token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
84 Commits 69 Branches 314 Tags
0.2.12
Commit Graph

58 Commits

Author SHA1 Message Date
Michael Vogt
ce4c3f414e merged lp:~mvo/ubuntu-core-launcher/only-enable-device-cgroup-if-has-entries 2015-04-22 15:00:38 +02:00
Michael Vogt
ff4988eceb only setup device cgroup if there is a matching udev device 2015-04-22 11:32:48 +02:00
Tyler Hicks
37dba02bde Ensure that each seccomp filter line is entirely read 2015-04-21 19:44:52 -05:00
Tyler Hicks
5e3fdc24cd Buffered I/O must be flushed to be sure that the write was successful 2015-04-21 18:22:13 -05:00
Michael Vogt
6fc1156c67 src/main.c: document why we do not do setgroups() 2015-04-21 17:42:26 +02:00
Michael Vogt
3ab38515fc src/seccomp.c: clarify why its ok to ignore syscall_nr == __NR_SCMP_ERROR errors 2015-04-21 17:39:38 +02:00
Michael Vogt
9da5d5cd15 add path validation 2015-04-21 16:25:06 +02:00
Michael Vogt
4e8bc2e66f Do not drop suplementary groups, they are important for docker 
and similar, mkay
 2015-04-21 13:25:16 +02:00
Michael Vogt
33d9fcc3ec fix off-by-one error 2015-04-21 13:12:16 +02:00
Michael Vogt
301a9aef73 src/main.c: remove () 2015-04-21 09:46:52 +02:00
Michael Vogt
4cb45f3f79 src/main.c: simplify execv() call 2015-04-21 09:44:52 +02:00
Michael Vogt
ffd19a9bd4 fix TOCTOU issue in mkdir of the cgroups 2015-04-21 09:30:36 +02:00
Michael Vogt
01a04e4c6c drop PR_SET_NO_NEW_PRIVS as it will break anything that needs to do a apparmor profile transition (like docker) 2015-04-21 09:27:41 +02:00
Michael Vogt
fde49562e5 improve snprintf() error checking and move into a helper must_snprintf() 2015-04-21 09:26:11 +02:00
Michael Vogt
a0b4612c51 src/main.c: simplify and call setgroups() 2015-04-21 09:15:37 +02:00
Michael Vogt
0dab8dd331 revert r25 and make missing seccomp profiles fatal again 2015-04-21 09:13:19 +02:00
Michael Vogt
6f159172fb src/main.c: always do aa_change_onexec but do not fail hard profile is missing and we run inside our tests 2015-04-21 09:09:55 +02:00
Michael Vogt
01ee2c60d3 add missing appname input filtering (thanks to Tyler Hicks) 2015-04-21 08:59:57 +02:00
Michael Vogt
1495066f64 remove overlay.{c,h} - its unused right now 2015-04-20 22:35:53 +02:00
Michael Vogt
22b42ac1bc remove rootdir as first argument as its redundant currently 
(the service/binary-wrapper will CD there and setup the
environment)
 2015-04-20 14:38:18 +02:00
Michael Vogt
107543800b * add support for the snappy hwassign feature from the oem snap 
* continue in the launcher even if seccomp rules can not be
  applied, to allow testing the new snappy hwassign feature
 2015-04-20 10:25:55 +02:00
Michael Vogt
02e7d1cf0c fix privs dropping check 2015-04-19 08:58:02 +02:00
Michael Vogt
d6633a42c3 merged lp:~pitti/ubuntu-core-launcher/device-cgroup-fixes 2015-04-19 08:51:12 +02:00
Michael Vogt
7663e2f856 make it (hopefully) work 2015-04-18 21:54:46 +02:00
Martin Pitt
6989c53a4d Fix udev enumeration traversal 
This is just a simple list, not a dictionary, so we need to get the name. Also
don't print the struct pointer as string in the error message.
 2015-04-18 20:18:44 +01:00