Bulk IWYU and build_cleaner fixes

PiperOrigin-RevId: 559733768 Change-Id: Ia38f4c176e9f0abbfdb3a8f1109f482d8870eb0f
2024-03-22 13:11:30 +08:00 · 2023-08-24 06:23:03 -07:00 · 2023-08-24 06:23:03 -07:00 · 127176d72f
commit 127176d72f
parent 38e5be910e
196 changed files with 773 additions and 304 deletions
--- a/sandboxed_api/BUILD.bazel
+++ b/sandboxed_api/BUILD.bazel
@ -47,6 +47,7 @@ cc_library(
        "//sandboxed_api/sandbox2:util",
        "//sandboxed_api/util:fileops",
        "//sandboxed_api/util:raw_logging",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/container:flat_hash_map",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/synchronization",
@ -82,11 +83,11 @@ cc_library(
        "//sandboxed_api/util:raw_logging",
        "//sandboxed_api/util:runfiles",
        "//sandboxed_api/util:status",
        "@com_google_absl//absl/base",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/base:dynamic_annotations",
        "@com_google_absl//absl/container:flat_hash_map",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
@ -101,10 +102,7 @@ cc_library(
    name = "call",
    hdrs = ["call.h"],
    copts = sapi_platform_copts(),
-    deps = [
+    deps = [":var_type"],
        ":var_type",
        "@com_google_absl//absl/base:core_headers",
    ],
 )
 cc_library(
@ -188,6 +186,7 @@ cc_library(
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_protobuf//:protobuf",
        "@org_sourceware_libffi//:libffi",
@ -205,9 +204,10 @@ cc_test(
        "//sandboxed_api/examples/stringop:stringop-sapi",
        "//sandboxed_api/examples/stringop:stringop_params_cc_proto",
        "//sandboxed_api/examples/sum:sum-sapi",
        "//sandboxed_api/examples/sum:sum-sapi_embed",
        "//sandboxed_api/util:status_matchers",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/time",
        "@com_google_benchmark//:benchmark",
        "@com_google_googletest//:gtest_main",
    ],
--- a/sandboxed_api/CMakeLists.txt
+++ b/sandboxed_api/CMakeLists.txt
@ -52,7 +52,8 @@ add_library(sapi_embed_file ${SAPI_LIB_TYPE}
 )
 add_library(sapi::embed_file ALIAS sapi_embed_file)
 target_link_libraries(sapi_embed_file
-  PRIVATE absl::strings
+  PRIVATE absl::core_headers
          absl::strings
          sandbox2::util
          sapi::base
          sapi::fileops
@ -85,7 +86,8 @@ target_link_libraries(sapi_sapi
          sandbox2::util
          sapi::embed_file
          sapi::vars
-  PUBLIC absl::core_headers
+  PUBLIC absl::check
         absl::core_headers
         sandbox2::client
         sandbox2::sandbox2
         sapi::base
@ -98,7 +100,6 @@ add_library(sapi_call ${SAPI_LIB_TYPE}
 )
 add_library(sapi::call ALIAS sapi_call)
 target_link_libraries(sapi_call PRIVATE
  absl::core_headers
  sapi::var_type
  sapi::base
 )
@ -166,10 +167,13 @@ add_library(sapi_client ${SAPI_LIB_TYPE}
 )
 add_library(sapi::client ALIAS sapi_client)
 target_link_libraries(sapi_client
-  PRIVATE absl::core_headers
+  PRIVATE absl::check
          absl::core_headers
          absl::dynamic_annotations
          absl::flags_parse
          absl::log
          absl::log_initialize
          absl::statusor
          absl::strings
          libffi::libffi
          sandbox2::comms
@ -181,8 +185,6 @@ target_link_libraries(sapi_client
          sapi::proto_arg_proto
          sapi::vars
          ${CMAKE_DL_LIBS}
  PUBLIC absl::check
         absl::log
 )
 if(BUILD_TESTING AND SAPI_BUILD_TESTING AND NOT CMAKE_CROSSCOMPILING)
@ -208,6 +210,7 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING AND NOT CMAKE_CROSSCOMPILING)
  target_link_libraries(sapi_test PRIVATE
    absl::status
    absl::statusor
    absl::time
    benchmark
    sandbox2::result
    sapi::proto_arg_proto
--- a/sandboxed_api/bazel/BUILD
+++ b/sandboxed_api/bazel/BUILD
@ -57,3 +57,9 @@ bzl_library(
    srcs = ["sapi.bzl"],
    visibility = ["//visibility:private"],
 )
 bzl_library(
    name = "llvm_config_bzl",
    srcs = ["llvm_config.bzl"],
    visibility = ["//visibility:private"],
 )
--- a/sandboxed_api/call.h
+++ b/sandboxed_api/call.h
@ -15,6 +15,7 @@
 #ifndef SANDBOXED_API_CALL_H_
 #define SANDBOXED_API_CALL_H_
 #include <cstddef>
 #include <cstdint>
 #include "sandboxed_api/var_type.h"
--- a/sandboxed_api/client.cc
+++ b/sandboxed_api/client.cc
@ -13,7 +13,8 @@
 // limitations under the License.
 #include <dlfcn.h>
-#include <sys/syscall.h>
+#include <syscall.h>
 #include <unistd.h>
 #include <algorithm>
 #include <cstdint>
@ -21,6 +22,7 @@
 #include <cstring>
 #include <iterator>
 #include <list>
 #include <string>
 #include <type_traits>
 #include <utility>
 #include <vector>
@ -33,6 +35,7 @@
 #include "absl/log/check.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
 #include "sandboxed_api/call.h"
 #include "sandboxed_api/lenval_core.h"
--- a/sandboxed_api/config.h
+++ b/sandboxed_api/config.h
@ -15,6 +15,7 @@
 #ifndef SANDBOXED_API_CONFIG_H_
 #define SANDBOXED_API_CONFIG_H_
 #include <features.h>
 #include <cstdint>
 #include <string>
--- a/sandboxed_api/embed_file.cc
+++ b/sandboxed_api/embed_file.cc
@ -16,10 +16,10 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <sys/syscall.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <string>
 #include "sandboxed_api/file_toc.h"
 #include "absl/strings/str_cat.h"
 #include "absl/synchronization/mutex.h"
--- a/sandboxed_api/embed_file.h
+++ b/sandboxed_api/embed_file.h
@ -16,6 +16,7 @@
 #define SANDBOXED_API_EMBED_FILE_H_
 #include "sandboxed_api/file_toc.h"
 #include "absl/base/thread_annotations.h"
 #include "absl/container/flat_hash_map.h"
 #include "absl/synchronization/mutex.h"
--- a/sandboxed_api/examples/stringop/BUILD.bazel
+++ b/sandboxed_api/examples/stringop/BUILD.bazel
@ -76,8 +76,10 @@ cc_test(
        "//sandboxed_api/util:status",
        "//sandboxed_api/util:status_matchers",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/memory",
        "@com_google_absl//absl/status",
-        "@com_google_absl//absl/time",
+        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings:string_view",
        "@com_google_googletest//:gtest_main",
    ],
 )
--- a/sandboxed_api/examples/stringop/CMakeLists.txt
+++ b/sandboxed_api/examples/stringop/CMakeLists.txt
@ -71,9 +71,10 @@ if(SAPI_BUILD_TESTING)
  )
  set_target_properties(sapi_main_stringop PROPERTIES OUTPUT_NAME main_stringop)
  target_link_libraries(sapi_main_stringop PRIVATE
-    absl::strings
+    absl::memory
    absl::time
    absl::log
    absl::statusor
    absl::strings
    sapi::sapi
    sapi::status
    sapi::stringop_sapi
--- a/sandboxed_api/examples/stringop/main_stringop.cc
+++ b/sandboxed_api/examples/stringop/main_stringop.cc
@ -12,17 +12,16 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
-#include <fcntl.h>
+#include <cstring>
-#include <sys/stat.h>
+#include <string>
 #include <sys/types.h>
 #include <memory>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "absl/log/log.h"
 #include "absl/memory/memory.h"
 #include "absl/status/status.h"
-#include "absl/time/time.h"
+#include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
 #include "sandboxed_api/examples/stringop/stringop_params.pb.h"
 #include "sandboxed_api/transaction.h"
 #include "sandboxed_api/util/status_macros.h"
--- a/sandboxed_api/examples/stringop/stringop.cc
+++ b/sandboxed_api/examples/stringop/stringop.cc
@ -15,10 +15,10 @@
 #include <sys/ptrace.h>
 #include <algorithm>
-#include <iostream>
+#include <cstdlib>
 #include <string>
 #include "absl/base/attributes.h"
 #include "absl/base/optimization.h"
 #include "sandboxed_api/examples/stringop/stringop_params.pb.h"
 #include "sandboxed_api/lenval_core.h"
--- a/sandboxed_api/examples/sum/BUILD.bazel
+++ b/sandboxed_api/examples/sum/BUILD.bazel
@ -82,14 +82,15 @@ cc_binary(
        ":sum_params_cc_proto",
        "//sandboxed_api:sapi",
        "//sandboxed_api:vars",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/base:log_severity",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
    ],
 )
--- a/sandboxed_api/examples/sum/CMakeLists.txt
+++ b/sandboxed_api/examples/sum/CMakeLists.txt
@ -78,10 +78,12 @@ add_executable(sapi_main_sum
 set_target_properties(sapi_main_sum PROPERTIES OUTPUT_NAME main_sum)
 add_executable(sapi::main_sum ALIAS sapi_main_sum)
 target_link_libraries(sapi_main_sum PRIVATE
  absl::core_headers
  absl::log
  absl::log_initialize
  absl::flags
  absl::flags_parse
  absl::status
  absl::statusor
  absl::strings
  sapi::base
  sapi::sapi
--- a/sandboxed_api/examples/sum/main_sum.cc
+++ b/sandboxed_api/examples/sum/main_sum.cc
@ -13,19 +13,22 @@
 // limitations under the License.
