Wolfgang Frisch
1a4e4a409f
fix leap build OBS-URL: https://build.opensuse.org/request/show/1172144 OBS-URL: https://build.opensuse.org/package/show/security/nsjail?expand=0&rev=27
211 lines
8.5 KiB
Plaintext
211 lines
8.5 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon May 6 10:05:10 UTC 2024 - Max Lin <mlin@suse.com>
|
|
|
|
- Build with protobuf21 on Leap 15 if the version is greater than
|
|
15.3, protobuf25 has added to SLE15 since SP4 update (bsc#1222929)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 05 12:25:41 UTC 2024 - wolfgang.frisch@suse.com
|
|
|
|
- Update to version 3.4+git14.b740dcf:
|
|
* Improved cgroups2 support
|
|
* Improved cgroups2 + docker interoperability
|
|
* New configs: hexchat, telegram
|
|
* Better support for clone3
|
|
* New signals displayed: SIGPWR
|
|
* Support for nvim+.clangd
|
|
* Improved .clang-format rules
|
|
* Print help to stdout if -h | --help was used
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 23 08:54:02 UTC 2023 - wolfgang.frisch@suse.com
|
|
|
|
- Fixed Tumbleweed build error caused by an incompatible libprotobuf.
|
|
- Update to version 3.3+git14.8308b91:
|
|
* subproc: mark cloneFunc as [[noreturn]]
|
|
* subproc: support CLONE_CLEAR_SIGHAND
|
|
* subproc: display additional clone3 flags
|
|
* configs/: formatting
|
|
* configs/telegram: telegram is 64 bit only
|
|
* configs/telegram: a new config for the telegram-desktop
|
|
* formatting fix
|
|
* Better output formatting for --help
|
|
* cgroup2.cc: improve note about using Docker
|
|
* logs: respect getenv(NO_COLOR)
|
|
* configs/hexchat: new config based on xchat
|
|
* Mount read-only directly if mounting rw fails
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 6 16:17:58 UTC 2023 - Andrea Manzini <andrea.manzini@suse.com>
|
|
|
|
- drop obscpio file upon request
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 05 15:43:58 UTC 2023 - andrea.manzini@suse.com
|
|
|
|
- Update to version 3.3+git1.5b48117:
|
|
* configs/xchat: mount whole /tmp/.X11-unix
|
|
* Setup cgroup.subtree_control controllers when necessary in cgroupsv2
|
|
* Unset LDFLAGS for kafel
|
|
* config/xchat: move original .xchat2 config dir to .config/
|
|
* Update kafel
|
|
* configs/bash: remove tmpfs mount over /dev as it makes /dev/null non-writeable
|
|
* configs/firefox-with-net-wayland: x11 socket is not needed here
|
|
* nsjail: use atomic in sighandlers
|
|
* configs/xchat-with-net: use 8.8.8.8 in resolv.conf unconditionally
|
|
* cpu: more debug messaging
|
|
* mnt: quote paths in log messages
|
|
* Switch C++ standard to C++14 - it'll allow to use new features, like std::quoted
|
|
* mnt: remove unnecessary quote in a debug message
|
|
* cpu/subproc: better debugging strings
|
|
* cpu: even better LOG_Ds
|
|
* cpu: Add more debugging messages
|
|
* Make logs more efficient by avoiding argument evaluation for LOG* if it's not needed at the current level
|
|
* When setting CPU affinity, take into consideration the current CPU affinity set. Use only CPU numbers, which exist in the current affinity set. Maybe fixes https://github.com/google/nsjail/issues/200
|
|
* subproc: Allow killing subprocesses with different signal
|
|
* Add `disable_tsc` option
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 05 08:34:49 UTC 2022 - jsegitz@suse.com
|
|
|
|
- Changed version string to 3.0+git72.dccf911 and adjusted
|
|
service file. The previous version scheme results in version
|
|
strings that are "lower" that e.g. 3.0.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 05 03:41:13 UTC 2022 - william.brown@suse.com
|
|
|
|
- Update to version 3.0~git72.dccf911:
|
|
* log: use TEMP_FAILURE_RETRY instead of fallback to dprintf
|
|
* make indent
|
|
* Fix compile using `FROM ubuntu:20.04`
|
|
* cgroup2: use cgroup_mem_swap_max and cgroup_mem_memsw_max
|
|
* cgroup2: support cgroup_mem_memsw_max
|
|
* fix mem clean in finishFromParent
|
|
* Fix whitespace in kafel
|
|
* Fix build
|
|
* Update kafel for RISC-V support
|
|
* Add support for setting cgroup memory.memsw.limit_in_bytes
|
|
* Allow mount options to contain colons.
