lix -

Age	Commit message (Collapse)	Author
2024-06-23	libutil: return Pid from startProcess, not pid_t	eldritch horrors
	Change-Id: Icc8a15090c77f54ea7d9220aadedcd4a19922814
2024-06-23	libutil: give Pid proper resource semantics	eldritch horrors
	copy-constructing or assigning from pid_t can easily lead to duplicate Pid instances for the same process if a pid_t was used carelessly, and Pid itself was copy-constructible. both could cause surprising results such as killing processes twice (which could become very problemantic, but luckily modern systems don't reuse PIDs all that quickly), or more than one piece of the code believing it owns a process when neither do Change-Id: Ifea7445f84200b34c1a1d0acc2cdffe0f01e20c6
2024-05-29	util.{hh,cc}: Split out namespaces.{hh,cc}	Tom Hubrecht
	Change-Id: I8fd3f3b50c15ede29d489066b4e8d99c2c4636a6
2024-05-29	util.{hh,cc}: Split out strings.{hh,cc}	Tom Hubrecht
	Change-Id: I4f642d1046d56b5db26f1b0296ee16a0e02d444a
2024-05-29	util.{hh,cc}: Split out processes.{hh,cc}	Tom Hubrecht
	Change-Id: I39280dc40ca3f7f9007bc6c898ffcf760e2238b7
2024-05-29	util.{hh,cc}: Split out file-system.{hh,cc}	Tom Hubrecht
	Change-Id: Ifa89a529e7e34e7291eca87d802d2f569cf2493e
2024-05-05	Actually try making a userns before assuming they don't work	Jade Lovelace
	If unprivileged userns are believed to be disabled (such as with "kernel.unprivileged_userns_clone = 0"), Lix would previously give up on trying to use a user namespace before actually trying it, even if, in cases such as unprivileged_userns_clone, it would actually be allowed since Nix has CAP_SYS_ADMIN when running as daemon. (see, e.g. https://github.com/archlinux/linux/commit/25d4709a4fc0e4f3b432c24b60dd508fb84f0cb2) We changed it to actually try it first, and then diagnose possible causes, and also to be more loud about the whole thing, using warnings instead of debugs. These warnings will only print on the first build run by the daemon, which is, tbh, eh, shrug. This is what led to us realizing that no-userns was a poorly exercised condition. Change-Id: I8e4f21afc89c574020dc7e89a560cc740ce6573a
2023-02-10	Simplify the PID namespace check: just try to mount /proc	Eelco Dolstra
	Fixes #7783.
2023-02-07	Print debug message if a namespace test fails	Eelco Dolstra

2023-02-07	Fix macOS build	Eelco Dolstra

2023-02-07	Check whether we can use PID namespaces	Eelco Dolstra
	In unprivileged podman containers, /proc is not fully visible (there are other filesystems mounted on subdirectories of /proc). Therefore we can't mount a new /proc in the sandbox that matches the PID namespace of the sandbox. So this commit automatically disables sandboxing if /proc is not fully visible.
2023-02-07	Fix auto-uid-allocation in Docker containers	Eelco Dolstra
	This didn't work because sandboxing doesn't work in Docker. However, the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails, we retry with sandboxing disabled. But at that point, we've already done UID allocation under the assumption that user namespaces are enabled. So let's get rid of the "goto fallback" logic and just detect early whether user / mount namespaces are enabled. This commit also gets rid of a compatibility hack for some ancient Linux kernels (<2.13).