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <cstring>
 #include <ctime>
 #include <memory>
 #include <string>
 #include <utility>
 #include "absl/base/log_severity.h"
-#include "absl/flags/flag.h"
+#include "absl/base/macros.h"
 #include "absl/flags/parse.h"
 #include "absl/log/check.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
 #include "sandboxed_api/examples/sum/sum-sapi.sapi.h"
 #include "sandboxed_api/examples/sum/sum_params.pb.h"
--- a/sandboxed_api/examples/sum/sum.c
+++ b/sandboxed_api/examples/sum/sum.c
@ -13,10 +13,9 @@
 // limitations under the License.
 #include <stdio.h>
 #include <stdint.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <sys/ptrace.h>
 #include <unistd.h>
 int sumsymbol = 5;
--- a/sandboxed_api/examples/zlib/BUILD.bazel
+++ b/sandboxed_api/examples/zlib/BUILD.bazel
@ -44,11 +44,12 @@ cc_binary(
        ":zlib-sapi",
        "//sandboxed_api:vars",
        "@com_google_absl//absl/base:core_headers",
-        "@com_google_absl//absl/flags:flag",
+        "@com_google_absl//absl/base:log_severity",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
    ],
 )
--- a/sandboxed_api/examples/zlib/CMakeLists.txt
+++ b/sandboxed_api/examples/zlib/CMakeLists.txt
@ -34,11 +34,12 @@ add_executable(sapi_main_zlib
 set_target_properties(sapi_main_zlib PROPERTIES OUTPUT_NAME main_zlib)
 target_link_libraries(sapi_main_zlib PRIVATE
  sapi::base
  absl::flags
  absl::flags_parse
  absl::log
  absl::log_initialize
  absl::log_severity
  absl::status
  absl::statusor
  sapi::sapi
  sapi::status
  sapi::zlib_sapi
--- a/sandboxed_api/examples/zlib/main_zlib.cc
+++ b/sandboxed_api/examples/zlib/main_zlib.cc
@ -12,17 +12,17 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
-#include <linux/audit.h>
+#include <cassert>
-#include <sys/syscall.h>
+#include <cstdio>
 #include <cstdlib>
 #include "absl/base/log_severity.h"
 #include "absl/base/macros.h"
 #include "absl/flags/flag.h"
 #include "absl/flags/parse.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "sandboxed_api/examples/zlib/zlib-sapi.sapi.h"
 #include "sandboxed_api/vars.h"
--- a/sandboxed_api/file_toc.h
+++ b/sandboxed_api/file_toc.h
@ -22,6 +22,8 @@
 #include <sys/types.h>
 #include <cstddef>
 struct FileToc {
  const char* name;
  const char* data;
--- a/sandboxed_api/proto_helper.cc
+++ b/sandboxed_api/proto_helper.cc
@ -14,7 +14,13 @@
 #include "sandboxed_api/proto_helper.h"
 #include <cstddef>
 #include <cstdint>
 #include <string>
 #include <vector>
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 namespace sapi {
--- a/sandboxed_api/proto_helper.h
+++ b/sandboxed_api/proto_helper.h
@ -17,7 +17,8 @@
 #ifndef SANDBOXED_API_PROTO_HELPER_H_
 #define SANDBOXED_API_PROTO_HELPER_H_
-#include <cinttypes>
+#include <cstddef>
 #include <cstdint>
 #include <type_traits>
 #include <vector>
--- a/sandboxed_api/rpcchannel.cc
+++ b/sandboxed_api/rpcchannel.cc
@ -14,7 +14,12 @@
 #include "sandboxed_api/rpcchannel.h"
 #include <cstdint>
 #include <cstring>
 #include <string>
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
 #include "absl/synchronization/mutex.h"
--- a/sandboxed_api/rpcchannel.h
+++ b/sandboxed_api/rpcchannel.h
@ -16,6 +16,7 @@
 #define SANDBOXED_API_RPCCHANNEL_H_
 #include <cstddef>
 #include <cstdint>
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
--- a/sandboxed_api/sandbox.cc
+++ b/sandboxed_api/sandbox.cc
@ -14,16 +14,18 @@
 #include "sandboxed_api/sandbox.h"
 #include <sys/ioctl.h>
 #include <sys/resource.h>
 #include <sys/types.h>
 #include <sys/uio.h>
 #include <syscall.h>
 #include <algorithm>
 #include <cstdarg>
 #include <cstdio>
 #include <initializer_list>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/base/casts.h"
 #include "absl/base/dynamic_annotations.h"
 #include "absl/base/macros.h"
 #include "absl/log/log.h"
--- a/sandboxed_api/sandbox.h
+++ b/sandboxed_api/sandbox.h
@ -15,13 +15,20 @@
 #ifndef SANDBOXED_API_SANDBOX_H_
 #define SANDBOXED_API_SANDBOX_H_
 #include <ctime>
 #include <initializer_list>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "sandboxed_api/file_toc.h"
 #include "absl/base/attributes.h"
 #include "absl/base/macros.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/rpcchannel.h"
 #include "sandboxed_api/sandbox2/client.h"
--- a/sandboxed_api/sandbox2/BUILD.bazel
+++ b/sandboxed_api/sandbox2/BUILD.bazel
@ -116,7 +116,7 @@ cc_library(
        ":util",
        "//sandboxed_api:config",
        "@com_google_absl//absl/algorithm:container",
-        "@com_google_absl//absl/log",
+        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/strings:str_format",
        "@com_google_absl//absl/types:span",
@ -147,7 +147,6 @@ cc_library(
        ":util",
        "//sandboxed_api:config",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
    ],
 )
@ -179,6 +178,7 @@ cc_library(
    deps = [
        ":comms",
        ":logserver_cc_proto",
        "@com_google_absl//absl/base:log_severity",
        "@com_google_absl//absl/log:log_entry",
        "@com_google_absl//absl/log:log_sink",
        "@com_google_absl//absl/log:log_sink_registry",
@ -198,6 +198,7 @@ cc_library(
        ":logserver",
        ":logsink",
        "//sandboxed_api/util:raw_logging",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/strings",
    ],
@ -218,9 +219,9 @@ cc_library(
        "//sandboxed_api/sandbox2/network_proxy:filtering",
        "//sandboxed_api/sandbox2/util:bpf_helper",
        "//sandboxed_api/util:raw_logging",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/strings:string_view",
    ],
 )
@ -262,7 +263,9 @@ cc_binary(
        ":sanitizer",
        "//sandboxed_api/sandbox2/unwind",
        "//sandboxed_api/util:raw_logging",
        "@com_google_absl//absl/base:log_severity",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/status",
    ],
 )
@ -333,6 +336,7 @@ cc_library(
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/types:span",
    ],
@ -425,10 +429,12 @@ cc_library(
        "@com_google_absl//absl/cleanup",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/memory",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/time",
    ],
 )
@ -452,13 +458,17 @@ cc_library(
        "//sandboxed_api:config",
        "//sandboxed_api/util:raw_logging",
        "//sandboxed_api/util:status",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/cleanup",
        "@com_google_absl//absl/container:flat_hash_map",
        "@com_google_absl//absl/container:flat_hash_set",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/strings:str_format",
        "@com_google_absl//absl/synchronization",
        "@com_google_absl//absl/time",
    ],
@ -478,10 +488,13 @@ cc_library(
        ":policy",
        "//sandboxed_api/util:fileops",
        "//sandboxed_api/util:raw_logging",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/cleanup",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/synchronization",
        "@com_google_absl//absl/time",
    ],
@ -539,6 +552,7 @@ cc_library(
        ":mounts",
        ":namespace",
        ":policy",
        ":syscall",
        ":violation_cc_proto",
        "//sandboxed_api:config",
        "//sandboxed_api/sandbox2/network_proxy:filtering",
@ -553,6 +567,7 @@ cc_library(
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/types:optional",
        "@com_google_absl//absl/types:span",
    ],
 )
@ -589,7 +604,6 @@ cc_library(
    visibility = ["//visibility:public"],
    deps = [
        ":util",
        "//sandboxed_api/util:file_helpers",
        "//sandboxed_api/util:fileops",
        "//sandboxed_api/util:raw_logging",
        "//sandboxed_api/util:status",
@ -674,12 +688,12 @@ cc_test(
    copts = sapi_platform_copts(),
    data = ["//sandboxed_api/sandbox2/testcases:minimal_dynamic"],
    deps = [
        ":mount_tree_cc_proto",
        ":mounts",
        "//sandboxed_api:testing",
        "//sandboxed_api/util:file_base",
        "//sandboxed_api/util:status_matchers",
        "//sandboxed_api/util:temp_file",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/strings",
        "@com_google_googletest//:gtest_main",
    ],
@ -691,7 +705,6 @@ cc_library(
    hdrs = ["namespace.h"],
    copts = sapi_platform_copts(),
    deps = [
        ":mount_tree_cc_proto",
        ":mounts",
        ":violation_cc_proto",
        "//sandboxed_api/util:file_base",
@ -718,7 +731,8 @@ cc_test(
        "//sandboxed_api/util:fileops",
        "//sandboxed_api/util:status_matchers",
        "//sandboxed_api/util:temp_file",
-        "@com_google_absl//absl/log",
