| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Handle userns isolation and dropping root at the same time | David Gibson | 2022-09-13 | 1 | -1/+2 |
| * | Move self-isolation code into a separate file | David Gibson | 2022-09-13 | 1 | -112/+1 |
| * | Don't unnecessarily avoid CLOEXEC flags2022_08_24.60ffc5b | David Gibson | 2022-08-24 | 1 | -4/+2 |
| * | Make substructures for IPv4 and IPv6 specific context information | David Gibson | 2022-07-30 | 1 | -1/+1 |
| * | Separate IPv4 and IPv6 configuration | David Gibson | 2022-07-30 | 1 | -2/+2 |
| * | passt: Truncate PID file on open() | Stefano Brivio | 2022-07-22 | 1 | -1/+1 |
| * | passt: Allow exit_group() system call in seccomp profiles | Stefano Brivio | 2022-07-14 | 1 | -0/+2 |
| * | arch, passt: Use executable link to form AVX2 binary path | Stefano Brivio | 2022-07-14 | 1 | -3/+6 |
| * | conf: Add --runas option, changing to given UID and GID if started as root | Stefano Brivio | 2022-05-19 | 1 | -46/+0 |
| * | conf, tcp, udp: Allow address specification for forwarded ports | Stefano Brivio | 2022-05-01 | 1 | -11/+11 |
| * | passt: Improper use of negative value (CWE-394) | Stefano Brivio | 2022-04-07 | 1 | -5/+14 |
| * | passt: Ignoring number of bytes read, CWE-252 | Stefano Brivio | 2022-04-05 | 1 | -2/+3 |
| * | passt: Accurate error reporting for sandbox() | Stefano Brivio | 2022-03-29 | 1 | -10/+26 |
| * | treewide: Fix android-cloexec-* clang-tidy warnings, re-enable checks | Stefano Brivio | 2022-03-29 | 1 | -4/+5 |
| * | treewide: Mark constant references as const | Stefano Brivio | 2022-03-29 | 1 | -7/+7 |
| * | tcp_splice: Close sockets right away on high number of open files | Stefano Brivio | 2022-03-29 | 1 | -1/+1 |
| * | tcp: Rework timers to use timerfd instead of periodic bitmap scan | Stefano Brivio | 2022-03-29 | 1 | -4/+8 |
| * | tcp: Refactor to use events instead of states, split out spliced implementation | Stefano Brivio | 2022-03-28 | 1 | -2/+2 |
| * | conf, util, tap: Implement --trace option for extra verbose logging | Stefano Brivio | 2022-03-25 | 1 | -1/+2 |
| * | passt, pasta: Run-time selection of AVX2 build | Stefano Brivio | 2022-02-28 | 1 | -0/+3 |
| * | seccomp: Adjust list of allowed syscalls for armv6l, armv7l | Stefano Brivio | 2022-02-26 | 1 | -3/+5 |
| * | passt: Don't warn on failed madvise() | Stefano Brivio | 2022-02-26 | 1 | -2/+1 |
| * | passt: Explicitly check return value of chdir() | Stefano Brivio | 2022-02-25 | 1 | -1/+3 |
| * | passt: Drop PASST_LEGACY_NO_OPTIONS sections | Stefano Brivio | 2022-02-22 | 1 | -2/+0 |
| * | pasta: By default, quit if filesystem-bound net namespace goes away | Stefano Brivio | 2022-02-21 | 1 | -1/+6 |
| * | Makefile, conf, passt: Drop passt4netns references, explicit argc check | Stefano Brivio | 2022-02-21 | 1 | -2/+7 |
| * | passt: Make process not dumpable after sandboxing | Stefano Brivio | 2022-02-21 | 1 | -0/+2 |
| * | passt, pasta: Namespace-based sandboxing, defer seccomp policy application | Stefano Brivio | 2022-02-21 | 1 | -47/+79 |
| * | passt, tap: Daemonise once socket is ready without waiting for connection | Stefano Brivio | 2022-01-28 | 1 | -2/+4 |
| * | seccomp: Add a number of alternate and per-arch syscalls | Stefano Brivio | 2022-01-26 | 1 | -5/+9 |
| * | Makefile, seccomp: Fix build for i386, ppc64, ppc64le | Stefano Brivio | 2022-01-26 | 1 | -1/+1 |
| * | passt: Drop <linux/ipv6.h> include, carry own ipv6hdr and opt_hdr definitions | Stefano Brivio | 2022-01-26 | 1 | -1/+0 |
| * | seccomp: Add newfstatat to list of allowed syscalls | Stefano Brivio | 2021-10-21 | 1 | -1/+1 |
| * | passt: Fork into background also if not running from a terminal | Stefano Brivio | 2021-10-21 | 1 | -1/+1 |
| * | passt: Add cppcheck target, test, and address resulting warnings | Stefano Brivio | 2021-10-21 | 1 | -3/+1 |
| * | passt: Fix build with gcc 7, use std=c99, enable some more Clang checkers | Stefano Brivio | 2021-10-21 | 1 | -18/+15 |
| * | passt: Address gcc 11 warnings | Stefano Brivio | 2021-10-20 | 1 | -4/+9 |
| * | passt: Include linux/seccomp.h and linux/audit.h instead of seccomp.h | Stefano Brivio | 2021-10-19 | 1 | -1/+2 |
| * | passt: Add clock_gettime to list of allowed syscalls | Stefano Brivio | 2021-10-16 | 1 | -0/+1 |
| * | passt: Static builds: don't redefine __vsyslog(), skip getpwnam() and initgro... | Stefano Brivio | 2021-10-16 | 1 | -5/+10 |
| * | passt: Check if a PID file was actually requested before creating it | Stefano Brivio | 2021-10-15 | 1 | -1/+1 |
| * | passt: Don't refuse to run if UID is 0 in non-init namespace | Stefano Brivio | 2021-10-14 | 1 | -1/+14 |
| * | conf: Add -P, --pid, to specify a file where own PID is written to | Stefano Brivio | 2021-10-14 | 1 | -1/+24 |
| * | passt: Warn if we're running as root, abort if we can't change to nobody:nobody | Stefano Brivio | 2021-10-14 | 1 | -0/+29 |
| * | passt: Drop all capabilities that we might have, except for CAP_NET_BIND_SERVICE | Stefano Brivio | 2021-10-14 | 1 | -0/+18 |
| * | passt, pasta: Completely avoid dynamic memory allocation | Stefano Brivio | 2021-10-14 | 1 | -8/+8 |
| * | passt, pasta: Add seccomp support | Stefano Brivio | 2021-10-14 | 1 | -0/+36 |
| * | conf, tap: Split netlink and pasta functions, allow interface configuration | Stefano Brivio | 2021-10-14 | 1 | -181/+2 |
| * | pasta: Add second waitid() in pasta_child_handler() | Stefano Brivio | 2021-10-07 | 1 | -0/+1 |
| * | pasta: Allow specifying paths and names of namespaces | Giuseppe Scrivano | 2021-10-07 | 1 | -20/+39 |
