matth
/
subgraph-oz
mirror of https://github.com/xSmurf/oz.git
1
1
Fork 0
Code Releases Activity

Commit Graph

  • 6f0a1ea94b Moved creation of /tmp in setup before chroot for whitelist support master xSmurf 2015-07-21 17:44:27 +0000
  • a7e891f4fc Tentative: Adding seccomp default blacklist to xpra/xorg server and client xSmurf 2015-07-21 00:29:52 +0000
  • f9214ee18f Fix always set dbus machine-id in case program launches it xSmurf 2015-07-21 00:01:45 +0000
  • 1f4400d3ff Cleanup of profiles to comply with latest wrapper changes xSmurf 2015-07-20 22:32:27 +0000
  • 2f7e27f121 Cleanup passing profile to seccomp wrapper and generic blacklist xSmurf 2015-07-20 22:29:02 +0000
  • 4ff81d924f Tentative: dbus daemon setup for profiles that need it xSmurf 2015-07-20 19:05:40 +0000
  • 9dbfaec596 Creation of /var/run/user/<uid> inside of rootfs setup xSmurf 2015-07-20 19:04:30 +0000
  • f86611af82 Pass full environment to Xpra client xSmurf 2015-07-20 19:01:11 +0000
  • 58a045784d Fixed environ passing in seccomp wrapper xSmurf 2015-07-19 16:03:57 +0000
  • 634df96977 Added default seccomp blacklist policies for each profile. dma 2015-07-19 01:01:11 -0400
  • 1b05e93908 Merge remote-tracking branch 'origin/master' dma 2015-07-19 00:31:54 -0400
  • aa9a2966bc Blacklist support in oz-init. dma 2015-07-19 00:29:50 -0400
  • 68bceab76b Blacklist support for the seccomp wrapper. dma 2015-07-19 00:29:38 -0400
  • 565bb05707 Added blacklist to profile, set to default blacklist for testing. dma 2015-07-19 00:29:06 -0400
  • 2d52e292b2 Experimental seccomp blacklist profiles. dma 2015-07-19 00:28:17 -0400
  • feb35544c8 Added permission checking of profiles, added border option for xpra, pulseaudio option removed (automatically detected from audio mode) xSmurf 2015-07-18 00:11:08 +0000
  • 21016ca49a Moved root permissions check out of config for reuse in profiles xSmurf 2015-07-18 00:09:52 +0000
  • 50556b1bf7 Small fixes xSmurf 2015-07-16 16:42:04 +0000
  • 3f466e9d8e Changed passing of init data through stdin, added support for user groups to be set properly, cleanup torbrowser profile xSmurf 2015-07-15 22:45:57 +0000
  • c4a773822b Godeps save xSmurf 2015-07-13 00:43:55 +0000
  • fd929aba6b fmt xSmurf 2015-07-13 00:38:51 +0000
  • 66725621e8 Typo xSmurf 2015-07-13 00:20:59 +0000
  • 578b78402d Make sure our parent is always pid 1 xSmurf 2015-07-12 22:38:01 +0000
  • 0ce0904c9c Cleanup env var in mount xSmurf 2015-07-12 22:24:15 +0000
  • 6df101331f Cleanup xSmurf 2015-07-12 22:22:39 +0000
  • 046bc48d51 Rename xSmurf 2015-07-12 22:20:04 +0000
  • 2356480035 Remove some debug output. dma 2015-07-12 18:13:40 -0400
  • fe617bdc44 Updated evince seccomp whitelist policy for testing. dma 2015-07-12 16:56:58 -0400
  • 8f6e13a009 Oops. David Mirza Ahmad 2015-07-12 16:49:41 -0400
  • ee4349cb61 Merge remote-tracking branch 'origin/master' dma 2015-07-12 16:48:07 -0400
