summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #27 from CodethinkLabs/leeming/bwrap-rebase-patchHEADmasterPaul Sherwood2016-10-211-0/+37
|\ | | | | Patch for : No section: 'formatters'
| * Patch for : No section: 'formatters'leeming/bwrap-rebase-patchAndrew Leeming2016-10-211-0/+37
| | | | | | | | Config file was missing from staged files
* | Merge pull request #25 from CodethinkLabs/leeming/bwrap-rebasePaul Sherwood2016-10-2110-16/+344
|\ \ | |/ | | Rebasing bubblewrap branch with master.
| * Bubblewrap is the default for executor_for_platform()leeming/bwrap-rebaseAndrew Leeming2016-10-214-24/+40
| | | | | | | | | | | | | | | | Previously executor_for_platform() would select linux-user-chroot if availble. New behaviour is to look for bubblewrap first, then linux-user-chroot, else falling back to chroot. To support this, a generic 'get_program()' function was added to both bubblewrap.py and linux_user_chroot.py for interfacing.
| * Rebasing bubblewrap branch with master.Andrew Leeming2016-10-138-5/+317
| | | | | | | | | | Adds in support for the bubblewrap sandbox. Comes with a logger that logs both to stdout (WARN or higher) and to a log file (everything)
* | Merge pull request #24 from CodethinkLabs/tiagogomes/unit-test-fixesAndrew Leeming2016-10-066-39/+129
|\ \ | |/ | | Tiagogomes/unit test fixes
| * Add a couple more teststiagogomes/unit-test-fixesTiago Gomes2016-10-062-7/+93
| | | | | | | | Also fix a small error detected by the new tests.
| * Avoid attempt to load string-escape with Python 3Tiago Gomes2016-10-061-5/+9
| | | | | | | | This module is not included in Python 3.
| * Change some tests to pass as non-rootTiago Gomes2016-10-061-7/+7
| | | | | | | | | | | | Change some tests to pass if they are run as non-root. The linux-user-chroot tool seems to require that the absolute location of the binary to execute in the sandbox is given if called as non-root.
| * Fix unit testsTiago Gomes2016-10-064-13/+15
| | | | | | | | | | | | | | | | | | | | | | | | - Fix missing source argument in the 'mount' command. - Add missing datapath assigment to ensure that file is created in the expected location. - Remove unnecessary extra_mounts that were causing the test files in /data to not be accessible inside the sandbox as that directory was being overlapped with a mount bind. Also, mention that the C library static libraries are required to be installed for running the tests.
| * README: Update to the xdg-app new nameTiago Gomes2016-09-301-7/+5
|/
* Merge pull request #23 from CodethinkLabs/leeming/correct-testsTiago Gomes2016-09-302-1/+3
|\ | | | | Correcting a broken test
| * Correcting a broken testleeming/correct-testsAndrew Leeming2016-09-282-1/+3
|/ | | | | | | | FILE_OR_DIRECTORY_EXISTS_TEST_PROGRAM previously fetched args[0] instead of args[1]. Program now checks the correct file when inside of the sandbox. Added in a simple .gitignore
* README.rst: Add Minijail to list of related projectsSam Thursfield2016-09-151-0/+10
|
* Merge pull request #21 from CodethinkLabs/leeming/root-logger-fixPaul Sherwood2016-08-233-3/+3
|\ | | | | Fixed a minor bug where root logger is used instead of a named 'sandb…
| * Fixed a minor bug with root loggerleeming/root-logger-fixAndrew Leeming2016-08-233-3/+3
|/ | | | If the root logger is used instead of a named 'sandboxlib' logger. This causes potential issues for 3rd party tools using this library
* Merge pull request #20 from gtristan/ensure-loaded-moduleSam Thursfield2016-06-131-0/+9
|\ | | | | Issue 19 and 17: Awful hack to ensure string-escape is loaded
| * Issue 19 and 17: Awful hack to ensure string-escape is loadedTristan Van Berkom2016-06-131-0/+9
|/ | | | | | | This hack ensures that when propagating an exception back from the child process in a chroot, the required string-escape python module is already in memory and no attempt to lazy load it in the chroot is made.
