1. 05 Sep, 2015 2 commits
    • Colin Walters's avatar
      TODO: Update · 1209d5e8
      Colin Walters authored
      1209d5e8
    • Colin Walters's avatar
      Add --mount-devapi option · 4b9efbfb
      Colin Walters authored
      By default, we had supported `--mount-bind /dev /dev` to get
      access to devices.  But in many cases, build systems and the
      like will want to avoid exposing host physical devices.
      
      For example, if I'm building something locally, I don't want the
      makefile etc. to be able to access `/dev/dri`.
      4b9efbfb
  2. 01 Sep, 2015 3 commits
  3. 29 Aug, 2015 1 commit
  4. 28 Aug, 2015 1 commit
    • Colin Walters's avatar
      Add seccomp and rules imported from xdg-app/Sandstorm.io · 8cee4ab7
      Colin Walters authored
      seccomp is disabled by default for backwards compatibility.
      
      This "v0" version is a basic blacklist that turns off some of the
      known historical attack surface, initially imported from xdg-app.
      
      I added a note about code sharing - we should share rules among
      container implementations.
      8cee4ab7
  5. 25 Aug, 2015 2 commits
  6. 18 Aug, 2015 1 commit
  7. 05 Jun, 2015 1 commit
  8. 24 Sep, 2013 1 commit
  9. 24 Feb, 2013 4 commits
  10. 10 Jan, 2013 1 commit
  11. 30 Dec, 2012 1 commit
  12. 10 Aug, 2012 3 commits
  13. 24 Apr, 2012 4 commits
  14. 18 Apr, 2012 1 commit
  15. 13 Mar, 2012 5 commits
  16. 20 Feb, 2012 4 commits
  17. 22 Jan, 2012 1 commit
    • Colin Walters's avatar
      Allow being run as root · 1896ef83
      Colin Walters authored
      It was just an extra check to be sure we would be switching back to
      the right uid, but there's no reason not to allow executing this
      program as root.
      1896ef83
  18. 18 Jan, 2012 2 commits
  19. 16 Jan, 2012 1 commit
  20. 06 Jan, 2012 1 commit