  • 122e2fd171 Testing: updated profile for evince with example seccomp whitelist policy. dma 2015-07-12 16:44:42 -0400
  • a44a8ae679 Add seccomp configuration params to the Oz profile specification/parser dma 2015-07-12 16:43:15 -0400
  • 7fca7e3cfc Comment broke build, temporarily removing this dma 2015-07-12 16:42:04 -0400
  • 94da04bbc8 Add seccomp wrapper to oz-init dma 2015-07-12 16:41:03 -0400
  • 3b0d225c62 Seccomp filter exec wrapper for testing purposes dma 2015-07-12 16:38:10 -0400
  • 2a10500049 Fixed passing of usefulldev xSmurf 2015-07-12 04:02:39 +0000
  • 380757451c Cleanup xSmurf 2015-07-12 04:02:23 +0000
  • 2ef6fcc8be Fixed adding of pwd ot binded argument files xSmurf 2015-07-12 04:01:30 +0000
  • 05ce673b01 removed unused dependencies xSmurf 2015-07-11 05:42:04 +0000
  • 7c50fdf30b grsec `chroot_deny_mknod` no longer required since last fs overhaul, edited readme to reflect so. xSmurf 2015-07-11 05:28:52 +0000
  • 69e1da1a64 Formatting xSmurf 2015-07-10 20:30:15 +0000
  • fd6ec994d5 Typo xSmurf 2015-07-10 17:30:43 +0000
  • 18e1b5d886 Added mentions regarding the GNOME Shell extension xSmurf 2015-07-10 17:28:25 +0000
  • 89579c5673 Typo xSmurf 2015-07-09 20:39:59 +0000
  • b35a9cc8a6 Cleanup xSmurf 2015-07-09 19:58:53 +0000
  • ac66ebb47f Added /var/crashes to list of empty directories xSmurf 2015-07-09 19:58:25 +0000
  • 755d70b1b3 Cleanup u/mount files xSmurf 2015-07-09 07:44:58 +0000
  • 11586f1e31 Path clean xSmurf 2015-07-09 06:03:17 +0000
  • 820a31d253 Added get config message xSmurf 2015-07-08 22:39:54 +0000
  • 9f81491fc6 Fixed passing of home dir to un/mount utilities xSmurf 2015-07-07 04:01:27 +0000
  • 6463dbdfc1 Merge branch 'master' of ssh://github.com/subgraph/oz xSmurf 2015-07-07 00:30:49 +0000
  • 8ca77723e3 Added mount/umount messages; readonly flag for oz-mount xSmurf 2015-07-07 00:30:34 +0000
  • 5a2b5ab375 Added 'killall' command for convenience xSmurf 2015-07-07 00:29:01 +0000
  • c827fa981f logging xSmurf 2015-07-07 00:27:03 +0000
  • c519e3959a Typo xSmurf 2015-07-07 00:26:21 +0000
  • e1d51e915a Cleanup xSmurf 2015-07-04 01:52:27 +0000
  • f857b1c1c1 Fixed typo David Mirza Ahmad 2015-06-30 20:59:22 -0400
  • 38e1f9ac55 fluf xSmurf 2015-06-30 21:34:05 +0000
  • ae38d67a27 Horizontal logo docs xSmurf 2015-06-30 21:23:38 +0000
  • 90417ff9f2 Added logos xSmurf 2015-06-30 21:11:56 +0000
  • 3654a6be5a Fixed linking of webm video xSmurf 2015-06-30 20:42:22 +0000
  • 7c0fa0eb83 formatting xSmurf 2015-06-30 20:32:15 +0000
  • 6735ddb1c7 Added link to technical doc xSmurf 2015-06-30 20:21:29 +0000
  • 42c7940813 Adding README file xSmurf 2015-06-30 20:08:50 +0000
  • 28f76051ab Added video demo to docs xSmurf 2015-06-30 20:07:16 +0000
  • 953528cddb Added json tag for read_only whitelist xSmurf 2015-06-30 19:10:46 +0000
  • f528915910 Ignore empty env declarations xSmurf 2015-06-30 19:09:40 +0000
  • 319157a1d5 fmt xSmurf 2015-06-29 23:53:16 +0000
  • 21913e9611 Wooops xSmurf 2015-06-29 23:50:31 +0000