+        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_googletest//:gtest_main",
    ],
@ -736,6 +750,7 @@ cc_library(
        ":forkserver",
        ":sanitizer",
        "//sandboxed_api/util:raw_logging",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
    ],
 )
@ -755,8 +770,6 @@ cc_library(
        "//sandboxed_api/util:file_helpers",
        "//sandboxed_api/util:fileops",
        "//sandboxed_api/util:raw_logging",
        "//sandboxed_api/util:status",
        "@com_google_absl//absl/algorithm:container",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
@ -864,6 +877,7 @@ cc_test(
        ":sandbox2",
        "//sandboxed_api:testing",
        "//sandboxed_api/util:raw_logging",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/strings",
        "@com_google_googletest//:gtest_main",
@ -898,7 +912,6 @@ cc_test(
        ":comms",
        ":sandbox2",
        "//sandboxed_api:testing",
        "//sandboxed_api/sandbox2/util:bpf_helper",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/strings",
        "@com_google_googletest//:gtest_main",
@ -918,8 +931,6 @@ cc_test(
    ],
    tags = ["no_qemu_user_mode"],
    deps = [
        ":limits",
        ":regs",
        ":sandbox2",
        "//sandboxed_api:config",
        "//sandboxed_api:testing",
@ -950,7 +961,11 @@ cc_test(
        "//sandboxed_api:config",
        "//sandboxed_api:testing",
        "//sandboxed_api/util:status_matchers",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/synchronization",
        "@com_google_absl//absl/time",
        "@com_google_googletest//:gtest_main",
    ],
 )
@ -986,6 +1001,7 @@ cc_test(
        ":util",
        "//sandboxed_api/util:status_matchers",
        "@com_google_absl//absl/cleanup",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
        "@com_google_googletest//:gtest_main",
    ],
@ -1001,8 +1017,6 @@ cc_test(
    tags = ["no_qemu_user_mode"],
    deps = [
        ":global_forkserver",
        ":namespace",
        ":regs",
        ":sandbox2",
        ":stack_trace",
        "//sandboxed_api:testing",
@ -1010,7 +1024,7 @@ cc_test(
        "//sandboxed_api/util:status_matchers",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:reflection",
-        "@com_google_absl//absl/status:statusor",
+        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/strings",
        "@com_google_absl//absl/time",
        "@com_google_googletest//:gtest_main",
@ -1057,7 +1071,6 @@ cc_test(
        ":policybuilder",
        "//sandboxed_api/sandbox2/util:bpf_helper",
        "//sandboxed_api/util:status_matchers",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings",
--- a/sandboxed_api/sandbox2/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/CMakeLists.txt
@ -76,6 +76,7 @@ add_library(sandbox2::syscall ALIAS sandbox2_syscall)
 target_link_libraries(sandbox2_syscall
  PRIVATE absl::algorithm_container
          absl::span
          absl::statusor
          absl::str_format
          absl::strings
          sandbox2::util
@ -166,17 +167,18 @@ add_library(sandbox2_policy ${SAPI_LIB_TYPE}
  policy.h
 )
 add_library(sandbox2::policy ALIAS sandbox2_policy)
-target_link_libraries(sandbox2_policy PRIVATE
+target_link_libraries(sandbox2_policy
-  absl::core_headers
+ PRIVATE absl::strings
         sandbox2::bpf_helper
         sandbox2::bpfdisassembler
         sandbox2::comms
  sandbox2::namespace
         sandbox2::regs
         sandbox2::syscall
  sandbox2::violation_proto
         sapi::base
         sapi::config
 PUBLIC sandbox2::network_proxy_filtering
        sandbox2::namespace
        sandbox2::violation_proto
 )
 # sandboxed_api/sandbox2:notify
@ -215,6 +217,8 @@ set_target_properties(sandbox2_forkserver_bin PROPERTIES
 add_executable(sandbox2::forkserver_bin ALIAS sandbox2_forkserver_bin)
 target_link_libraries(sandbox2_forkserver_bin PRIVATE
  absl::log_globals
  absl::log_severity
  absl::status
  sandbox2::client
  sandbox2::comms
  sandbox2::forkserver
@ -286,6 +290,7 @@ add_library(sandbox2_executor ${SAPI_LIB_TYPE}
 add_library(sandbox2::executor ALIAS sandbox2_executor)
 target_link_libraries(sandbox2_executor
  PRIVATE absl::core_headers
          absl::status
          sandbox2::forkserver_proto
          sandbox2::ipc
          sandbox2::limits
@ -295,7 +300,7 @@ target_link_libraries(sandbox2_executor
          sapi::status_proto
  PUBLIC absl::log
         absl::span
-         absl::status
+         absl::statusor
         absl::strings
         sapi::config
         sapi::fileops
@ -366,6 +371,7 @@ target_link_libraries(sandbox2_stack_trace
          absl::memory
          absl::status
          absl::strings
          absl::time
          sandbox2::client
          sandbox2::limits
          sandbox2::policybuilder
@ -378,7 +384,8 @@ target_link_libraries(sandbox2_stack_trace
          sapi::fileops
          sapi::raw_logging
          sapi::status
-  PUBLIC absl::statusor
+  PUBLIC absl::check
         absl::statusor
         sandbox2::comms
         sandbox2::executor
         sandbox2::namespace
@ -428,11 +435,14 @@ add_library(sandbox2_monitor_ptrace ${SAPI_LIB_TYPE}
 )
 add_library(sandbox2::monitor_ptrace ALIAS sandbox2_monitor_ptrace)
 target_link_libraries(sandbox2_monitor_ptrace
-  PRIVATE absl::cleanup
+  PRIVATE absl::core_headers
          absl::cleanup
          absl::flat_hash_set
          absl::flags
          absl::log
          absl::status
          absl::statusor
          absl::str_format
          absl::strings
          absl::time
          sapi::base
@ -443,7 +453,8 @@ target_link_libraries(sandbox2_monitor_ptrace
          sandbox2::result
          sandbox2::sanitizer
          sandbox2::util
-  PUBLIC sandbox2::executor
+  PUBLIC absl::check
         sandbox2::executor
         sandbox2::monitor_base
         sandbox2::notify
         sandbox2::policy
@ -461,9 +472,13 @@ add_library(sandbox2_monitor_unotify ${SAPI_LIB_TYPE}
 )
 add_library(sandbox2::monitor_unotify ALIAS sandbox2_monitor_unotify)
 target_link_libraries(sandbox2_monitor_unotify
-  PRIVATE absl::cleanup
+  PRIVATE absl::check
          absl::cleanup
          absl::core_headers
          absl::log
          absl::optional
          absl::status
          absl::strings
          absl::time
          sapi::base
          sandbox2::client
@ -493,6 +508,7 @@ target_link_libraries(sandbox2_policybuilder
          sapi::config
          sandbox2::bpf_helper
          sandbox2::namespace
          sandbox2::syscall
          sandbox2::violation_proto
          sapi::file_base
          sapi::status
@ -538,7 +554,6 @@ add_library(sandbox2::sanitizer ALIAS sandbox2_sanitizer)
 target_link_libraries(sandbox2_sanitizer
  PRIVATE absl::strings
          sandbox2::util
          sapi::file_helpers
          sapi::fileops
          sapi::strerror
          sapi::raw_logging
@ -642,7 +657,8 @@ add_library(sandbox2_forkingclient ${SAPI_LIB_TYPE}
 )
 add_library(sandbox2::forkingclient ALIAS sandbox2_forkingclient)
 target_link_libraries(sandbox2_forkingclient
-  PRIVATE absl::memory
+  PRIVATE absl::check
          absl::memory
          absl::log
          sandbox2::sanitizer
          sapi::base
@ -659,15 +675,13 @@ add_library(sandbox2_util ${SAPI_LIB_TYPE}
 )
 add_library(sandbox2::util ALIAS sandbox2_util)
 target_link_libraries(sandbox2_util
-  PRIVATE absl::algorithm_container
+  PRIVATE absl::core_headers
          absl::core_headers
          absl::str_format
          absl::strings
          sapi::config
          sapi::file_base
          sapi::file_helpers
          sapi::fileops
          sapi::status
          sapi::base
          sapi::raw_logging
  PUBLIC absl::status
@ -813,10 +827,10 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING)
    sandbox2::testcase_minimal_dynamic
  )
  target_link_libraries(sandbox2_mounts_test PRIVATE
    absl::status
    absl::strings
    sapi::file_base
    sandbox2::mounts
    sandbox2::mount_tree_proto
    sapi::temp_file
    sapi::testing
    sapi::status_matchers
@ -838,6 +852,8 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING)
    sandbox2::testcase_namespace
  )
  target_link_libraries(sandbox2_namespace_test PRIVATE
    absl::check
    absl::statusor
    absl::strings
    sandbox2::allow_all_syscalls
    sandbox2::allow_unrestricted_networking
@ -971,7 +987,6 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING)
  )
  target_link_libraries(sandbox2_notify_test PRIVATE
    absl::strings
    sandbox2::bpf_helper
    sandbox2::comms
