aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* fixes merge related problems with branch feature/jail_packetlns2019-02-04
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* Merge branch 'feature/jail_packet'lns2019-02-04
|\
| * Introduced the protocol->jail binary packet.feature/jail_packetlns2019-02-04
| | | | | | | | | | | | | | | | We are using a handler/callback functions to obtain additional information from the protocol handler and transmit it to the sandbox. Signed-off-by: lns <matzeton@googlemail.com>
| * event buffer fill/drainlns2018-08-22
| | | | | | | | Signed-off-by: lns <matzeton@googlemail.com>
| * basic jail packet parsing functionslns2018-08-13
| | | | | | | | Signed-off-by: lns <matzeton@googlemail.com>
| * setup basic jail packet structs/funcsToni Uhlig2018-08-11
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | x86/x86_64 require arch_prctl()lns2019-02-04
| | | | | | | | Signed-off-by: lns <matzeton@googlemail.com>
* | mount /proc readonly in sandboxToni Uhlig2019-01-24
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | adjusted allowed/disabled syscalls regarding OpenWrt compatibility, enable ↵Toni Uhlig2019-01-24
| | | | | | | | | | | | ptrace support for sandboxed apps (disabled by default), setsid/setpgrp during jail init Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | delegate/save errno in pevent forward_connectionToni Uhlig2019-01-24
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | pseccomp: allow old x32 chown32 syscall for default allowedToni Uhlig2019-01-22
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | SECCOMP: allow getdents for protocol/jailToni Uhlig2019-01-17
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | - use per target LIBS to skip linking other apps with superfluous libsToni Uhlig2018-09-10
| | | | | | | | | | | | - print ./configure (C|LD)FLAGS and LIBS Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | fake /sbin/init skeletonToni Uhlig2018-09-09
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | do not print an error if network namespace does not exist, which happens on ↵Toni Uhlig2018-08-30
| | | | | | | | | | | | purpose Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | enable SECCOMP text/bpf exportToni Uhlig2018-08-30
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | print usage if an invalid/missing config was detectedToni Uhlig2018-08-14
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | fixed some code style issues reported by codacyToni Uhlig2018-08-14
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | log2syslogToni Uhlig2018-08-13
|/ | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* ssh login cache saves denied user/pass combinationsToni Uhlig2018-08-10
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* removed keyboard INTERACTIVE from auth methods and added PUBLICKEY (denies ↵Toni Uhlig2018-08-10
| | | | | | access atm) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* log notice if client wants to use AUTH_METHOD_NONE(1) e.g. when reading the ↵lns2018-08-10
| | | | | | ssh banner Signed-off-by: lns <matzeton@googlemail.com>
* potd --help example is now shell compatiblelns2018-08-10
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* user-namepsace: use macro instead of commenting out uid-mapping setuplns2018-08-10
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* use potd event buffer as epoll data instead of a fdlns2018-08-07
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* do not spam logs with nonexistant files/dirs while trying to disable thoselns2018-08-07
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* additional autoconf check for ambient raise securebit to support kernels ↵Toni Uhlig2018-08-02
| | | | | | prior 4.3 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* set PR_SET_SECUREBITS and PR_SET_NO_NEW_PRIVSlns2018-08-02
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* Merge branch 'master' of ssh://127.0.0.1:2223/git/potdlns2018-07-23
|\
| * fixed/ignore coverity errors/false-positivesToni Uhlig2018-07-20
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| * gitlab/travis: run cppcheck only in ./src, disabled potd --test as it is not ↵Toni Uhlig2018-07-20
| | | | | | | | | | | | properly functioning in docker env's Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| * added TODO regarding gitlab/travis problemsToni Uhlig2018-07-20
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| * fixed typo, temporarily disabled selftest functions (for some reason they ↵Toni Uhlig2018-07-20
| | | | | | | | | | | | dont work on CI) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | force flawfinder to ignore false-positives for correctly used functions such ↵lns2018-07-23
|/ | | | | | as realpath, snprintf, vsnprintf, etc Signed-off-by: lns <matzeton@googlemail.com>
* added compat module and functionslns2018-07-19
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* ArchLinux: fixed compiler warnings (libc functions marked withlns2018-07-18
| | | | | | warn_unused_result) Signed-off-by: lns <matzeton@googlemail.com>
* Coverity CID 301785: check return value of remove() although it is not necessaryToni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301781: fixed wrong if clause for socket() return value checkToni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301775: check for valid fd before close()Toni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301780: fixed missing break (that was on purpose by the dev but ↵Toni Uhlig2018-07-18
| | | | | | obv it does not make sense) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301773: out-of-bounds array access fixed (false positive anyway)Toni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301774: do not call any log function after chroot but before ↵Toni Uhlig2018-07-18
| | | | | | chdir("/") Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301779: check return value of chmod()Toni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301779: fixed fd leakToni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Copyright info updatedToni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301781: fixed resource leak when ioctl failsToni Uhlig2018-07-17
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* selftest: test jail/sandbox during startup or with --testlns2018-07-17
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* selftest: check existence of additional directoriesToni Uhlig2018-07-16
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* selftest: print detailed error if file/dir checks failToni Uhlig2018-07-16
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* selftest: added valgrind check and print warningToni Uhlig2018-07-16
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.