diff options
| author | John Vogel <jvogel4@stny.rr.com> | 2019-09-07 07:18:18 -0400 |
|---|---|---|
| committer | John Vogel <jvogel4@stny.rr.com> | 2019-09-07 07:18:18 -0400 |
| commit | 617fbb982df660ef8ff29afffe6312ceba7043f3 (patch) | |
| tree | 3e62ab5171282c7aa2f0d577b0d62b88891c1756 | |
| parent | 2943ef8f1b6706df38dd7c17b6cf7ead5dc034b8 (diff) | |
| download | contrib-617fbb982df660ef8ff29afffe6312ceba7043f3.tar.gz contrib-617fbb982df660ef8ff29afffe6312ceba7043f3.tar.xz | |
nsjail: initial import
| -rw-r--r-- | nsjail/.footprint | 21 | ||||
| -rw-r--r-- | nsjail/.signature | 6 | ||||
| -rw-r--r-- | nsjail/Pkgfile | 28 |
3 files changed, 55 insertions, 0 deletions
diff --git a/nsjail/.footprint b/nsjail/.footprint new file mode 100644 index 000000000..f8448cfd4 --- /dev/null +++ b/nsjail/.footprint @@ -0,0 +1,21 @@ +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/nsjail +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man1/ +-rw-r--r-- root/root usr/share/man/man1/nsjail.1.gz +drwxr-xr-x root/root usr/share/nsjail/ +-rw-r--r-- root/root usr/share/nsjail/Dockerfile +-rw-r--r-- root/root usr/share/nsjail/config.proto +drwxr-xr-x root/root usr/share/nsjail/configs/ +-rw-r--r-- root/root usr/share/nsjail/configs/apache.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/bash-with-fake-geteuid.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/demo-dont-use-chrome-with-net.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/firefox-with-cloned-net.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/firefox-with-net.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/home-documents-with-xorg-no-net.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/imagemagick-convert.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/static-busybox-with-execveat.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/tomcat8.cfg +-rw-r--r-- root/root usr/share/nsjail/configs/xchat-with-net.cfg diff --git a/nsjail/.signature b/nsjail/.signature new file mode 100644 index 000000000..671f9acf4 --- /dev/null +++ b/nsjail/.signature @@ -0,0 +1,6 @@ +untrusted comment: verify with /etc/ports/contrib.pub +RWSagIOpLGJF37B8gslkLqFA7oLYxgRmTikvRgAQkM8v4EmL55gxr87WJUiAyWkA8hXxG7vTYMw8J/EhA5RQDrJkigVrzdTRVwo= +SHA256 (Pkgfile) = 6b3355971a02e8e7a2f15a4b628f55eef008493713ce29447a53f52bb1a0aa9d +SHA256 (.footprint) = 3c18bdb06b6e8fa93bcf59210bd1d1f12e2ff0fbaba6a03dfab830383812d9b4 +SHA256 (nsjail-2.9.tar.gz) = f8578a48330d3d089c9234a2b562be08043f8fe77453c322724acdf403d0afc3 +SHA256 (kafel-722b93a.tar.gz) = 49d2327c794c90aca50a9933c00d453705534b16e5f42d8c8e19c3d274f5e5f8 diff --git a/nsjail/Pkgfile b/nsjail/Pkgfile new file mode 100644 index 000000000..fe8c96f50 --- /dev/null +++ b/nsjail/Pkgfile @@ -0,0 +1,28 @@ +# Description: Linux process isolation tool utilizing namespaces, resource limits, seccomp-bpf +# URL: http://nsjail.com +# Maintainer: John Vogel, jvogel4 at stny dot rr dot com +# Depends on: libnl protobuf + +name=nsjail +version=2.9 +kafel_version=722b93a +release=1 +source=(https://github.com/google/$name/archive/$version/$name-$version.tar.gz + https://github.com/google/kafel/archive/$kafel_version/kafel-$kafel_version.tar.gz) + +build() { + cd $name-$version* + + # workaround to avoid using `git submodule update --init` + rm -rf kafel + mv $SRC/kafel-$kafel_version* kafel + + make + + install -D -m 755 nsjail $PKG/usr/bin/nsjail + install -d -m 755 $PKG/usr/share/nsjail/configs + install -D -m 644 configs/* $PKG/usr/share/nsjail/configs + install -D -m 644 config.proto $PKG/usr/share/nsjail/config.proto + install -D -m 644 Dockerfile $PKG/usr/share/nsjail/Dockerfile + install -D -m 644 nsjail.1 $PKG/usr/share/man/man1/nsjail.1 +} |