    sandbox2::regs
    sandbox2::sandbox2
@ -1001,8 +1016,6 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING)
    absl::strings
    sandbox2::bpf_helper
    sapi::config
    sandbox2::limits
    sandbox2::regs
    sandbox2::sandbox2
    sapi::status_matchers
    sapi::testing
@ -1027,7 +1040,11 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING)
    sandbox2::testcase_tsync
  )
  target_link_libraries(sandbox2_sandbox2_test PRIVATE
    absl::status
    absl::statusor
    absl::strings
    absl::synchronization
    absl::time
    sapi::config
    sandbox2::sandbox2
    sapi::testing
@ -1076,6 +1093,7 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING)
  )
  target_link_libraries(sandbox2_util_test PRIVATE
    sandbox2::util
    absl::statusor
    absl::strings
    absl::cleanup
    sapi::status_matchers
@ -1094,12 +1112,12 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING)
    sandbox2::testcase_symbolize
  )
  target_link_libraries(sandbox2_stack_trace_test PRIVATE
    absl::check
    absl::flags
    absl::status
    absl::strings
    absl::time
    sandbox2::global_forkserver
    sandbox2::namespace
    sandbox2::sandbox2
    sandbox2::stack_trace
    sandbox2::util
--- a/sandboxed_api/sandbox2/bpfdisassembler.cc
+++ b/sandboxed_api/sandbox2/bpfdisassembler.cc
@ -14,13 +14,17 @@
 #include "sandboxed_api/sandbox2/bpfdisassembler.h"
 #include <linux/bpf_common.h>
 // IWYU pragma: no_include <asm/int-ll64.h>
 #include <linux/filter.h>
 #include <linux/seccomp.h>
 #include <sys/sysinfo.h>
 #include <cstddef>
 #include <string>
 #include "absl/strings/str_cat.h"
 #include "absl/types/span.h"
 #define INSIDE_FIELD(what, field)               \
  ((offsetof(seccomp_data, field) == 0 ||       \
--- a/sandboxed_api/sandbox2/bpfdisassembler_test.cc
+++ b/sandboxed_api/sandbox2/bpfdisassembler_test.cc
@ -1,5 +1,9 @@
 #include "sandboxed_api/sandbox2/bpfdisassembler.h"
 #include <linux/bpf_common.h>
 #include <linux/filter.h>
 #include <linux/seccomp.h>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
--- a/sandboxed_api/sandbox2/buffer.cc
+++ b/sandboxed_api/sandbox2/buffer.cc
@ -19,7 +19,10 @@
 #include <unistd.h>
 #include <cerrno>
 #include <cstddef>
 #include <cstdint>
 #include <memory>
 #include <utility>
 #include "absl/memory/memory.h"
 #include "absl/status/status.h"
--- a/sandboxed_api/sandbox2/buffer_test.cc
+++ b/sandboxed_api/sandbox2/buffer_test.cc
@ -15,9 +15,9 @@
 #include "sandboxed_api/sandbox2/buffer.h"
 #include <sys/stat.h>
 #include <syscall.h>
 #include <unistd.h>
 #include <cstdint>
 #include <memory>
 #include <string>
 #include <utility>
--- a/sandboxed_api/sandbox2/client.cc
+++ b/sandboxed_api/sandbox2/client.cc
@ -17,6 +17,7 @@
 #include "sandboxed_api/sandbox2/client.h"
 #include <fcntl.h>
 #include <linux/bpf_common.h>
 #include <linux/filter.h>
 #include <linux/seccomp.h>
 #include <sys/prctl.h>
@ -24,17 +25,21 @@
 #include <unistd.h>
 #include <atomic>
 #include <cerrno>
 #include <cinttypes>
 #include <cstdint>
 #include <cstdlib>
 #include <limits>
 #include <memory>
 #include <string>
 #include <thread>  // NOLINT(build/c++11)
 #include <utility>
 #include <vector>
 #include "absl/base/attributes.h"
 #include "absl/base/macros.h"
 #include "absl/container/flat_hash_map.h"
 #include "absl/status/status.h"
 #include "absl/strings/numbers.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_join.h"
--- a/sandboxed_api/sandbox2/comms.cc
+++ b/sandboxed_api/sandbox2/comms.cc
@ -29,16 +29,20 @@
 #include <atomic>
 #include <cerrno>
-#include <cstddef>
+#include <cstdint>
 #include <cstdlib>
 #include <cstring>
 #include <functional>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "google/protobuf/message.h"
 #include "absl/base/dynamic_annotations.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/numbers.h"
 #include "absl/strings/str_format.h"
 #include "absl/synchronization/mutex.h"
 #include "sandboxed_api/sandbox2/util.h"
--- a/sandboxed_api/sandbox2/comms.h
+++ b/sandboxed_api/sandbox2/comms.h
@ -28,14 +28,18 @@
 #include <cstddef>
 #include <cstdint>
 #include <functional>
 #include <limits>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/base/attributes.h"
 #include "absl/base/thread_annotations.h"
 #include "absl/log/die_if_null.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
 #include "absl/synchronization/mutex.h"
 #include "sandboxed_api/util/status.pb.h"
--- a/sandboxed_api/sandbox2/comms_test.cc
+++ b/sandboxed_api/sandbox2/comms_test.cc
@ -17,9 +17,9 @@
 #include <fcntl.h>
 #include <sys/socket.h>
-#include <sys/time.h>
+#include <sys/types.h>
 #include <unistd.h>
 #include <cstdint>
 #include <cstring>
 #include <ctime>
 #include <functional>
--- a/sandboxed_api/sandbox2/examples/crc4/BUILD.bazel
+++ b/sandboxed_api/sandbox2/examples/crc4/BUILD.bazel
@ -34,17 +34,17 @@ cc_binary(
    copts = sapi_platform_copts(),
    data = [":crc4bin"],
    deps = [
        "//sandboxed_api:config",
        "//sandboxed_api/sandbox2",
        "//sandboxed_api/sandbox2:comms",
        "//sandboxed_api/sandbox2/util:bpf_helper",
        "//sandboxed_api/util:runfiles",
        "@com_google_absl//absl/base:log_severity",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/strings:string_view",
        "@com_google_absl//absl/time",
    ],
 )
@ -59,6 +59,7 @@ cc_binary(
        "//sandboxed_api/sandbox2:util",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/strings:string_view",
    ],
 )
--- a/sandboxed_api/sandbox2/examples/crc4/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/examples/crc4/CMakeLists.txt
@ -24,7 +24,9 @@ target_link_libraries(sandbox2_crc4sandbox PRIVATE
  absl::flags
  absl::flags_parse
  absl::log
  absl::log_globals
  absl::log_initialize
  absl::log_severity
  sandbox2::bpf_helper
  sandbox2::comms
  sapi::runfiles
@ -42,6 +44,7 @@ target_link_libraries(sandbox2_crc4bin PRIVATE
  absl::core_headers
  absl::flags
  absl::flags_parse
  absl::strings
  sandbox2::client
  sandbox2::comms
  sandbox2::util
--- a/sandboxed_api/sandbox2/examples/crc4/crc4bin.cc
+++ b/sandboxed_api/sandbox2/examples/crc4/crc4bin.cc
@ -19,9 +19,12 @@
 #include <cstdint>
 #include <cstring>
 #include <functional>
 #include <vector>
 #include "absl/flags/flag.h"
 #include "absl/flags/parse.h"
 #include "absl/strings/string_view.h"
 #include "sandboxed_api/sandbox2/client.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/util.h"
--- a/sandboxed_api/sandbox2/examples/crc4/crc4sandbox.cc
+++ b/sandboxed_api/sandbox2/examples/crc4/crc4sandbox.cc
@ -14,11 +14,8 @@
 // A demo sandbox for the crc4bin binary
 #include <linux/filter.h>
 #include <sys/resource.h>
 #include <syscall.h>
 #include <cstddef>
 #include <cstdint>
 #include <cstdio>
 #include <cstdlib>
@ -27,13 +24,14 @@
 #include <utility>
 #include <vector>
 #include "absl/base/log_severity.h"
 #include "absl/flags/flag.h"
 #include "absl/flags/parse.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
-#include "sandboxed_api/config.h"
+#include "absl/base/log_severity.h"
 #include "absl/strings/string_view.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/limits.h"
--- a/sandboxed_api/sandbox2/examples/crc4/crc4sandbox_test.cc
+++ b/sandboxed_api/sandbox2/examples/crc4/crc4sandbox_test.cc
@ -17,6 +17,7 @@
 #include <unistd.h>
 #include <string>
 #include <vector>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
--- a/sandboxed_api/sandbox2/examples/custom_fork/BUILD.bazel
+++ b/sandboxed_api/sandbox2/examples/custom_fork/BUILD.bazel
@ -34,13 +34,14 @@ cc_binary(
        "//sandboxed_api:config",
        "//sandboxed_api/sandbox2",
        "//sandboxed_api/sandbox2:comms",
        "//sandboxed_api/sandbox2:fork_client",
        "//sandboxed_api/util:runfiles",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/time",
    ],
 )
--- a/sandboxed_api/sandbox2/examples/custom_fork/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/examples/custom_fork/CMakeLists.txt
@ -27,7 +27,10 @@ target_link_libraries(sandbox2_custom_fork_sandbox PRIVATE
  absl::log
  absl::log_globals
  absl::log_initialize
  absl::log_severity
  absl::time
  sandbox2::comms
  sandbox2::fork_client
  sandbox2::forkserver
  sapi::runfiles
  sandbox2::sandbox2
--- a/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_bin.cc
+++ b/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_bin.cc
@ -16,7 +16,7 @@
 // sandbox2, and which uses a built-in fork-server to spawn new sandboxees
 // (instead of doing fork/execve via the Fork-Server).