  • c3b5b2f302 Cleanup xSmurf 2015-06-29 23:44:00 +0000
  • fd5de9e133 Fixed notification flag to xpra profile xSmurf 2015-06-29 23:36:27 +0000
  • 82d96c2648 Changed audio profile setting to more selective audio_mode xSmurf 2015-06-29 21:20:49 +0000
  • 3c920c4fc1 Tentative: whitelist files passed as arguments inside of the sandbox xSmurf 2015-06-29 20:34:08 +0000
  • 7f9c8b1c1c Changed initpath and clientpath to use single install path prefix instead xSmurf 2015-06-29 20:32:06 +0000
  • 77136cb5ea Ignore warning if nm ignore file is empty xSmurf 2015-06-29 20:27:07 +0000
  • 2313bd6a34 Pass proper creds to xpra.Stop() xSmurf 2015-06-29 20:24:47 +0000
  • ce1026bced Pass proper creds to xpra.Stop() xSmurf 2015-06-29 20:23:40 +0000
  • 0ff84bb605 Whoops xSmurf 2015-06-27 06:31:35 +0000
  • 0c0da4a5b1 Blacklist items binded as readonly... take two xSmurf 2015-06-27 04:51:15 +0000
  • 858702d89b Blacklist items binded as readonly xSmurf 2015-06-27 04:39:05 +0000
  • 2d0b33ce7e Cleanup of checking for recursing sandboxes from oz-client xSmurf 2015-06-26 21:38:42 +0000
  • b52ed64e7a Cleanup oz-init-control when sandbox exits xSmurf 2015-06-26 21:14:27 +0000
  • 93ef716d94 Adding reloading of profiles on SIGHUP, cleanup network code preparation for reconfigure routines xSmurf 2015-06-26 20:37:14 +0000
  • b72d77b891 Unsetenv > Setenv "" as the former is unavailable in golang 1.3 xSmurf 2015-06-26 20:28:50 +0000
  • 94f84a0063 Merge branch 'master' of ssh://github.com/subgraph/oz xSmurf 2015-06-26 19:47:38 +0000
  • f7931e1ff7 Merge remote-tracking branch 'origin/master' brl 2015-06-26 15:47:11 -0400
  • 764b963ab6 move rootfs setup to oz-init brl 2015-06-26 15:46:55 -0400
  • 316299ce94 when resolving ${PATH}, setup a fake PATH env variable if no path is set brl 2015-06-26 15:46:34 -0400
  • eed82851f0 Cleanup error output xSmurf 2015-06-26 17:27:22 +0000
  • ef3d65e744 Merge branch 'master' of ssh://github.com/subgraph/oz xSmurf 2015-06-26 17:23:19 +0000
  • c2d559027b Added multiple executables to evince profile xSmurf 2015-06-26 17:23:09 +0000
  • d4113399e3 Don't barf on missing blacklist items, cleanup of makedev mode setting xSmurf 2015-06-25 21:36:12 +0000
  • 962f7c877b clean command no longer needed brl 2015-06-25 15:11:12 -0400
  • b9aba84682 sure enough, that won't work. launch oz-daemon with unshare for now brl 2015-06-25 14:59:33 -0400
  • 818b1124d6 don't hang when xpra client fails to launch brl 2015-06-25 14:58:23 -0400
  • 08c2d1207e added helper function to resolve paths correctly both inside and outside of chroot brl 2015-06-25 14:37:57 -0400
  • 4e12488ca5 resolve vars and globbing internally in fs package brl 2015-06-25 14:17:24 -0400
  • 539bed1768 use os.Getpid() != 1 to detect and warn about manual launch brl 2015-06-25 13:32:46 -0400
  • d8fd556219 should use BindOrCreate here brl 2015-06-25 13:26:20 -0400
  • 351cc883f0 big fs refactor to use a single rootfs brl 2015-06-25 13:06:58 -0400