| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Build with protobuf21 on Leap 15 if the version is greater than 15.3, protobuf25 has added to SLE15 since SP4 update (bsc#1222929)
- Update to version 3.4+git14.b740dcf: * Improved cgroups2 support * Improved cgroups2 + docker interoperability * New configs: hexchat, telegram * Better support for clone3 * New signals displayed: SIGPWR * Support for nvim+.clangd * Improved .clang-format rules * Print help to stdout if -h | --help was used
- Fixed Tumbleweed build error caused by an incompatible libprotobuf. - Update to version 3.3+git14.8308b91: * subproc: mark cloneFunc as [[noreturn]] * subproc: support CLONE_CLEAR_SIGHAND * subproc: display additional clone3 flags * configs/: formatting * configs/telegram: telegram is 64 bit only * configs/telegram: a new config for the telegram-desktop * formatting fix * Better output formatting for --help * cgroup2.cc: improve note about using Docker * logs: respect getenv(NO_COLOR) * configs/hexchat: new config based on xchat * Mount read-only directly if mounting rw fails
- drop obscpio file upon request
- Update to version 3.3+git1.5b48117: * configs/xchat: mount whole /tmp/.X11-unix * Setup cgroup.subtree_control controllers when necessary in cgroupsv2 * Unset LDFLAGS for kafel * config/xchat: move original .xchat2 config dir to .config/ * Update kafel * configs/bash: remove tmpfs mount over /dev as it makes /dev/null non-writeable * configs/firefox-with-net-wayland: x11 socket is not needed here * nsjail: use atomic in sighandlers * configs/xchat-with-net: use 8.8.8.8 in resolv.conf unconditionally * cpu: more debug messaging * mnt: quote paths in log messages * Switch C++ standard to C++14 - it'll allow to use new features, like std::quoted * mnt: remove unnecessary quote in a debug message * cpu/subproc: better debugging strings * cpu: even better LOG_Ds * cpu: Add more debugging messages * Make logs more efficient by avoiding argument evaluation for LOG* if it's not needed at the current level * When setting CPU affinity, take into consideration the current CPU affinity set. Use only CPU numbers, which exist in the current affinity set. Maybe fixes https://github.com/google/nsjail/issues/200 * subproc: Allow killing subprocesses with different signal * Add `disable_tsc` option
- Changed version string to 3.0+git72.dccf911 and adjusted service file. The previous version scheme results in version strings that are "lower" that e.g. 3.0.
- Update to version 3.0~git72.dccf911: * log: use TEMP_FAILURE_RETRY instead of fallback to dprintf * make indent * Fix compile using `FROM ubuntu:20.04` * cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max * cgroup2: support cgroup_mem_memsw_max * fix mem clean in finishFromParent * Fix whitespace in kafel * Fix build * Update kafel for RISC-V support * Add support for setting cgroup memory.memsw.limit_in_bytes * Allow mount options to contain colons. * macros: make NS_VALSTR_STRUCT accept unsigned/64-bit vals * configs/firefox-with-net-wayland.cfg: retain original WAYLAND_DISPLAY value * The default rlimit_as value is 4096, not 512. * configs: firefox+wayland example * config.proto: renumerate fields * configs/imagemagick: alternative file conversion command * Fix duplicate field number * Fix formatting * Update kafel - x86 build fixes * cgroup: write period before quota * rtprio, msgqueue - defaulting to 'soft' * Renaming use_switchroot option with no_pivotroot * Consistentency with RLIMIT_* constant name * Adding a warning when switchroot is used * Added rt, memlock & msgq limits * subproc: warn about CLONE_NEWTIME and clone(), and remove notice about CLONE_NEWCGROUP as the kernel versions should be now new enough for its support * subproc: debug log for unshare() * Merge branch '_test_switchroot_alternative' * No Yoda * cmdline: clone_newcgroup -> true by default; clone_newtime should be false * Comment fix * Added use_switchroot option * make indent * MACVLAN modes support * Enable support for clone3() and for CLONE_NEWTIME * Fixed macro in subproc.cc * Initial support for CLONE_NEWTIME * Update kafel to include bugfixes * configs/ - add comments to config files using # * Bump kafel * Yet another bugfix Kafel version bump * update kafel again to include a bugfix. * Update kafel * Fix default value of cgroup_cpu_mount in README * Fix typo in command line description * net: add support for max_conns * subproc: refer users to dmesg in case si_syscall==31 (SIGSYS) * Fix build * Add new capabilities, ignore unsupported caps for bounding set * nsjail: don't add connections to the proxy map if launching a new process failed * subproc: kill a process once in the -Ml mode once the TCP connection has ended * make indent * remove build dependency on which * Makefile: compile kafel with -fPIE (maybe fixes #149) * Fix compilation errors on old gcc (5.4.0) * config.proto: make indent * config.proto: renumerate config fields
- Add _service file to allow updating directly from git
- Update to 3.0: * the TCP proxy mode is a socketpair proxy now * fixes for some configs/ (e.g. for xchat and for znc) * new clone option recognized (CLONE_NEWPID) * fixed max_conns_per_ip * clarification of units for cgroups_mem_max - Remove remove_werror.patch
- Add remove_werror.patch to prevent build errors due to deprecation warnings. I expect this can be removed with 3.0
- Update to version 2.9. Notable changes: * improved configs for some tools * changed default RLIMIT_AS to 4GiB * rudimentary support for cgroups2 * added option to ignore rlimits * fixed setcwd() w/o CLONE_NEWNS
- Disable lto for building nsjail. - Run spec-cleaner, install the license file.
- Fixed ExclusiveArch: to correct architecture
- Ensure build only on 64 bit machines
- Retire old $RPM_* shell vars and %__-type macro indirections.
- Update to version 2.8 * ability to specify noexec/nodev/nosuid in mounts * added --macvlan_vs_ma option * better example configs * changed behavior of --env - empty var means passing it from parent - Fixed requires for libnl3 - Removed format-truncation.patch, string handling was reworked
- Added format-truncation.patch to prevent truncation warnings
- Initial import of version 2.7