| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: nsjail | Distribution: openSUSE Tumbleweed |
| Version: 3.4+git14.b740dcf | Vendor: openSUSE |
| Release: 1.2 | Build date: Mon Feb 5 13:25:41 2024 |
| Group: System/GUI/Other | Build host: reproducible |
| Size: 897560 | Source RPM: nsjail-3.4+git14.b740dcf-1.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://nsjail.com | |
| Summary: A light-weight process isolation tool | |
A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
Apache-2.0
* Mon Feb 05 2024 wolfgang.frisch@suse.com
- Update to version 3.4+git14.b740dcf:
* Improved cgroups2 support
* Improved cgroups2 + docker interoperability
* New configs: hexchat, telegram
* Better support for clone3
* New signals displayed: SIGPWR
* Support for nvim+.clangd
* Improved .clang-format rules
* Print help to stdout if -h | --help was used
* Wed Aug 23 2023 wolfgang.frisch@suse.com
- Fixed Tumbleweed build error caused by an incompatible libprotobuf.
- Update to version 3.3+git14.8308b91:
* subproc: mark cloneFunc as [[noreturn]]
* subproc: support CLONE_CLEAR_SIGHAND
* subproc: display additional clone3 flags
* configs/: formatting
* configs/telegram: telegram is 64 bit only
* configs/telegram: a new config for the telegram-desktop
* formatting fix
* Better output formatting for --help
* cgroup2.cc: improve note about using Docker
* logs: respect getenv(NO_COLOR)
* configs/hexchat: new config based on xchat
* Mount read-only directly if mounting rw fails
* Fri Jan 06 2023 Andrea Manzini <andrea.manzini@suse.com>
- drop obscpio file upon request
* Thu Jan 05 2023 andrea.manzini@suse.com
- Update to version 3.3+git1.5b48117:
* configs/xchat: mount whole /tmp/.X11-unix
* Setup cgroup.subtree_control controllers when necessary in cgroupsv2
* Unset LDFLAGS for kafel
* config/xchat: move original .xchat2 config dir to .config/
* Update kafel
* configs/bash: remove tmpfs mount over /dev as it makes /dev/null non-writeable
* configs/firefox-with-net-wayland: x11 socket is not needed here
* nsjail: use atomic in sighandlers
* configs/xchat-with-net: use 8.8.8.8 in resolv.conf unconditionally
* cpu: more debug messaging
* mnt: quote paths in log messages
* Switch C++ standard to C++14 - it'll allow to use new features, like std::quoted
* mnt: remove unnecessary quote in a debug message
* cpu/subproc: better debugging strings
* cpu: even better LOG_Ds
* cpu: Add more debugging messages
* Make logs more efficient by avoiding argument evaluation for LOG* if it's not needed at the current level
* When setting CPU affinity, take into consideration the current CPU affinity set. Use only CPU numbers, which exist in the current affinity set. Maybe fixes https://github.com/google/nsjail/issues/200
* subproc: Allow killing subprocesses with different signal
* Add `disable_tsc` option
* Wed Jan 05 2022 jsegitz@suse.com
- Changed version string to 3.0+git72.dccf911 and adjusted
service file. The previous version scheme results in version
strings that are "lower" that e.g. 3.0.
* Wed Jan 05 2022 william.brown@suse.com
- Update to version 3.0~git72.dccf911:
* log: use TEMP_FAILURE_RETRY instead of fallback to dprintf
* make indent
* Fix compile using `FROM ubuntu:20.04`
* cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max
* cgroup2: support cgroup_mem_memsw_max
* fix mem clean in finishFromParent
* Fix whitespace in kafel
* Fix build
* Update kafel for RISC-V support
* Add support for setting cgroup memory.memsw.limit_in_bytes
* Allow mount options to contain colons.
* macros: make NS_VALSTR_STRUCT accept unsigned/64-bit vals
* configs/firefox-with-net-wayland.cfg: retain original WAYLAND_DISPLAY value
* The default rlimit_as value is 4096, not 512.
