StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Fix sums test under MSAN by allowing Scudo to add MAP_NORESERVE in mmap()

Browse Source 
Note: This change allows `MAP_NORESERVE` generally, not just for MSAN. This follows
what we do for `AllowTcMalloc()/AllowSystemMalloc()`
PiperOrigin-RevId: 402231980
Change-Id: Ifa1c6b9f61f636dd6db231dde3765c3b4a40911b
This commit is contained in:
Christian Blichmann 2021-10-11 01:21:26 -07:00 committed by Copybara-Service
parent 221e929018
commit df1c31188d
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sandboxed_api/sandbox.h
View File

@ -131,7 +131,7 @@ class Sandbox {
// - absolute: will be used as is.
virtual std::string GetLibPath() const { return ""; }
// Gets the environment varialbes passed to the sandboxee.
// Gets the environment variables passed to the sandboxee.
virtual void GetEnvs(std::vector<std::string>* envs) const {}
// Modifies the Executor object if needed.

3
sandboxed_api/sandbox2/policybuilder.cc
View File

@ -113,7 +113,8 @@ PolicyBuilder& PolicyBuilder::AllowScudoMalloc() {
// PROT_READ | PROT_WRITE
ARG_32(3), // flags
JEQ32(MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, ALLOW),
BPF_STMT(BPF_ALU | BPF_AND | BPF_K,
~uint32_t{MAP_FIXED | MAP_NORESERVE}),
JEQ32(MAP_PRIVATE | MAP_ANONYMOUS, ALLOW),
JUMP(&labels, mmap_end),