-#include <sys/types.h>
+#include <unistd.h>
 #include <cstdint>
--- a/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox.cc
+++ b/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox.cc
@ -17,21 +17,24 @@
 #include <syscall.h>
 #include <cstdint>
 #include <cstdlib>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/flags/flag.h"
 #include "absl/flags/parse.h"
 #include "absl/log/check.h"
 #include "absl/flags/parse.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
 #include "absl/base/log_severity.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/fork_client.h"
 #include "sandboxed_api/sandbox2/limits.h"
 #include "sandboxed_api/sandbox2/policy.h"
 #include "sandboxed_api/sandbox2/policybuilder.h"
--- a/sandboxed_api/sandbox2/examples/network/BUILD.bazel
+++ b/sandboxed_api/sandbox2/examples/network/BUILD.bazel
@ -40,11 +40,12 @@ cc_binary(
        "//sandboxed_api/util:fileops",
        "//sandboxed_api/util:runfiles",
        "@com_google_absl//absl/base:core_headers",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/strings:string_view",
        "@com_google_absl//absl/time",
    ],
 )
--- a/sandboxed_api/sandbox2/examples/network/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/examples/network/CMakeLists.txt
@ -26,6 +26,9 @@ target_link_libraries(sandbox2_network_sandbox PRIVATE
  absl::log
  absl::log_globals
  absl::log_initialize
  absl::log_severity
  absl::strings
  absl::time
  sandbox2::bpf_helper
  sandbox2::comms
  sapi::fileops
--- a/sandboxed_api/sandbox2/examples/network/network_bin.cc
+++ b/sandboxed_api/sandbox2/examples/network/network_bin.cc
@ -16,11 +16,11 @@
 // namespace. It can't connect with the server directly, but the executor can
 // establish a connection and pass the connected socket to the sandboxee.
-#include <sys/socket.h>
+#include <unistd.h>
 #include <syscall.h>
 #include <cstdint>
 #include <cstdio>
 #include <cstring>
 #include <string>
 #include "absl/log/log.h"
 #include "absl/strings/str_format.h"
--- a/sandboxed_api/sandbox2/examples/network/network_sandbox.cc
+++ b/sandboxed_api/sandbox2/examples/network/network_sandbox.cc
@ -15,24 +15,25 @@
 // A demo sandbox for the network binary.
 #include <arpa/inet.h>
 #include <linux/filter.h>
 #include <netdb.h>
 #include <netinet/in.h>
 #include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <syscall.h>
 #include <unistd.h>
 #include <cstdio>
 #include <cstdlib>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/base/macros.h"
 #include "absl/flags/flag.h"
 #include "absl/flags/parse.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
 #include "absl/base/log_severity.h"
 #include "absl/strings/string_view.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/executor.h"
--- a/sandboxed_api/sandbox2/examples/network_proxy/BUILD.bazel
+++ b/sandboxed_api/sandbox2/examples/network_proxy/BUILD.bazel
@ -32,7 +32,6 @@ cc_binary(
        "//sandboxed_api:config",
        "//sandboxed_api/sandbox2",
        "//sandboxed_api/sandbox2:comms",
        "//sandboxed_api/sandbox2/util:bpf_helper",
        "//sandboxed_api/util:fileops",
        "//sandboxed_api/util:runfiles",
        "@com_google_absl//absl/base:core_headers",
@ -41,6 +40,8 @@ cc_binary(
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/strings:string_view",
        "@com_google_absl//absl/time",
    ],
 )
@ -64,6 +65,7 @@ cc_binary(
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
        "@com_google_absl//absl/strings:str_format",
        "@com_google_absl//absl/strings:string_view",
    ],
 )
--- a/sandboxed_api/sandbox2/examples/network_proxy/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/examples/network_proxy/CMakeLists.txt
@ -26,6 +26,9 @@ target_link_libraries(sandbox2_networkproxy_sandbox PRIVATE
  absl::log
  absl::log_globals
  absl::log_initialize
  absl::log_severity
  absl::strings
  absl::time
  sandbox2::bpf_helper
  sandbox2::comms
  sapi::fileops
@ -50,6 +53,7 @@ target_link_libraries(sandbox2_networkproxy_bin PRIVATE absl::status
  absl::log_initialize
  absl::statusor
  absl::str_format
  absl::strings
  sandbox2::client
  sandbox2::comms
  sapi::fileops
--- a/sandboxed_api/sandbox2/examples/network_proxy/networkproxy_bin.cc
+++ b/sandboxed_api/sandbox2/examples/network_proxy/networkproxy_bin.cc
@ -5,10 +5,10 @@
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-#include <syscall.h>
+#include <unistd.h>
 #include <cerrno>
 #include <cstring>
 #include "absl/base/log_severity.h"
@ -20,6 +20,7 @@
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_format.h"
 #include "absl/strings/string_view.h"
 #include "sandboxed_api/sandbox2/client.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/network_proxy/client.h"
--- a/sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox.cc
+++ b/sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox.cc
@ -1,18 +1,15 @@
 // A demo sandbox for the network binary.
 #include <arpa/inet.h>
 #include <linux/filter.h>
 #include <netdb.h>
 #include <netinet/in.h>
 #include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <syscall.h>
 #include <unistd.h>
 #include <cstdio>
 #include <cstdlib>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/base/macros.h"
@ -21,13 +18,15 @@
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
 #include "absl/base/log_severity.h"
 #include "absl/strings/string_view.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/policy.h"
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
 #include "sandboxed_api/util/fileops.h"
 #include "sandboxed_api/util/runfiles.h"
--- a/sandboxed_api/sandbox2/examples/static/BUILD.bazel
+++ b/sandboxed_api/sandbox2/examples/static/BUILD.bazel
@ -39,11 +39,12 @@ cc_binary(
        "//sandboxed_api/sandbox2",
        "//sandboxed_api/sandbox2/util:bpf_helper",
        "//sandboxed_api/util:runfiles",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/time",
    ],
 )
--- a/sandboxed_api/sandbox2/examples/static/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/examples/static/CMakeLists.txt
@ -21,10 +21,14 @@ add_dependencies(sandbox2_static_sandbox
  sandbox2::static_bin
 )
 target_link_libraries(sandbox2_static_sandbox PRIVATE
  absl::check
  absl::flags
  absl::flags_parse
  absl::log
  absl::log_globals
  absl::log_initialize
  absl::log_severity
  absl::time
  sandbox2::bpf_helper
  sapi::runfiles
  sandbox2::sandbox2
--- a/sandboxed_api/sandbox2/examples/static/static_bin.cc
+++ b/sandboxed_api/sandbox2/examples/static/static_bin.cc
@ -17,12 +17,10 @@
 //
 // It inverts all bytes coming from stdin and writes them to the stdout.