|
|
* macros: make NS_VALSTR_STRUCT accept unsigned/64-bit vals
|
|
* configs/firefox-with-net-wayland.cfg: retain original WAYLAND_DISPLAY value
|
|
* The default rlimit_as value is 4096, not 512.
|
|
* configs: firefox+wayland example
|
|
* config.proto: renumerate fields
|
|
* configs/imagemagick: alternative file conversion command
|
|
* Fix duplicate field number
|
|
* Fix formatting
|
|
* Update kafel - x86 build fixes
|
|
* cgroup: write period before quota
|
|
* rtprio, msgqueue - defaulting to 'soft'
|
|
* Renaming use_switchroot option with no_pivotroot
|
|
* Consistentency with RLIMIT_* constant name
|
|
* Adding a warning when switchroot is used
|
|
* Added rt, memlock & msgq limits
|
|
* subproc: warn about CLONE_NEWTIME and clone(), and remove notice about CLONE_NEWCGROUP as the kernel versions should be now new enough for its support
|
|
* subproc: debug log for unshare()
|
|
* Merge branch '_test_switchroot_alternative'
|
|
* No Yoda
|
|
* cmdline: clone_newcgroup -> true by default; clone_newtime should be false
|
|
* Comment fix
|
|
* Added use_switchroot option
|
|
* make indent
|
|
* MACVLAN modes support
|
|
* Enable support for clone3() and for CLONE_NEWTIME
|
|
* Fixed macro in subproc.cc
|
|
* Initial support for CLONE_NEWTIME
|
|
* Update kafel to include bugfixes
|
|
* configs/ - add comments to config files using #
|
|
* Bump kafel
|
|
* Yet another bugfix Kafel version bump
|
|
* update kafel again to include a bugfix.
|
|
* Update kafel
|
|
* Fix default value of cgroup_cpu_mount in README
|
|
* Fix typo in command line description
|
|
* net: add support for max_conns
|
|
* subproc: refer users to dmesg in case si_syscall==31 (SIGSYS)
|
|
* Fix build
|
|
* Add new capabilities, ignore unsupported caps for bounding set
|
|
* nsjail: don't add connections to the proxy map if launching a new process failed
|
|
* subproc: kill a process once in the -Ml mode once the TCP connection has ended
|
|
* make indent
|
|
* remove build dependency on which
|
|
* Makefile: compile kafel with -fPIE (maybe fixes #149)
|
|
* Fix compilation errors on old gcc (5.4.0)
|
|
* config.proto: make indent
|
|
* config.proto: renumerate config fields
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 05 03:32:47 UTC 2022 - william.brown@suse.com
|
|
|
|
- Add _service file to allow updating directly from git
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 28 09:10:57 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
|
|
|
|
- Update to 3.0:
|
|
* the TCP proxy mode is a socketpair proxy now
|
|
* fixes for some configs/ (e.g. for xchat and for znc)
|
|
* new clone option recognized (CLONE_NEWPID)
|
|
* fixed max_conns_per_ip
|
|
* clarification of units for cgroups_mem_max
|
|
- Remove remove_werror.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 18 13:59:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Add remove_werror.patch to prevent build errors due to deprecation
|
|
warnings. I expect this can be removed with 3.0
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 3 09:34:09 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
|
|
|
- Update to version 2.9. Notable changes:
|
|
* improved configs for some tools
|
|
* changed default RLIMIT_AS to 4GiB
|
|
* rudimentary support for cgroups2
|
|
* added option to ignore rlimits
|
|
* fixed setcwd() w/o CLONE_NEWNS
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 2 10:29:39 UTC 2020 - Christophe Giboudeaux <christophe@krop.fr>
|
|
|
|
- Disable lto for building nsjail.
|
|
- Run spec-cleaner, install the license file.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 11 17:26:53 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Fixed ExclusiveArch: to correct architecture
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 4 07:11:25 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Ensure build only on 64 bit machines
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 5 13:50:16 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Retire old $RPM_* shell vars and %__-type macro indirections.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 5 07:44:04 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Update to version 2.8
|
|
* ability to specify noexec/nodev/nosuid in mounts
|
|
* added --macvlan_vs_ma option
|
|
* better example configs
|
|
* changed behavior of --env - empty var means passing it from parent
|
|
- Fixed requires for libnl3
|
|
- Removed format-truncation.patch, string handling was reworked
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 20 13:23:00 UTC 2018 - jsegitz@suse.com
|
|
|
|
- Added format-truncation.patch to prevent truncation warnings
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 20 12:11:46 UTC 2018 - jsegitz@suse.com
|
|
|
|
- Initial import of version 2.7
|