issues
search
shoenig
/
nomad-pledge-driver
Nomad task driver capable of blocking unwanted syscall and filesystem access. Based on the pledge utility for Linux by Justine Tunney
Mozilla Public License 2.0
22
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
build(deps): bump github.com/hashicorp/go-set from 0.1.10 to 0.1.12
#38
dependabot[bot]
closed
1 year ago
0
bug: using unveil when not supported should error somewhere
#37
shoenig
opened
1 year ago
0
exec: clone task process directly into its cgroup
#36
shoenig
closed
1 year ago
0
repo: setup linters
#35
shoenig
closed
1 year ago
0
build(deps): bump github.com/shoenig/test from 0.6.3 to 0.6.4
#34
dependabot[bot]
closed
1 year ago
0
build(deps): bump github.com/hashicorp/go-hclog from 1.4.0 to 1.5.0
#33
dependabot[bot]
closed
1 year ago
1
build(deps): bump github.com/hashicorp/nomad from 1.4.3 to 1.5.2
#32
dependabot[bot]
closed
1 year ago
1
build(deps): bump golang.org/x/sys from 0.4.0 to 0.6.0
#31
dependabot[bot]
closed
1 year ago
1
build(deps): bump github.com/shoenig/test from 0.6.1 to 0.6.3
#30
dependabot[bot]
closed
1 year ago
1
build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0
#29
dependabot[bot]
closed
1 year ago
1
build(deps): bump github.com/hashicorp/go-set from 0.1.7 to 0.1.9
#28
dependabot[bot]
closed
1 year ago
1
build(deps): bump github.com/hashicorp/nomad from 1.4.3 to 1.4.4
#27
dependabot[bot]
closed
1 year ago
1
deps: update and tidy
#26
shoenig
closed
1 year ago
0
build(deps): bump github.com/shoenig/test from 0.6.0 to 0.6.1
#25
dependabot[bot]
closed
1 year ago
0
build(deps): bump github.com/hashicorp/go-set from 0.1.7 to 0.1.8
#24
dependabot[bot]
closed
1 year ago
1
build(deps): bump golang.org/x/sys from 0.1.0 to 0.4.0
#23
dependabot[bot]
closed
1 year ago
0
repo: use hashicorp/setup-golang for setting up go compiler in GHA
#22
shoenig
closed
1 year ago
0
build(deps): bump github.com/hashicorp/go-hclog from 1.3.1 to 1.4.0
#21
dependabot[bot]
closed
1 year ago
1
build(deps): bump github.com/shoenig/test from 0.4.0 to 0.6.0
#20
dependabot[bot]
closed
1 year ago
1
build(deps): bump github.com/hashicorp/go-set from 0.1.6 to 0.1.7
#19
dependabot[bot]
closed
1 year ago
1
build(deps): bump github.com/hashicorp/nomad from 1.4.1 to 1.4.3
#18
dependabot[bot]
closed
1 year ago
1
deps: setup monthly dependabot
#17
shoenig
closed
1 year ago
0
build: make build steps not specific to my machine
#16
shoenig
closed
1 year ago
0
exec: extract cg values more efficiently
#15
shoenig
closed
1 year ago
0
ci: setup ci on gha
#14
shoenig
closed
1 year ago
0
deps: update deps
#13
shoenig
closed
1 year ago
0
plugin: detect if cap_net_bind_service is set on pledge executable
#12
shoenig
closed
1 year ago
0
e2e: setup to run e2e tests on github actions
#11
shoenig
closed
1 year ago
0
plugin: cleanup executable checks to produce correct error messages
#10
shoenig
closed
1 year ago
0
docs: add troubleshoot doc and update readme
#9
shoenig
closed
1 year ago
0
idea: set cap_net_bind_service on pledge binary
#8
shoenig
closed
1 year ago
1
e2e: help passwd read failure test work better
#7
shoenig
closed
2 years ago
0
exec: assume pledge binary has already been assimilated
#6
shoenig
closed
2 years ago
0
pledge: use tmpdir instead of home
#5
shoenig
closed
2 years ago
0
idea: do the assimilate step to avoid needing bash indirection
#4
shoenig
closed
2 years ago
0
use TMPDIR instead of HOME
#3
shoenig
closed
2 years ago
0
idea: use CLONE_NEWCGROUP to fix racey cgroup assignment
#2
shoenig
closed
1 year ago
3
idea: make use of procctl() to establish a supervisor process
#1
shoenig
closed
1 year ago
0
Previous