* Merge pull request #18 from gtristan/chroot-exception-propagationSam Thursfield2016-06-111-6/+6
|\ | | | | Propagate child process traceback from chroot process.
| * Propagate child process traceback from chroot process.Tristan Van Berkom2016-06-111-6/+6
|/ | | | | | | Without propagating the traceback for the child, issues such as the following become near impossible to diagnose: https://github.com/devcurmudgeon/ybd/issues/224
* README: fix reStructuredTest0.3.2Sam Thursfield2016-04-011-1/+1
|
* README: link to Awesome Linux Containers, move 'further reading' sectionSam Thursfield2016-04-011-8/+10
|
* README: Add userchroot toolSam Thursfield2016-04-011-0/+7
|
* README: Link to more thingsSam Thursfield2016-02-201-0/+22
|
* README: Discuss Garden linux backendSam Thursfield2016-01-261-0/+4
|
* README: Add a link to GardenSam Thursfield2016-01-261-0/+10
|
* Update README to link to FirejailSam Thursfield2016-01-201-0/+2
| | | | | It looks like a pretty useful sandboxing tool, with more momentum than linux-user-chroot.
* Merge pull request #14 from fishface60/mount-more-flexibilitySam Thursfield2015-11-252-3/+22
|\ | | | | Mount more flexibility
| * sandboxlib.chroot: Don't attempt to unmount remount mountsRichard Maw2015-11-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | The mount operation is overloaded to also remount to change flags. This does not result in a new mount, so unmounting it is the wrong thing to do in this case. For now, we assume that we're modifying a mount we created earlier, so we can just avoid unmounting when we remount, rather than having to determine how to reverse the changing of flags.
| * sandboxlib.linux_user_chroot: Allow manually specified read-only mountsRichard Maw2015-11-211-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | You can't create a bind-mount as read-only, you can only bind-mount then remount it as read-only. So a sandboxlib user might opt to say it wants to bind something in, then make it read-only, as two separate extra mounts. We can't do this directly with linux-user-chroot, as we are restricted to bind-mounts and making a subtree read-only, but making a subtree read-only is close enough.
| * sandboxlib.chroot: Make mount commands nicerRichard Maw2015-11-211-2/+12
|/ | | | | | It's more natural to not pass -t when bind-mounting, to not pass -o when no options are required, and to not pass the source path when remounting.
* Fix another typo in HACKING.rstSam Thursfield2015-09-141-1/+1
|
* Fix formatting mistakes in HACKING.rstSam Thursfield2015-09-141-1/+3
|
* Add PySpaces to READMESam Thursfield2015-07-211-0/+8
|
* README: Fix nonsense, add linksSam Thursfield2015-07-031-2/+5
|
* README: Add notes on runC and Warden container runtimesSam Thursfield2015-07-031-0/+25
|
* chroot: Capture output of mount/unmount commands0.3.1Sam Thursfield2015-06-171-2/+4
| | | | | This fixes a crash if the command fails, because we would try to decode 'err' but it would be None because output was not being captured.
* Validate extra_mounts a bit more thoroughlySam Thursfield2015-06-171-10/+17
| | | | | | I thought that a typeerror was causing a crash in YBD, but realised it was something else. This commit should still be an improvement, though.
* chroot: Change directory to '/' after calling os.chroot()Sam Thursfield2015-06-171-0/+3
| | | | | | | This fixes https://github.com/CodethinkLabs/sandboxlib/issues/6 where passing a relative path for 'cwd' caused an error. I had assumed that os.chroot() reset the current working directory itself, since the `chroot` program does, but apparently not.
* Allow overriding backend autodetection with SANDBOXLIB_BACKEND variableSam Thursfield2015-06-172-18/+42
| | | | This fixes https://github.com/CodethinkLabs/sandboxlib/issues/3
* linux_user_chroot: Sort --mount-readonly directoriesSam Thursfield2015-06-101-1/+3
| | | | | This should have no effect on behaviour, but makes things slightly more predictable.
* linux_user_chroot: Correct docstringSam Thursfield2015-06-091-5/+1
| | | | The `unshare` and `mount` commands are no longer needed.
* Fix mistake in CAPABILITIES dictsSam Thursfield2015-06-092-2/+2
|
* README: Fix up the markupSam Thursfield2015-06-091-4/+4
|
* Update READMESam Thursfield2015-06-091-6/+68
|
* Fix numbering in HACKING.rstSam Thursfield2015-06-091-2/+2
|
* Merge branch '0.3.0'0.3.0Sam Thursfield2015-06-095-64/+100
|\
| * Fix some mistakes in chroot backendSam Thursfield2015-06-091-4/+5
| |
| * Add some more tests0.3.0Sam Thursfield2015-06-091-1/+33
| |
| * Validate parameters using CAPABILITIES dict, instead of manuallySam Thursfield2015-06-092-12/+11
| |
View Lorry Controller Status