summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'baserock/larswirzenius/update-to-master' into baserock/morphbaserock/morphLars Wirzenius2013-09-2410-71/+249
|\ | | | | | | | | Reviewed-by: Jonathan Maw Reviewed-by: Daniel Silverstone
| * Bump up bind mount limit to 1024baserock/larswirzenius/update-to-masterColin Walters2013-09-241-1/+11
| | | | | | | | | | | | | | | | The Baserock people were hitting up against the limit of 50, which as the newly added comment says isn't really effective against DoS anyways, so let's just bump it up significantly. Tested-by: Lars Wirzenius <lars.wirzenius@codethink.co.uk>
| * Release 2013.1v2013.1Colin Walters2013-02-241-1/+1
| |
| * [SECURITY] Use fsuid to lookup bind mount paths and chroot targetColin Walters2013-02-241-3/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherise, the user can access otherwise inaccessible directories like this: $ linux-user-chroot --mount-bind /root/.virsh ~/mnt / /bin/sh Also, we should check the accessibility of the chroot target; this is much harder to exploit because you'd need an executable inside the chroot that can be run. Reported-by: Marc Deslauriers <marc.deslauriers@canonical.com> Reported-by: Ryan Lortie <desrt@desrt.ca> Reviewed-by: Marc Deslauriers <marc.deslauriers@canonical.com> Signed-off-by: Colin Walters <walters@verbum.org>
| * [SECURITY] Invoke chdir() after we've switched uid, not beforeColin Walters2013-02-241-3/+3
| | | | | | | | | | | | | | | | | | Otherwise, the user can access otherwise inaccessible directories like: $ linux-user-chroot --chdir /root/.virsh / /bin/sh Reported-by: Ryan Lortie <desrt@desrt.ca> Reported-by: Marc Deslauriers <marc.deslauriers@canonical.com>
| * build: use AC_SYS_LARGEFILEColin Walters2013-02-241-0/+2
| | | | | | | | So we will do the right thing on 32 bit.
| * Only MS_MOVE the root to / if the root isn't already /Colin Walters2013-01-101-4/+8
| | | | | | | | Otherwise the MS_MOVE call aborts.
| * Use MS_MOVE of / rather than chroot()Colin Walters2012-12-301-3/+12
| | | | | | | | | | | | | | | | chroot() breaks some tools that expect / to be an actual mount point. Doing namespace manipulation is cleaner than chroot(). See http://lists.freedesktop.org/archives/systemd-devel/2012-September/006703.html "[systemd-devel] OSTree mount integration"
| * Release 2012.2v2012.2Colin Walters2012-08-101-1/+1
| |
| * Exit immediately if clone() failsColin Walters2012-08-101-1/+1
| | | | | | | | This happens when run recursively.
| * Make use of PR_SET_NO_NEW_PRIVS if availableColin Walters2012-08-101-10/+20
| | | | | | | | | | | | | | | | | | This flag is exactly what we want for this tool (it's what I thought SECBIT_NOROOT did). See the linked discussion from here: http://lwn.net/Articles/504879/
| * Release 2012.1v2012.1Colin Walters2012-04-243-1/+10
| |
| * Add --help and --version argumentsColin Walters2012-04-241-1/+13
| |
| * README: ImproveColin Walters2012-04-241-10/+33
| |
| * Add manual pageLars Wirzenius2012-04-246-38/+113
| | | | | | | | | | | | | | Commit message and build rules written by Colin Walters <walters@verbum.org>. Reviewed-by: Colin Walters <walters@verbum.org>
| * autogen: remove dependency on whichRichard Maw2012-04-181-3/+2
|/ | | | Signed-off-by: Colin Walters <walters@verbum.org>
* Release v3v3Colin Walters2012-03-131-1/+1
|
* newnet: Improve docs some moreColin Walters2012-03-132-1/+14
| | | | Suggested by Owen Taylor <otaylor@redhat.com>
* newnet: Use correct argv for childColin Walters2012-03-131-1/+1
|
* docs: Add README.newnet, tweak README a bitColin Walters2012-03-133-1/+39
|
* linux-user-chroot-newnet: New optional helper programColin Walters2012-03-133-0/+142
| | | | | | | Some versions of the Linux kernel require large (order 4) contiguous allocations per network namespace. This optional helper program is a workaround for that; one can create the empty network namespace just once.
* Release 2v2Colin Walters2012-02-201-1/+1
|
* build: Allow being built if linux/securebits.h isn't availableColin Walters2012-02-202-1/+10
| | | | | | | | | For some reason the RHEL6 kernel-headers package doesn't have it. Let's just follow for now the cargo culting of "define defines ourself if not available" that various kernel-tied utilities have because various buildsystems are too shitty to make it easy to install newer kernel headers even if you're running an old kernel.
* Version 1v1Colin Walters2012-02-201-1/+1
|
* README: New fileColin Walters2012-02-201-0/+69
|
* Allow being run as rootColin Walters2012-01-221-2/+0
| | | | | | It was just an extra check to be sure we would be switching back to the right uid, but there's no reason not to allow executing this program as root.
* Search $PATH when executingColin Walters2012-01-181-1/+1
| | | | Just more convenient, and there's no reason not to.
* Add a --chdir argumentColin Walters2012-01-181-2/+11
| | | | This is convenient for when we just want e.g. --unshare-net.
* Remove duplicate docbook rulesColin Walters2012-01-161-40/+2
|
* Split this binary out from ostreeColin Walters2012-01-0610-0/+949
View Lorry Controller Status