 #include <signal.h>
 #include <sys/prctl.h>
 #include <unistd.h>
 #include <cctype>
 #include <cstddef>
 #include <cstdio>
 int main(int argc, char* argv[]) {
--- a/sandboxed_api/sandbox2/examples/static/static_sandbox.cc
+++ b/sandboxed_api/sandbox2/examples/static/static_sandbox.cc
@ -17,22 +17,23 @@
 #include <fcntl.h>
 #include <sys/mman.h>
 #include <sys/resource.h>
 #include <syscall.h>
 #include <unistd.h>
-#include <csignal>
+#include <cerrno>
 #include <cstdlib>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
-#include "absl/flags/flag.h"
+#include "absl/log/check.h"
 #include "absl/flags/parse.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
 #include "absl/base/log_severity.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/limits.h"
--- a/sandboxed_api/sandbox2/examples/tool/BUILD.bazel
+++ b/sandboxed_api/sandbox2/examples/tool/BUILD.bazel
@ -39,10 +39,12 @@ cc_binary(
        "//sandboxed_api/sandbox2:util",
        "//sandboxed_api/sandbox2/util:bpf_helper",
        "//sandboxed_api/util:fileops",
        "@com_google_absl//absl/base:log_severity",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/flags:usage",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/strings",
--- a/sandboxed_api/sandbox2/examples/tool/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/examples/tool/CMakeLists.txt
@ -19,12 +19,14 @@ add_executable(sandbox2_sandbox2tool
 set_target_properties(sandbox2_sandbox2tool PROPERTIES OUTPUT_NAME sandbox2tool)
 add_executable(sandbox2::sandbox2tool ALIAS sandbox2_sandbox2tool)
 target_link_libraries(sandbox2_sandbox2tool PRIVATE
  absl::check
  absl::flags
  absl::flags_parse
  absl::flags_usage
  absl::log
  absl::log_globals
  absl::log_initialize
  absl::log_severity
  absl::strings
  absl::time
  sandbox2::allow_all_syscalls
--- a/sandboxed_api/sandbox2/examples/tool/sandbox2tool.cc
+++ b/sandboxed_api/sandbox2/examples/tool/sandbox2tool.cc
@ -22,26 +22,30 @@
 //     --logtostderr
 //     /bin/ls
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <syscall.h>
 #include <unistd.h>
 #include <csignal>
 #include <cstdint>
 #include <cstdio>
 #include <cstdlib>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/base/log_severity.h"
 #include "absl/flags/flag.h"
 #include "absl/flags/parse.h"
 #include "absl/flags/usage.h"
 #include "absl/log/check.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/log.h"
 #include "absl/strings/str_format.h"
 #include "absl/strings/str_split.h"
 #include "absl/strings/string_view.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/sandbox2/allow_all_syscalls.h"
 #include "sandboxed_api/sandbox2/executor.h"
--- a/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel
+++ b/sandboxed_api/sandbox2/examples/zlib/BUILD.bazel
@ -28,14 +28,16 @@ cc_binary(
    data = [":zpipe"],
    deps = [
        "//sandboxed_api/sandbox2",
        "//sandboxed_api/sandbox2:comms",
        "//sandboxed_api/sandbox2/util:bpf_helper",
        "//sandboxed_api/util:runfiles",
        "@com_google_absl//absl/flags:flag",
        "@com_google_absl//absl/flags:parse",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/log:check",
        "@com_google_absl//absl/log:globals",
        "@com_google_absl//absl/log:initialize",
        "@com_google_absl//absl/strings:string_view",
        "@com_google_absl//absl/time",
    ],
 )
--- a/sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/examples/zlib/CMakeLists.txt
@ -21,11 +21,15 @@ add_dependencies(sandbox2_zpipe_sandbox
  sandbox2::zpipe
 )
 target_link_libraries(sandbox2_zpipe_sandbox PRIVATE
  absl::check
  absl::flags
  absl::flags_parse
  absl::log
  absl::log_globals
  absl::log_initialize
  absl::log_severity
  absl::strings
  absl::time
  sandbox2::bpf_helper
  sandbox2::comms
  sapi::runfiles
--- a/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc
+++ b/sandboxed_api/sandbox2/examples/zlib/zpipe_sandbox.cc
@ -13,13 +13,10 @@
 // limitations under the License.
 #include <fcntl.h>
 #include <linux/filter.h>
 #include <sys/resource.h>
 #include <syscall.h>
 #include <unistd.h>
-#include <cstddef>
+#include <cerrno>
 #include <cstdint>
 #include <cstdio>
 #include <cstdlib>
 #include <memory>
 #include <string>
@ -30,8 +27,11 @@
 #include "absl/flags/parse.h"
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #include "absl/log/check.h"
 #include "absl/log/log.h"
-#include "sandboxed_api/sandbox2/comms.h"
+#include "absl/base/log_severity.h"
 #include "absl/strings/string_view.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/limits.h"
 #include "sandboxed_api/sandbox2/policy.h"
--- a/sandboxed_api/sandbox2/executor.cc
+++ b/sandboxed_api/sandbox2/executor.cc
@ -17,16 +17,19 @@
 #include "sandboxed_api/sandbox2/executor.h"
 #include <fcntl.h>
 #include <libgen.h>
 #include <sys/socket.h>
 #include <unistd.h>
-#include <climits>
+#include <algorithm>
-#include <cstddef>
+#include <cerrno>
 #include <cstdint>
 #include <memory>
-#include <string_view>
+#include <string>
 #include <vector>
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/match.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
--- a/sandboxed_api/sandbox2/executor.h
+++ b/sandboxed_api/sandbox2/executor.h
@ -15,7 +15,6 @@
 #ifndef SANDBOXED_API_SANDBOX2_EXECUTOR_H_
 #define SANDBOXED_API_SANDBOX2_EXECUTOR_H_
 #include <stdlib.h>
 #include <unistd.h>
 #include <memory>
@ -26,6 +25,7 @@
 #include "absl/base/macros.h"
 #include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
 #include "absl/types/span.h"
 #include "sandboxed_api/sandbox2/fork_client.h"
--- a/sandboxed_api/sandbox2/fork_client.cc
+++ b/sandboxed_api/sandbox2/fork_client.cc
@ -14,10 +14,14 @@
 #include "sandboxed_api/sandbox2/fork_client.h"
 #include <sys/types.h>
 #include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/synchronization/mutex.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/forkserver.pb.h"
 #include "sandboxed_api/util/fileops.h"
 namespace sandbox2 {
--- a/sandboxed_api/sandbox2/forkingclient.cc
+++ b/sandboxed_api/sandbox2/forkingclient.cc
@ -14,13 +14,13 @@
 #include "sandboxed_api/sandbox2/forkingclient.h"
 #include <sys/types.h>
 #include <unistd.h>
 #include <cstdlib>
 #include <memory>
 #include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "sandboxed_api/sandbox2/forkserver.h"
 #include "sandboxed_api/sandbox2/sanitizer.h"
 #include "sandboxed_api/util/raw_logging.h"
--- a/sandboxed_api/sandbox2/forkserver.cc
+++ b/sandboxed_api/sandbox2/forkserver.cc
@ -16,15 +16,15 @@
 #include "sandboxed_api/sandbox2/forkserver.h"
 #include <asm/types.h>
 #include <fcntl.h>
 #include <linux/filter.h>
 #include <linux/seccomp.h>
 #include <sched.h>
 #include <sys/eventfd.h>
 #include <sys/prctl.h>
 #include <sys/resource.h>
 #include <sys/socket.h>
-#include <sys/types.h>
+#include <sys/uio.h>
 #include <sys/un.h>
 #include <sys/wait.h>
 #include <syscall.h>
 #include <unistd.h>
@ -32,12 +32,13 @@
 #include <cerrno>
 #include <csignal>
 #include <cstdint>
 #include <cstdio>
 #include <cstdlib>
 #include <cstring>
 #include <fstream>
-#include <memory>
+#include <initializer_list>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/container/flat_hash_map.h"
 #include "absl/container/flat_hash_set.h"
@ -47,6 +48,7 @@
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_join.h"
 #include "absl/strings/str_split.h"
 #include "absl/strings/string_view.h"
 #include "libcap/include/sys/capability.h"
 #include "sandboxed_api/sandbox2/client.h"
 #include "sandboxed_api/sandbox2/comms.h"
--- a/sandboxed_api/sandbox2/forkserver_bin.cc
+++ b/sandboxed_api/sandbox2/forkserver_bin.cc
@ -13,13 +13,13 @@
 // limitations under the License.
