|
|
184e9db2b2
|
sandbox: support privileged container
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-27 19:40:19 +09:00 |
|
|
|
18644d90be
|
sandbox: wrap capset syscall
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-26 07:44:07 +09:00 |
|
|
|
52fcc48ac1
|
sandbox/init: drop capabilities
During development the syscall filter caused me to make an incorrect assumption about SysProcAttr.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-26 06:32:08 +09:00 |
|
|
|
5c4058d5ac
|
app: run in native sandbox
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-25 01:52:49 +09:00 |
|
|
|
a70daf2250
|
sandbox: resolve inverted flags in op
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-21 12:58:38 +09:00 |
|
|
|
24618ab9a1
|
sandbox: move out of internal
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-03-17 02:55:36 +09:00 |
|
