1. 06 Sep, 2015 4 commits
  2. 05 Sep, 2015 2 commits
    • Colin Walters's avatar
      TODO: Update · 1209d5e8
      Colin Walters authored
      1209d5e8
    • Colin Walters's avatar
      Add --mount-devapi option · 4b9efbfb
      Colin Walters authored
      By default, we had supported `--mount-bind /dev /dev` to get
      access to devices.  But in many cases, build systems and the
      like will want to avoid exposing host physical devices.
      
      For example, if I'm building something locally, I don't want the
      makefile etc. to be able to access `/dev/dri`.
      4b9efbfb
  3. 01 Sep, 2015 3 commits
  4. 29 Aug, 2015 1 commit
  5. 28 Aug, 2015 1 commit
    • Colin Walters's avatar
      Add seccomp and rules imported from xdg-app/Sandstorm.io · 8cee4ab7
      Colin Walters authored
      seccomp is disabled by default for backwards compatibility.
      
      This "v0" version is a basic blacklist that turns off some of the
      known historical attack surface, initially imported from xdg-app.
      
      I added a note about code sharing - we should share rules among
      container implementations.
      8cee4ab7
  6. 25 Aug, 2015 2 commits
  7. 18 Aug, 2015 1 commit
  8. 05 Jun, 2015 1 commit
  9. 24 Sep, 2013 1 commit
  10. 24 Feb, 2013 4 commits
  11. 10 Jan, 2013 1 commit
  12. 30 Dec, 2012 1 commit
  13. 10 Aug, 2012 3 commits
  14. 24 Apr, 2012 4 commits
  15. 18 Apr, 2012 1 commit
  16. 13 Mar, 2012 5 commits
  17. 20 Feb, 2012 4 commits
  18. 22 Jan, 2012 1 commit
    • Colin Walters's avatar
      Allow being run as root · 1896ef83
      Colin Walters authored
      It was just an extra check to be sure we would be switching back to
      the right uid, but there's no reason not to allow executing this
      program as root.
      1896ef83