 #include <sys/prctl.h>
 #include <sys/socket.h>
 #include <unistd.h>
 #include <csignal>
 #include <cstdlib>
 #include "absl/base/log_severity.h"
 #include "absl/log/globals.h"
 #include "absl/status/status.h"
 #include "sandboxed_api/sandbox2/client.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/forkserver.h"
--- a/sandboxed_api/sandbox2/forkserver_test.cc
+++ b/sandboxed_api/sandbox2/forkserver_test.cc
@ -16,13 +16,14 @@
 #include <fcntl.h>
 #include <sys/socket.h>
-#include <syscall.h>
+#include <sys/wait.h>
 #include <unistd.h>
-#include <utility>
+#include <string>
 #include "gtest/gtest.h"
 #include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/strings/str_cat.h"
 #include "sandboxed_api/sandbox2/forkserver.pb.h"
 #include "sandboxed_api/sandbox2/global_forkclient.h"
--- a/sandboxed_api/sandbox2/global_forkclient.cc
+++ b/sandboxed_api/sandbox2/global_forkclient.cc
@ -19,20 +19,17 @@
 #include <fcntl.h>
 #include <sched.h>
 #include <sys/mman.h>
 #include <sys/prctl.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <syscall.h>
 #include <unistd.h>
-#include <climits>
+#include <cerrno>
 #include <csignal>
 #include <cstdlib>
 #include <memory>
 #include <string>
 #include <vector>
 #include "absl/base/const_init.h"
 #include "absl/cleanup/cleanup.h"
 #include "absl/flags/flag.h"
 #include "absl/log/log.h"
--- a/sandboxed_api/sandbox2/global_forkclient.h
+++ b/sandboxed_api/sandbox2/global_forkclient.h
@ -21,6 +21,7 @@
 #include <sys/types.h>
 #include <bitset>
 #include <cstddef>
 #include <string>
 #include "absl/base/thread_annotations.h"
--- a/sandboxed_api/sandbox2/ipc.cc
+++ b/sandboxed_api/sandbox2/ipc.cc
@ -22,6 +22,7 @@
 #include <memory>
 #include <string>
 #include <tuple>
 #include <vector>
 #include <thread>
 #include "absl/log/log.h"
--- a/sandboxed_api/sandbox2/ipc.h
+++ b/sandboxed_api/sandbox2/ipc.h
@ -23,6 +23,7 @@
 #include <tuple>
 #include <vector>
 #include "absl/base/attributes.h"
 #include "absl/strings/string_view.h"
 #include "sandboxed_api/sandbox2/comms.h"
--- a/sandboxed_api/sandbox2/ipc_test.cc
+++ b/sandboxed_api/sandbox2/ipc_test.cc
@ -15,9 +15,10 @@
 #include "sandboxed_api/sandbox2/ipc.h"
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/executor.h"
--- a/sandboxed_api/sandbox2/limits_test.cc
+++ b/sandboxed_api/sandbox2/limits_test.cc
@ -20,7 +20,6 @@
 #include <utility>
 #include <vector>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/executor.h"
--- a/sandboxed_api/sandbox2/logsink.cc
+++ b/sandboxed_api/sandbox2/logsink.cc
@ -17,8 +17,11 @@
 #include <unistd.h>
 #include <csignal>
 #include <cstdio>
 #include <string>
 #include "absl/base/log_severity.h"
 #include "absl/log/log_entry.h"
 #include "absl/log/log_sink_registry.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_format.h"
--- a/sandboxed_api/sandbox2/monitor_base.cc
+++ b/sandboxed_api/sandbox2/monitor_base.cc
@ -16,11 +16,16 @@
 #include "sandboxed_api/sandbox2/monitor_base.h"
 #include <pthread.h>
 #include <sched.h>
 #include <signal.h>
 #include <sys/resource.h>
 #include <syscall.h>
 #include <cerrno>
 #include <cstdint>
 #include <cstdio>
 #include <iomanip>
 #include <memory>
 #include <optional>
 #include <string>
@ -30,10 +35,14 @@
 #include "absl/cleanup/cleanup.h"
 #include "absl/flags/declare.h"
 #include "absl/flags/flag.h"
 #include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/match.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
 #include "absl/synchronization/notification.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/sandbox2/client.h"
 #include "sandboxed_api/sandbox2/comms.h"
--- a/sandboxed_api/sandbox2/monitor_base.h
+++ b/sandboxed_api/sandbox2/monitor_base.h
@ -19,6 +19,7 @@
 #define SANDBOXED_API_SANDBOX2_MONITOR_BASE_H_
 #include <sys/resource.h>
 #include <sys/types.h>
 #include <cstdint>
 #include <cstdio>
@ -29,6 +30,7 @@
 #include "absl/status/statusor.h"
 #include "absl/synchronization/notification.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/fork_client.h"
--- a/sandboxed_api/sandbox2/monitor_ptrace.cc
+++ b/sandboxed_api/sandbox2/monitor_ptrace.cc
@ -17,27 +17,39 @@
 #include "sandboxed_api/sandbox2/monitor_ptrace.h"
 #include <sys/ptrace.h>
 #include <sys/resource.h>
 #include <sys/wait.h>
 #include <syscall.h>
 #include <unistd.h>
 #include <algorithm>
 #include <atomic>
 #include <cerrno>
-#include <csignal>
+#include <cstdint>
 #include <ctime>
 #include <deque>
 #include <fstream>
 #include <memory>
 #include <sstream>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/base/optimization.h"
 #include "absl/cleanup/cleanup.h"
 #include "absl/container/flat_hash_map.h"
 #include "absl/container/flat_hash_set.h"
 #include "absl/flags/declare.h"
 #include "absl/flags/flag.h"
 #include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_format.h"
 #include "absl/strings/string_view.h"
 #include "absl/synchronization/mutex.h"
 #include "absl/synchronization/notification.h"
 #include "absl/time/clock.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/client.h"
--- a/sandboxed_api/sandbox2/monitor_ptrace.h
+++ b/sandboxed_api/sandbox2/monitor_ptrace.h
@ -19,14 +19,16 @@
 #define SANDBOXED_API_SANDBOX2_MONITOR_PTRACE_H_
 #include <atomic>
 #include <csignal>
 #include <cstdint>
 #include <memory>
 #include <thread>
 #include "absl/container/flat_hash_map.h"
 #include "absl/log/log.h"
 #include "absl/synchronization/mutex.h"
 #include "absl/synchronization/notification.h"
 #include "absl/time/clock.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/monitor_base.h"
 #include "sandboxed_api/sandbox2/notify.h"
--- a/sandboxed_api/sandbox2/monitor_unotify.cc
+++ b/sandboxed_api/sandbox2/monitor_unotify.cc
@ -1,20 +1,38 @@
 #include "sandboxed_api/sandbox2/monitor_unotify.h"
 #include <linux/audit.h>
 #include <linux/filter.h>
 #include <linux/ioctl.h>
 #include <linux/seccomp.h>
 #include <poll.h>
 #include <sys/eventfd.h>
 #include <sys/ioctl.h>
 #include <sys/ptrace.h>
 #include <sys/resource.h>
 #include <sys/sysinfo.h>
 #include <sys/wait.h>
 #include <syscall.h>
 #include <unistd.h>
 #include <algorithm>
 #include <atomic>
 #include <cerrno>
 #include <cstdint>
 #include <cstdlib>
 #include <cstring>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/base/macros.h"
 #include "absl/cleanup/cleanup.h"
 #include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
 #include "absl/synchronization/mutex.h"
 #include "absl/synchronization/notification.h"
 #include "absl/time/clock.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/sandbox2/client.h"
 #include "sandboxed_api/sandbox2/forkserver.pb.h"
--- a/sandboxed_api/sandbox2/monitor_unotify.h
+++ b/sandboxed_api/sandbox2/monitor_unotify.h
@ -2,15 +2,22 @@
 #define SANDBOXED_API_SANDBOX2_MONITOR_UNOTIFY_H_
 #include <linux/seccomp.h>
 #include <sys/sysinfo.h>
 #include <sys/types.h>
 #include <atomic>
 #include <cstdlib>
 #include <memory>
 #include <thread>
 #include <string>
 #include <vector>
 #include "absl/log/log.h"
 #include "absl/status/statusor.h"
 #include "absl/synchronization/mutex.h"
 #include "absl/synchronization/notification.h"
 #include "absl/time/clock.h"
 #include "absl/time/time.h"
 #include "sandboxed_api/sandbox2/executor.h"
 #include "sandboxed_api/sandbox2/monitor_base.h"
 #include "sandboxed_api/sandbox2/notify.h"
--- a/sandboxed_api/sandbox2/mounts.cc
