mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Allow sandboxee to read from /proc when sanitizers are allowed.
Sanitizers read from /proc. For example:
69445f095c/lib/sanitizer_common/sanitizer_linux.cpp (L1101)
PiperOrigin-RevId: 292363903
Change-Id: Icc383ededcad363b4e96f5551f140f012b07b495
This commit is contained in:
parent
b9c866410d
commit
daa1c7a64e
|
@ -181,6 +181,9 @@ PolicyBuilder& PolicyBuilder::AllowLlvmSanitizers() {
|
||||||
JEQ32(MADV_DONTDUMP, ALLOW),
|
JEQ32(MADV_DONTDUMP, ALLOW),
|
||||||
JEQ32(MADV_NOHUGEPAGE, ALLOW),
|
JEQ32(MADV_NOHUGEPAGE, ALLOW),
|
||||||
});
|
});
|
||||||
|
// Sanitizers read from /proc. For example:
|
||||||
|
// https://github.com/llvm-mirror/compiler-rt/blob/69445f095c22aac2388f939bedebf224a6efcdaf/lib/sanitizer_common/sanitizer_linux.cpp#L1101
|
||||||
|
AddDirectory("/proc");
|
||||||
#endif
|
#endif
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user