summaryrefslogtreecommitdiff
path: root/run-sandbox
Commit message (Collapse)AuthorAgeFilesLines
* Add the ability to isolate the sandbox from the network, or notSam Thursfield2015-05-221-1/+6
| | | | | | | | | | | | | Note that *sharing* the network is a different thing to *choosing not to isolate* the network. The former implies networking will actually work correctly, while the latter only implies that we didn't deliberately break it. So the default network behaviour is 'undefined'. The different backends have different capabilities, so I added a maximum_possible_isolation() method to return whatever is the most isolated configuration that a backend is capable of. I called this function maximum_security() initially, but it doesn't actually guarantee any kind of security at all so that wasn't a good name.
* run-sandbox: Small compliance improvement for App Container imagesSam Thursfield2015-05-221-0/+2
| | | | | | | | Set the AC_APP_NAME environment variable. We fail to set AC_METADATA_URL, and since it's totally out of scope for 'sandboxlib' to provide a metadata sharing service, will continue to do so.
* Honour environment variables defined in App Container imagesSam Thursfield2015-05-221-3/+7
|
* Add 'cwd' option to run_sandbox() functions.Sam Thursfield2015-05-221-1/+7
| | | | Also, set it correctly when running an App Container image.
* Add linux-user-chroot backend, run-sandbox script, 'appc' loaderSam Thursfield2015-05-221-0/+92
This library is now enough to run a very simple App Container image, using either 'chroot' or 'linux-user-chroot'.
View Lorry Controller Status