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | enable SECCOMP text/bpf export | Toni Uhlig | 2018-08-30 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | print usage if an invalid/missing config was detected | Toni Uhlig | 2018-08-14 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | fixed some code style issues reported by codacy | Toni Uhlig | 2018-08-14 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | log2syslog | Toni Uhlig | 2018-08-13 |
|/ | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | ssh login cache saves denied user/pass combinations | Toni Uhlig | 2018-08-10 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | removed keyboard INTERACTIVE from auth methods and added PUBLICKEY (denies ↵ | Toni Uhlig | 2018-08-10 |
| | | | | | | access atm) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | log notice if client wants to use AUTH_METHOD_NONE(1) e.g. when reading the ↵ | lns | 2018-08-10 |
| | | | | | | ssh banner Signed-off-by: lns <matzeton@googlemail.com> | ||
* | potd --help example is now shell compatible | lns | 2018-08-10 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | user-namepsace: use macro instead of commenting out uid-mapping setup | lns | 2018-08-10 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | use potd event buffer as epoll data instead of a fd | lns | 2018-08-07 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | do not spam logs with nonexistant files/dirs while trying to disable those | lns | 2018-08-07 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | additional autoconf check for ambient raise securebit to support kernels ↵ | Toni Uhlig | 2018-08-02 |
| | | | | | | prior 4.3 Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | set PR_SET_SECUREBITS and PR_SET_NO_NEW_PRIVS | lns | 2018-08-02 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | Merge branch 'master' of ssh://127.0.0.1:2223/git/potd | lns | 2018-07-23 |
|\ | |||
| * | fixed/ignore coverity errors/false-positives | Toni Uhlig | 2018-07-20 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | gitlab/travis: run cppcheck only in ./src, disabled potd --test as it is not ↵ | Toni Uhlig | 2018-07-20 |
| | | | | | | | | | | | | properly functioning in docker env's Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | added TODO regarding gitlab/travis problems | Toni Uhlig | 2018-07-20 |
| | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | fixed typo, temporarily disabled selftest functions (for some reason they ↵ | Toni Uhlig | 2018-07-20 |
| | | | | | | | | | | | | dont work on CI) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | | force flawfinder to ignore false-positives for correctly used functions such ↵ | lns | 2018-07-23 |
|/ | | | | | | as realpath, snprintf, vsnprintf, etc Signed-off-by: lns <matzeton@googlemail.com> | ||
* | added compat module and functions | lns | 2018-07-19 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | ArchLinux: fixed compiler warnings (libc functions marked with | lns | 2018-07-18 |
| | | | | | | warn_unused_result) Signed-off-by: lns <matzeton@googlemail.com> | ||
* | Coverity CID 301785: check return value of remove() although it is not necessary | Toni Uhlig | 2018-07-18 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Coverity CID 301781: fixed wrong if clause for socket() return value check | Toni Uhlig | 2018-07-18 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Coverity CID 301775: check for valid fd before close() | Toni Uhlig | 2018-07-18 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Coverity CID 301780: fixed missing break (that was on purpose by the dev but ↵ | Toni Uhlig | 2018-07-18 |
| | | | | | | obv it does not make sense) Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Coverity CID 301773: out-of-bounds array access fixed (false positive anyway) | Toni Uhlig | 2018-07-18 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Coverity CID 301774: do not call any log function after chroot but before ↵ | Toni Uhlig | 2018-07-18 |
| | | | | | | chdir("/") Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Coverity CID 301779: check return value of chmod() | Toni Uhlig | 2018-07-18 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Coverity CID 301779: fixed fd leak | Toni Uhlig | 2018-07-18 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Copyright info updated | Toni Uhlig | 2018-07-18 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | Coverity CID 301781: fixed resource leak when ioctl fails | Toni Uhlig | 2018-07-17 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | selftest: test jail/sandbox during startup or with --test | lns | 2018-07-17 |
| | | | | Signed-off-by: lns <matzeton@googlemail.com> | ||
* | selftest: check existence of additional directories | Toni Uhlig | 2018-07-16 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | selftest: print detailed error if file/dir checks fail | Toni Uhlig | 2018-07-16 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
* | selftest: added valgrind check and print warning | Toni Uhlig | 2018-07-16 |
| | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> |