mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Update zlib examples
- Link `zipe.c` statically (safe) - Update policy to allow any use of `stat()` PiperOrigin-RevId: 428971638 Change-Id: Ib0f5f496ea2389582986b41a8830592e6c1d4390
This commit is contained in:
parent
ddef30148c
commit
aefdb94575
|
@ -36,7 +36,7 @@ sapi_library(
|
||||||
cc_binary(
|
cc_binary(
|
||||||
name = "main_zlib",
|
name = "main_zlib",
|
||||||
srcs = ["main_zlib.cc"],
|
srcs = ["main_zlib.cc"],
|
||||||
copts = sapi_platform_copts(["-Wframe-larger-than=65536"]),
|
copts = sapi_platform_copts(),
|
||||||
deps = [
|
deps = [
|
||||||
":zlib-sapi",
|
":zlib-sapi",
|
||||||
":zlib-sapi_embed",
|
":zlib-sapi_embed",
|
||||||
|
|
|
@ -17,7 +17,7 @@ add_sapi_library(zlib-sapi
|
||||||
FUNCTIONS deflateInit_
|
FUNCTIONS deflateInit_
|
||||||
deflate
|
deflate
|
||||||
deflateEnd
|
deflateEnd
|
||||||
INPUTS ${ZLIB_INCLUDE_DIRS}/zlib.h
|
INPUTS "${ZLIB_INCLUDE_DIRS}/zlib.h"
|
||||||
LIBRARY ZLIB::ZLIB
|
LIBRARY ZLIB::ZLIB
|
||||||
LIBRARY_NAME Zlib
|
LIBRARY_NAME Zlib
|
||||||
NAMESPACE "sapi::zlib"
|
NAMESPACE "sapi::zlib"
|
||||||
|
|
|
@ -37,9 +37,6 @@ cc_binary(
|
||||||
name = "zpipe",
|
name = "zpipe",
|
||||||
srcs = ["zpipe.c"],
|
srcs = ["zpipe.c"],
|
||||||
copts = sapi_platform_copts(),
|
copts = sapi_platform_copts(),
|
||||||
features = [
|
features = ["fully_static_link"],
|
||||||
"fully_static_link", # link libc statically
|
|
||||||
],
|
|
||||||
linkstatic = 1,
|
|
||||||
deps = ["@net_zlib//:zlib"],
|
deps = ["@net_zlib//:zlib"],
|
||||||
)
|
)
|
||||||
|
|
|
@ -24,7 +24,6 @@ target_link_libraries(sandbox2_zpipe_sandbox PRIVATE
|
||||||
absl::memory
|
absl::memory
|
||||||
sandbox2::bpf_helper
|
sandbox2::bpf_helper
|
||||||
sandbox2::comms
|
sandbox2::comms
|
||||||
# sandbox2::ipc
|
|
||||||
sapi::runfiles
|
sapi::runfiles
|
||||||
sandbox2::sandbox2
|
sandbox2::sandbox2
|
||||||
sapi::base
|
sapi::base
|
||||||
|
@ -38,5 +37,6 @@ add_executable(sandbox2_zpipe
|
||||||
set_target_properties(sandbox2_zpipe PROPERTIES OUTPUT_NAME zpipe)
|
set_target_properties(sandbox2_zpipe PROPERTIES OUTPUT_NAME zpipe)
|
||||||
add_executable(sandbox2::zpipe ALIAS sandbox2_zpipe)
|
add_executable(sandbox2::zpipe ALIAS sandbox2_zpipe)
|
||||||
target_link_libraries(sandbox2_zpipe PRIVATE
|
target_link_libraries(sandbox2_zpipe PRIVATE
|
||||||
|
-static
|
||||||
ZLIB::ZLIB
|
ZLIB::ZLIB
|
||||||
)
|
)
|
||||||
|
|
|
@ -54,7 +54,7 @@ std::unique_ptr<sandbox2::Policy> GetPolicy() {
|
||||||
// Allow write on STDOUT / STDERR.
|
// Allow write on STDOUT / STDERR.
|
||||||
.AddPolicyOnSyscall(__NR_write,
|
.AddPolicyOnSyscall(__NR_write,
|
||||||
{ARG_32(0), JEQ32(1, ALLOW), JEQ32(2, ALLOW)})
|
{ARG_32(0), JEQ32(1, ALLOW), JEQ32(2, ALLOW)})
|
||||||
.AllowSyscall(__NR_fstat)
|
.AllowStat()
|
||||||
.AllowStaticStartup()
|
.AllowStaticStartup()
|
||||||
.AllowSystemMalloc()
|
.AllowSystemMalloc()
|
||||||
.AllowExit()
|
.AllowExit()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user