1. 06 Sep, 2015 2 commits
  2. 05 Sep, 2015 1 commit
    • Colin Walters's avatar
      Add --mount-devapi option · 4b9efbfb
      Colin Walters authored
      By default, we had supported `--mount-bind /dev /dev` to get
      access to devices.  But in many cases, build systems and the
      like will want to avoid exposing host physical devices.
      
      For example, if I'm building something locally, I don't want the
      makefile etc. to be able to access `/dev/dri`.
      4b9efbfb
  3. 01 Sep, 2015 2 commits
  4. 29 Aug, 2015 1 commit
  5. 28 Aug, 2015 1 commit
    • Colin Walters's avatar
      Add seccomp and rules imported from xdg-app/Sandstorm.io · 8cee4ab7
      Colin Walters authored
      seccomp is disabled by default for backwards compatibility.
      
      This "v0" version is a basic blacklist that turns off some of the
      known historical attack surface, initially imported from xdg-app.
      
      I added a note about code sharing - we should share rules among
      container implementations.
      8cee4ab7
  6. 25 Aug, 2015 2 commits
  7. 24 Sep, 2013 1 commit
  8. 24 Feb, 2013 2 commits
  9. 10 Jan, 2013 1 commit
  10. 30 Dec, 2012 1 commit
  11. 10 Aug, 2012 2 commits
  12. 24 Apr, 2012 1 commit
  13. 13 Mar, 2012 3 commits
  14. 20 Feb, 2012 1 commit
    • Colin Walters's avatar
      build: Allow being built if linux/securebits.h isn't available · d7d79c6b
      Colin Walters authored
      For some reason the RHEL6 kernel-headers package doesn't have it.
      
      Let's just follow for now the cargo culting of "define defines ourself
      if not available" that various kernel-tied utilities have because
      various buildsystems are too shitty to make it easy to install newer
      kernel headers even if you're running an old kernel.
      d7d79c6b
  15. 22 Jan, 2012 1 commit
    • Colin Walters's avatar
      Allow being run as root · 1896ef83
      Colin Walters authored
      It was just an extra check to be sure we would be switching back to
      the right uid, but there's no reason not to allow executing this
      program as root.
      1896ef83
  16. 18 Jan, 2012 2 commits
  17. 06 Jan, 2012 1 commit