Skip to content

Releases: google/nsjail

nsjail-2.4

31 Jan 15:05
@robertswiecki robertswiecki
2.4
6e63fd4
Compare
Choose a tag to compare
nsjail-2.4
  • open kafel file in each kafel subproc individually to avoid file posiiton sharing
  • more and better examples in configs/
Assets 2
Loading

nsjail-2.3

05 Dec 14:50
@robertswiecki robertswiecki
2.3
af7bfc1
Compare
Choose a tag to compare
nsjail-2.3
  • fixed --max_conns_per_ip
  • made it compilable under OpenWRT
  • removed lingering -fblocks code
  • better config example for ImageMagick
  • fixed check for non-existent group- and user-names
Assets 2
Loading

nsjail-2.2

31 Oct 15:46
@robertswiecki robertswiecki
2.2
27c05b3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
nsjail-2.2
  • Works correctly with some archs which need aligned stack for clone (e.g. aarch64)
  • Enable CLONE_NEWCGROUP by default (can be disabled)
  • Added CTRL+\ (SIGQUIT) handler to show all connections
  • Create new dirs in /run/user/ first (instead of /tmp)
  • Unblock all signals prior to execve
  • Don't start new ns-init id CLONE_NEWPID is not requested
  • Support cgroup net_cls subsystem
  • Mount: better statvfs -> mount flags mapping
Assets 2
Loading

nsjail-2.1

19 Oct 00:17
@robertswiecki robertswiecki
2.1
00fa26f
Compare
Choose a tag to compare
nsjail-2.1
  • Works correctly with some 32bit platforms that use setres(u|g)id32
  • Supports executing binaries through execveat
  • New config example for busybox which demonstrates use of execveat
Assets 2
Loading

nsjail-2.0

16 Oct 13:21
@robertswiecki robertswiecki
2.0
64325b3
Compare
Choose a tag to compare
nsjail-2.0

Fixes a crash in <= nsjail-1.9 where a stack variable was incorrectly marked as 'static', overflowing an array after a couple hundred of executions of a single program (e.g. in -Ml and -Mr modes)

Assets 2
Loading

nsjail-1.9 [broken]

11 Oct 19:22
@robertswiecki robertswiecki
1.9
819671e
Compare
Choose a tag to compare
nsjail-1.9 [broken]

BROKEN - can crash nsjail after a couple hundred of iterations in -Ml and -Mr modes. Use version 2.0 instead.

  • Remove dependency on libcap-dev (which didn't understand newer capabilities)
  • Add /proc manipulation options (path and R/W)
  • Add hard/soft/inf options to config.proto for rlimits
  • Make it compile under uClibc
Assets 2
Loading

nsjail 1.8

27 Sep 13:40
@robertswiecki robertswiecki
1.8
88703c9
Compare
Choose a tag to compare
nsjail 1.8
  • Make Dockerfile compilable with libprotobuf (C++)
  • Fix NULL crashes if certain values were not set in the config file (e.g. hostname)
Assets 2
Loading

nsjail 1.7 [broken]

26 Sep 07:15
@robertswiecki robertswiecki
1.7
de9712b
Compare
Choose a tag to compare
nsjail 1.7 [broken]
  • BROKEN - config.proto defaults don't work correctly (might crash with NULL if e.g. hostname is not set in the config file)
  • Depends on C++ libprotobuf now (libprotobuf-c was buggy, and didn't support text-format by default)
  • nsjail exits with 255 now in case of startup errors (formerly: with 1)
  • man page (thx to John Vogel)
Assets 2
Loading

nsjail 1.6

13 Aug 11:16
@robertswiecki robertswiecki
1.6
3cb0f08
Compare
Choose a tag to compare
nsjail 1.6
  • CAP_AUDIT_READ fixes (not present in older kernel headers)
  • Fixed dockerfile
Assets 2
Loading

nsjail 1.5

07 Jul 13:07
@robertswiecki robertswiecki
1.5
9cc85ad
Compare
Choose a tag to compare
nsjail 1.5
  • New config examples (e.g. Apache httpd)
  • Capability adding --cap
  • Improved R/O remounting (missing MS_BIND flag)
  • Setting maximum number of used CPUs --max_cpus
  • Accept IPv4 in --bindhost
  • Use open()/fdopendir() instead of opendir() to set O_CLOEXEC atomically
  • Improved docker build file
Assets 2
Loading