|
|
0ba8be659f
|
sandbox: document less obvious parts of setup
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-04-01 01:21:04 +09:00 |
|
|
|
184e9db2b2
|
sandbox: support privileged container
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-27 19:40:19 +09:00 |
|
|
|
52fcc48ac1
|
sandbox/init: drop capabilities
During development the syscall filter caused me to make an incorrect assumption about SysProcAttr.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-26 06:32:08 +09:00 |
|
|
|
971c79bb80
|
sandbox: remove hardcoded parent perm
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-25 19:49:51 +09:00 |
|
|
|
61dbfeffe7
|
sandbox/wl: move into sandbox
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-25 05:26:37 +09:00 |
|
|
|
b74a08dda9
|
sandbox: prepare ops early
Some setup code needs to run in host root. This change allows that to happen.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-18 02:17:46 +09:00 |
|
|
|
1b9408864f
|
sandbox: pass cmd to cancel function
This is not usually in scope otherwise.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-17 22:36:39 +09:00 |
|
|
|
816b372f14
|
sandbox: cancel process on serve error
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-17 21:49:45 +09:00 |
|
|
|
d7eddd54a2
|
sandbox: rename params struct
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-17 21:45:08 +09:00 |
|
|
|
af3619d440
|
sandbox: create symlinks
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-17 16:37:56 +09:00 |
|
|
|
24618ab9a1
|
sandbox: move out of internal
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-17 02:55:36 +09:00 |
|
