1. 05 Sep, 2015 1 commit
    • Colin Walters's avatar
      Add --mount-devapi option · 4b9efbfb
      Colin Walters authored
      By default, we had supported `--mount-bind /dev /dev` to get
      access to devices.  But in many cases, build systems and the
      like will want to avoid exposing host physical devices.
      
      For example, if I'm building something locally, I don't want the
      makefile etc. to be able to access `/dev/dri`.
      4b9efbfb
  2. 01 Sep, 2015 1 commit
    • Colin Walters's avatar
      Drop -newnet variant · add40469
      Colin Walters authored
      This was just a hack which worked around a RHEL6 kernel bug.  I no
      longer care about RHEL6; linux-user-chroot is now just RHEL7 only.
      add40469
  3. 28 Aug, 2015 1 commit
    • Colin Walters's avatar
      Add seccomp and rules imported from xdg-app/Sandstorm.io · 8cee4ab7
      Colin Walters authored
      seccomp is disabled by default for backwards compatibility.
      
      This "v0" version is a basic blacklist that turns off some of the
      known historical attack surface, initially imported from xdg-app.
      
      I added a note about code sharing - we should share rules among
      container implementations.
      8cee4ab7
  4. 24 Apr, 2012 1 commit
  5. 13 Mar, 2012 1 commit
  6. 06 Jan, 2012 1 commit