Skip to content

Releases: google/nsjail

nsjail-2.6

19 Apr 16:11
@robertswiecki robertswiecki
2.6
cfa3a64
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
nsjail-2.6
  • Various smaller bugfixes
  • Updated man page
  • Newer kafel with support for i386
  • Updated Dockerfile
Loading

nsjail-2.5

16 Feb 15:51
@robertswiecki robertswiecki
2.5
9cbe1c5

Choose a tag to compare

View all tags
nsjail-2.5
  • Convert code to C++ to simplify sys/queue -> vector operations
  • Make it compile under gcc/g++-4.8
  • Add -m option for arbitrary mounts
  • Create BPF policy once only
Loading

nsjail-2.4

31 Jan 15:05
@robertswiecki robertswiecki
2.4
6e63fd4

Choose a tag to compare

View all tags
nsjail-2.4
  • open kafel file in each kafel subproc individually to avoid file posiiton sharing
  • more and better examples in configs/
Loading

nsjail-2.3

05 Dec 14:50
@robertswiecki robertswiecki
2.3
af7bfc1

Choose a tag to compare

View all tags
nsjail-2.3
  • fixed --max_conns_per_ip
  • made it compilable under OpenWRT
  • removed lingering -fblocks code
  • better config example for ImageMagick
  • fixed check for non-existent group- and user-names
Loading

nsjail-2.2

31 Oct 15:46
@robertswiecki robertswiecki
2.2
27c05b3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
nsjail-2.2
  • Works correctly with some archs which need aligned stack for clone (e.g. aarch64)
  • Enable CLONE_NEWCGROUP by default (can be disabled)
  • Added CTRL+\ (SIGQUIT) handler to show all connections
  • Create new dirs in /run/user/ first (instead of /tmp)
  • Unblock all signals prior to execve
  • Don't start new ns-init id CLONE_NEWPID is not requested
  • Support cgroup net_cls subsystem
  • Mount: better statvfs -> mount flags mapping
Loading

nsjail-2.1

19 Oct 00:17
@robertswiecki robertswiecki
2.1
00fa26f

Choose a tag to compare

View all tags
nsjail-2.1
  • Works correctly with some 32bit platforms that use setres(u|g)id32
  • Supports executing binaries through execveat
  • New config example for busybox which demonstrates use of execveat
Loading

nsjail-2.0

16 Oct 13:21
@robertswiecki robertswiecki
2.0
64325b3

Choose a tag to compare

View all tags
nsjail-2.0

Fixes a crash in <= nsjail-1.9 where a stack variable was incorrectly marked as 'static', overflowing an array after a couple hundred of executions of a single program (e.g. in -Ml and -Mr modes)

Loading

nsjail-1.9 [broken]

11 Oct 19:22
@robertswiecki robertswiecki
1.9
819671e

Choose a tag to compare

View all tags
nsjail-1.9 [broken]

BROKEN - can crash nsjail after a couple hundred of iterations in -Ml and -Mr modes. Use version 2.0 instead.

  • Remove dependency on libcap-dev (which didn't understand newer capabilities)
  • Add /proc manipulation options (path and R/W)
  • Add hard/soft/inf options to config.proto for rlimits
  • Make it compile under uClibc
Loading

nsjail 1.8

27 Sep 13:40
@robertswiecki robertswiecki
1.8
88703c9

Choose a tag to compare

View all tags
nsjail 1.8
  • Make Dockerfile compilable with libprotobuf (C++)
  • Fix NULL crashes if certain values were not set in the config file (e.g. hostname)
Loading

nsjail 1.7 [broken]

26 Sep 07:15
@robertswiecki robertswiecki
1.7
de9712b

Choose a tag to compare

View all tags
nsjail 1.7 [broken]
  • BROKEN - config.proto defaults don't work correctly (might crash with NULL if e.g. hostname is not set in the config file)
  • Depends on C++ libprotobuf now (libprotobuf-c was buggy, and didn't support text-format by default)
  • nsjail exits with 255 now in case of startup errors (formerly: with 1)
  • man page (thx to John Vogel)
Loading