* configs: firefox+wayland example
* config.proto: renumerate fields
* configs/imagemagick: alternative file conversion command
* Fix duplicate field number
* Fix formatting
* Update kafel - x86 build fixes
* cgroup: write period before quota
* rtprio, msgqueue - defaulting to 'soft'
* Renaming use_switchroot option with no_pivotroot
* Consistentency with RLIMIT_* constant name
* Adding a warning when switchroot is used
* Added rt, memlock & msgq limits
* subproc: warn about CLONE_NEWTIME and clone(), and remove notice about CLONE_NEWCGROUP as the kernel versions should be now new enough for its support
* subproc: debug log for unshare()
* Merge branch '_test_switchroot_alternative'
* No Yoda
* cmdline: clone_newcgroup -> true by default; clone_newtime should be false
* Comment fix
* Added use_switchroot option
* make indent
* MACVLAN modes support
* Enable support for clone3() and for CLONE_NEWTIME
* Fixed macro in subproc.cc
* Initial support for CLONE_NEWTIME
* Update kafel to include bugfixes
* configs/ - add comments to config files using #
* Bump kafel
* Yet another bugfix Kafel version bump
* update kafel again to include a bugfix.
* Update kafel
* Fix default value of cgroup_cpu_mount in README
* Fix typo in command line description
* net: add support for max_conns
* subproc: refer users to dmesg in case si_syscall==31 (SIGSYS)
* Fix build
* Add new capabilities, ignore unsupported caps for bounding set
* nsjail: don't add connections to the proxy map if launching a new process failed
* subproc: kill a process once in the -Ml mode once the TCP connection has ended
* make indent
* remove build dependency on which
* Makefile: compile kafel with -fPIE (maybe fixes #149)
* Fix compilation errors on old gcc (5.4.0)
* config.proto: make indent
* config.proto: renumerate config fields
* Wed Jan 05 2022 william.brown@suse.com
- Add _service file to allow updating directly from git
* Tue Jul 28 2020 Paolo Stivanin <info@paolostivanin.com>
- Update to 3.0:
* the TCP proxy mode is a socketpair proxy now
* fixes for some configs/ (e.g. for xchat and for znc)
* new clone option recognized (CLONE_NEWPID)
* fixed max_conns_per_ip
* clarification of units for cgroups_mem_max
- Remove remove_werror.patch
* Thu Jun 18 2020 Johannes Segitz <jsegitz@suse.com>
- Add remove_werror.patch to prevent build errors due to deprecation
warnings. I expect this can be removed with 3.0
* Mon Feb 03 2020 Johannes Segitz <jsegitz@suse.de>
- Update to version 2.9. Notable changes:
* improved configs for some tools
* changed default RLIMIT_AS to 4GiB
* rudimentary support for cgroups2
* added option to ignore rlimits
* fixed setcwd() w/o CLONE_NEWNS
/etc/nsjail /etc/nsjail/apache.cfg /etc/nsjail/bash-with-fake-geteuid.cfg /etc/nsjail/demo-dont-use-chrome-with-net.cfg /etc/nsjail/firefox-with-cloned-net.cfg /etc/nsjail/firefox-with-net-wayland.cfg /etc/nsjail/firefox-with-net.cfg /etc/nsjail/hexchat-with-net.cfg /etc/nsjail/home-documents-with-xorg-no-net.cfg /etc/nsjail/imagemagick-convert.cfg /etc/nsjail/static-busybox-with-execveat.cfg /etc/nsjail/telegram.cfg /etc/nsjail/tomcat8.cfg /etc/nsjail/xchat-with-net.cfg /etc/nsjail/znc-with-net.cfg /usr/bin/nsjail /usr/share/licenses/nsjail /usr/share/licenses/nsjail/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed May 1 23:32:11 2024