Commit graph

12 commits

Author SHA1 Message Date
Nikolay Amiantov
230898ceb2 chrootenv-user: don't unshare user namespace if we are root 2015-12-17 14:21:06 +03:00
zimbatm
9b33ec1764 build-fhs-userenv: don't leak file descriptors
This re-uses the capabilities documented in `Process.spawn` to avoid leaking
unecessary file-descriptors to the sandbox
2015-12-10 16:01:04 +00:00
Nikolay Amiantov
5897433b31 build-fhs-userenv: add extraBindMounts support 2015-10-06 15:32:37 +03:00
Nikolay Amiantov
f1187c5b14 build-fhs-userenv: move /tmp handling to bash part 2015-08-24 02:01:00 +03:00
Nikolay Amiantov
ec27ba44d0 build-fhs-{chroot,user}env: expose sockets in /tmp 2015-08-24 01:47:19 +03:00
Nikolay Amiantov
508ef7e629 fhs-userenv: fix mkdirs 2015-04-22 17:50:41 +03:00
Nikolay Amiantov
b66be2a549 fhs-userenv: move mounts map 2015-04-22 17:50:40 +03:00
Nikolay Amiantov
97931361d7 fhs-userenv: refactor envvars and propagate SSL_CERT_FILE 2015-04-22 17:50:40 +03:00
Luca Bruno
b1adfeb23d fhs-userenv: Make it work on kernel < 3.19 cc @abbradar
It may not be very secure, but I think it's better to make it work
with older kernel since 3.19 is not the default on nixos.
2015-03-10 18:12:38 +01:00
Nikolay Amiantov
3e395b71da chroot-env: add locales, refactor environment 2015-03-09 17:29:43 +03:00
Nikolay Amiantov
4aba7639c8 chroot-env: build /etc 2015-03-09 17:29:43 +03:00
Nikolay Amiantov
4b3bb7b448 userFHSEnv: add build tool 2015-02-05 19:46:25 +03:00