summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* README: Redirect to bubblewrapHEADmasterColin Walters2016-05-021-0/+13
* README: Link to BazelColin Walters2015-09-081-0/+9
* Release 2015.1v2015.1Colin Walters2015-09-061-1/+1
* doc: Add --mount-devapi, some typo fixesColin Walters2015-09-061-4/+7
* core: Update comment for private/slave mode of / mountColin Walters2015-09-061-4/+5
* core: Update comments around PR_SET_NO_NEW_PRIVS and nosuid mountColin Walters2015-09-061-10/+7
* TODO: UpdateColin Walters2015-09-051-0/+20
* Add --mount-devapi optionmore-restriction-optionsColin Walters2015-09-055-1/+176
* README: UpdateColin Walters2015-09-011-11/+22
* docs: Update to note we do containers, but are mainly for build systemsColin Walters2015-09-012-7/+10
* Drop -newnet variantColin Walters2015-09-014-182/+0
* seccomp: Add ptrace to blacklistColin Walters2015-08-291-2/+5
* Add seccomp and rules imported from xdg-app/Sandstorm.ioColin Walters2015-08-287-3/+301
* Import S390/CRIS raw_clone syscall ordering fixColin Walters2015-08-251-1/+13
* Drop use of SECBIT_NOROOT, hard require PR_SET_NO_NEW_PRIVSColin Walters2015-08-252-18/+7
* TODO: Want seccompColin Walters2015-08-181-0/+1
* README: Various updatesColin Walters2015-06-051-13/+35
* Bump up bind mount limit to 1024baserock/larswirzenius/update-to-masterColin Walters2013-09-241-1/+11
* Release 2013.1v2013.1Colin Walters2013-02-241-1/+1
* [SECURITY] Use fsuid to lookup bind mount paths and chroot targetColin Walters2013-02-241-3/+28
* [SECURITY] Invoke chdir() after we've switched uid, not beforeColin Walters2013-02-241-3/+3
* build: use AC_SYS_LARGEFILEColin Walters2013-02-241-0/+2
* Only MS_MOVE the root to / if the root isn't already /Colin Walters2013-01-101-4/+8
* Use MS_MOVE of / rather than chroot()Colin Walters2012-12-301-3/+12
* Release 2012.2v2012.2Colin Walters2012-08-101-1/+1
* Exit immediately if clone() failsColin Walters2012-08-101-1/+1
* Make use of PR_SET_NO_NEW_PRIVS if availableColin Walters2012-08-101-10/+20
* Release 2012.1v2012.1Colin Walters2012-04-243-1/+10
* Add --help and --version argumentsColin Walters2012-04-241-1/+13
* README: ImproveColin Walters2012-04-241-10/+33
* Add manual pageLars Wirzenius2012-04-246-38/+113
* autogen: remove dependency on whichRichard Maw2012-04-181-3/+2
* Release v3v3Colin Walters2012-03-131-1/+1
* newnet: Improve docs some moreColin Walters2012-03-132-1/+14
* newnet: Use correct argv for childColin Walters2012-03-131-1/+1
* docs: Add README.newnet, tweak README a bitColin Walters2012-03-133-1/+39
* linux-user-chroot-newnet: New optional helper programColin Walters2012-03-133-0/+142
* Release 2v2Colin Walters2012-02-201-1/+1
* build: Allow being built if linux/securebits.h isn't availableColin Walters2012-02-202-1/+10
* Version 1v1Colin Walters2012-02-201-1/+1
* README: New fileColin Walters2012-02-201-0/+69
* Allow being run as rootColin Walters2012-01-221-2/+0
* Search $PATH when executingColin Walters2012-01-181-1/+1
* Add a --chdir argumentColin Walters2012-01-181-2/+11
* Remove duplicate docbook rulesColin Walters2012-01-161-40/+2
* Split this binary out from ostreeColin Walters2012-01-0610-0/+949
View Lorry Controller Status