- Jul 28, 2024
-
-
Martin Mares authored
-
Martin Mares authored
Closes #158.
-
Martin Mares authored
-
- Jul 26, 2024
-
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
-
- Jul 19, 2024
-
-
Martin Mares authored
-
- Jun 21, 2024
-
-
Martin Mares authored
... and does not spew error messages about invalid terminal. This happens when isolate-check-environment is run from a systemd service.
-
- Jun 11, 2024
-
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
DESTDIR should affect only installation, but not paths compiled into executables.
-
- Mar 24, 2024
-
-
Martin Mares authored
-
- Mar 19, 2024
-
-
Martin Mares authored
-
- Mar 15, 2024
-
-
Martin Mares authored
-
- Feb 28, 2024
-
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
This is much better than trying to parse the configuration file in shell. Also, warnings are now printed in yellow.
-
Martin Mares authored
-
Stephan authored
* Update isolate-check-environment for CGroupv2 * Parse cgroup root from config * add more cgroups from cg.c * be quiet when using cgroup root
-
- Feb 27, 2024
-
-
Martin Mares authored
-
- Dec 29, 2023
-
-
Fernando K authored
-
- Dec 16, 2023
-
-
Vasiluță Mihai-Alexandru authored
It seems that on Fedora systems, probably due to some hardening features, memory `malloc`-ed by the `getline()` call when trying to parse the file (when the cgroup root path is in auto mode) is improperly handled after the clone call. Instead of directly setting the pointer to that memory, using `strdup` again seems to do the trick and properly allocate memory just for the string. In addition, this makes the setup of the cf_cg_root variable consistent with config.c, in which it is also strdup-ed in the `cf_string` function.
-
- Oct 27, 2023
-
-
Martin Mares authored
-
Heran Yang authored
-
- Oct 06, 2023
-
-
Martin Mares authored
-
Martin Mares authored
-
- Mar 13, 2023
-
-
Martin Mares authored
In this mode, isolate-cg-keeper records the control group in which it was invoked, so that it need not be hard-coded in configuration. Besides simplifying configuration, this should make it possible to run Isolate within containers, where the cgroup root name is unpredictable.
-
Martin Mares authored
-
Martin Mares authored
This is a wrapper around asprintf() with checking.
-
Martin Mares authored
Our integer arguments cannot be negative, but we store them to signed integer variables (with -1 occasionally meaning "not given"). Hence the right bounds are "unsigned, but fits within an int".
-
Martin Mares authored
This will enable creation of system-wide sandbox managers.
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
-
Martin Mares authored
First, multiple instances of Isolate are not allowed to run on the same sandbox. Second, once a user initializes a sandbox, it cannot be used by other users until it is cleaned up.
-