+++ b/sandboxed_api/sandbox2/mounts.cc
@ -21,15 +21,18 @@
 #include <sys/types.h>
 #include <unistd.h>
-#include <climits>
+#include <cerrno>
-#include <memory>
+#include <cstddef>
 #include <cstdint>
 #include <string>
 #include <tuple>
 #include <utility>
 #include <vector>
 #include "absl/container/flat_hash_set.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/match.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_join.h"
 #include "absl/strings/str_split.h"
--- a/sandboxed_api/sandbox2/mounts.h
+++ b/sandboxed_api/sandbox2/mounts.h
@ -15,7 +15,9 @@
 #ifndef SANDBOXED_API_SANDBOX2_MOUNTTREE_H_
 #define SANDBOXED_API_SANDBOX2_MOUNTTREE_H_
 #include <cstddef>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/status/status.h"
--- a/sandboxed_api/sandbox2/mounts_test.cc
+++ b/sandboxed_api/sandbox2/mounts_test.cc
@ -16,10 +16,13 @@
 #include <unistd.h>
-#include <utility>
+#include <cstddef>
 #include <string>
 #include <vector>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "absl/status/status.h"
 #include "absl/strings/match.h"
 #include "absl/strings/str_cat.h"
 #include "sandboxed_api/testing.h"
--- a/sandboxed_api/sandbox2/namespace.cc
+++ b/sandboxed_api/sandbox2/namespace.cc
@ -27,9 +27,12 @@
 #include <syscall.h>
 #include <unistd.h>
 #include <cstdint>
 #include <cstring>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/strings/str_cat.h"
 #include "sandboxed_api/sandbox2/violation.pb.h"
--- a/sandboxed_api/sandbox2/namespace.h
+++ b/sandboxed_api/sandbox2/namespace.h
@ -18,6 +18,7 @@
 #ifndef SANDBOXED_API_SANDBOX2_NAMESPACE_H_
 #define SANDBOXED_API_SANDBOX2_NAMESPACE_H_
 #include <sched.h>
 #include <sys/types.h>
 #include <cstdint>
--- a/sandboxed_api/sandbox2/namespace_test.cc
+++ b/sandboxed_api/sandbox2/namespace_test.cc
@ -14,11 +14,9 @@
 #include "sandboxed_api/sandbox2/namespace.h"
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <syscall.h>
 #include <unistd.h>
 #include <cstdint>
 #include <initializer_list>
 #include <memory>
 #include <string>
@ -27,8 +25,10 @@
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
-#include "absl/log/log.h"
+#include "absl/log/check.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/allow_all_syscalls.h"
 #include "sandboxed_api/sandbox2/executor.h"
--- a/sandboxed_api/sandbox2/network_proxy/BUILD.bazel
+++ b/sandboxed_api/sandbox2/network_proxy/BUILD.bazel
@ -30,6 +30,7 @@ cc_library(
        "//sandboxed_api/sandbox2:comms",
        "//sandboxed_api/util:fileops",
        "@com_google_absl//absl/log",
        "@com_google_absl//absl/status",
        "@com_google_absl//absl/status:statusor",
    ],
 )
--- a/sandboxed_api/sandbox2/network_proxy/CMakeLists.txt
+++ b/sandboxed_api/sandbox2/network_proxy/CMakeLists.txt
@ -18,11 +18,12 @@ add_library(sandbox2_network_proxy_server ${SAPI_LIB_TYPE}
  server.h
 )
 add_library(sandbox2::network_proxy_server ALIAS sandbox2_network_proxy_server)
-target_link_libraries(sandbox2_network_proxy_server PRIVATE
+target_link_libraries(sandbox2_network_proxy_server
-  sandbox2::comms
+ PRIVATE absl::status
         sapi::fileops
  sandbox2::network_proxy_filtering
         sapi::base
 PUBLIC sandbox2::comms
        sandbox2::network_proxy_filtering
 )
 # sandboxed_api/sandbox2/network_proxy:filtering
--- a/sandboxed_api/sandbox2/network_proxy/client.cc
+++ b/sandboxed_api/sandbox2/network_proxy/client.cc
@ -14,17 +14,16 @@
 #include "sandboxed_api/sandbox2/network_proxy/client.h"
-#include <linux/net.h>
+#include <sys/socket.h>
 #include <linux/seccomp.h>
 #include <stdio.h>
 #include <syscall.h>
 #include <unistd.h>
 #include <cerrno>
-#include <iostream>
+#include <cstdint>
 #include <memory>
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/synchronization/mutex.h"
 #include "sandboxed_api/sandbox2/util/syscall_trap.h"
 #include "sandboxed_api/util/status_macros.h"
--- a/sandboxed_api/sandbox2/network_proxy/client.h
+++ b/sandboxed_api/sandbox2/network_proxy/client.h
@ -16,6 +16,9 @@
 #define SANDBOXED_API_SANDBOX2_NETWORK_PROXY_CLIENT_H_
 #include <netinet/in.h>
 #include <sys/socket.h>
 #include <cstdint>
 #include "absl/status/status.h"
 #include "absl/synchronization/mutex.h"
--- a/sandboxed_api/sandbox2/network_proxy/filtering.cc
+++ b/sandboxed_api/sandbox2/network_proxy/filtering.cc
@ -15,6 +15,15 @@
 #include "sandboxed_api/sandbox2/network_proxy/filtering.h"
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
 #include <algorithm>
 #include <cerrno>
 #include <cstdint>
 #include <cstring>
 #include <string>
 #include <vector>
 #include "absl/log/log.h"
 #include "absl/status/status.h"
--- a/sandboxed_api/sandbox2/network_proxy/filtering.h
+++ b/sandboxed_api/sandbox2/network_proxy/filtering.h
@ -17,8 +17,12 @@
 #include <netinet/in.h>
 #include <cstdint>
 #include <memory>
 #include <string>
 #include <vector>
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "sandboxed_api/sandbox2/comms.h"
--- a/sandboxed_api/sandbox2/network_proxy/filtering_test.cc
+++ b/sandboxed_api/sandbox2/network_proxy/filtering_test.cc
@ -15,8 +15,12 @@
 #include "sandboxed_api/sandbox2/network_proxy/filtering.h"
 #include <arpa/inet.h>
-#include <linux/unistd.h>
+#include <netinet/in.h>
-#include <string.h>
+#include <sys/socket.h>
 #include <cstdint>
 #include <cstring>
 #include <string>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
--- a/sandboxed_api/sandbox2/network_proxy/server.cc
+++ b/sandboxed_api/sandbox2/network_proxy/server.cc
@ -14,19 +14,21 @@
 #include "sandboxed_api/sandbox2/network_proxy/server.h"
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <pthread.h>
 #include <signal.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <syscall.h>
 #include <atomic>
 #include <cerrno>
 #include <cstring>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "sandboxed_api/util/fileops.h"
--- a/sandboxed_api/sandbox2/network_proxy/server.h
+++ b/sandboxed_api/sandbox2/network_proxy/server.h
@ -15,7 +15,11 @@
 #ifndef SANDBOXED_API_SANDBOX2_NETWORK_PROXY_SERVER_H_
 #define SANDBOXED_API_SANDBOX2_NETWORK_PROXY_SERVER_H_
 #include <pthread.h>
 #include <atomic>
 #include <memory>
 #include <string>
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/network_proxy/filtering.h"
--- a/sandboxed_api/sandbox2/notify_test.cc
+++ b/sandboxed_api/sandbox2/notify_test.cc
@ -14,6 +14,7 @@
 #include "sandboxed_api/sandbox2/notify.h"
 #include <sys/types.h>
 #include <syscall.h>
 #include <memory>
@ -32,7 +33,6 @@
 #include "sandboxed_api/sandbox2/policybuilder.h"
 #include "sandboxed_api/sandbox2/sandbox2.h"
 #include "sandboxed_api/sandbox2/syscall.h"
 #include "sandboxed_api/sandbox2/util/bpf_helper.h"
 #include "sandboxed_api/testing.h"
 namespace sandbox2 {
--- a/sandboxed_api/sandbox2/policy.cc
+++ b/sandboxed_api/sandbox2/policy.cc
@ -18,14 +18,20 @@
 #include <fcntl.h>
 #include <linux/audit.h>
-#include <linux/ipc.h>
+#include <linux/bpf_common.h>
 #include <linux/filter.h>
 #include <linux/seccomp.h>
 #include <sched.h>
 #include <syscall.h>
 #include <cstdint>
 #include <optional>
 #include <string>
 #include <vector>
 #include "absl/flags/flag.h"
 #include "absl/log/log.h"
 #include "absl/strings/string_view.h"
 #include "sandboxed_api/config.h"
 #include "sandboxed_api/sandbox2/bpfdisassembler.h"
 #include "sandboxed_api/sandbox2/comms.h"
--- a/Show More
+++ b/Show More