mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Internal change.
PiperOrigin-RevId: 387565158 Change-Id: I7b5293b614fae74abae1f9a347b0ef414028b8ea
This commit is contained in:
parent
85c58dc2d7
commit
f14aeee0ad
|
@ -447,10 +447,6 @@ absl::Status Sandbox::SetWallTimeLimit(absl::Duration limit) const {
|
||||||
return absl::OkStatus();
|
return absl::OkStatus();
|
||||||
}
|
}
|
||||||
|
|
||||||
absl::Status Sandbox::SetWallTimeLimit(time_t limit) const {
|
|
||||||
return SetWallTimeLimit(absl::Seconds(limit));
|
|
||||||
}
|
|
||||||
|
|
||||||
void Sandbox::Exit() const {
|
void Sandbox::Exit() const {
|
||||||
if (!is_active()) {
|
if (!is_active()) {
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -48,7 +48,7 @@ class Sandbox {
|
||||||
absl::Status Init();
|
absl::Status Init();
|
||||||
|
|
||||||
ABSL_DEPRECATED("Use sapi::Sandbox::is_active() instead")
|
ABSL_DEPRECATED("Use sapi::Sandbox::is_active() instead")
|
||||||
bool IsActive() const { return is_active(); }
|
bool IsActive() const { return this->is_active(); }
|
||||||
// Returns whether the current sandboxing session is active.
|
// Returns whether the current sandboxing session is active.
|
||||||
bool is_active() const;
|
bool is_active() const;
|
||||||
|
|
||||||
|
@ -65,11 +65,11 @@ class Sandbox {
|
||||||
sandbox2::Comms* comms() const { return comms_; }
|
sandbox2::Comms* comms() const { return comms_; }
|
||||||
|
|
||||||
ABSL_DEPRECATED("Use sapi::Sandbox::rpc_channel() instead")
|
ABSL_DEPRECATED("Use sapi::Sandbox::rpc_channel() instead")
|
||||||
RPCChannel* GetRpcChannel() const { return rpc_channel_.get(); }
|
RPCChannel* GetRpcChannel() const { return this->rpc_channel(); }
|
||||||
RPCChannel* rpc_channel() const { return rpc_channel_.get(); }
|
RPCChannel* rpc_channel() const { return rpc_channel_.get(); }
|
||||||
|
|
||||||
ABSL_DEPRECATED("Use sapi::Sandbox::pid() instead")
|
ABSL_DEPRECATED("Use sapi::Sandbox::pid() instead")
|
||||||
int GetPid() const { return pid_; }
|
int GetPid() const { return this->pid(); }
|
||||||
int pid() const { return pid_; }
|
int pid() const { return pid_; }
|
||||||
|
|
||||||
// Synchronizes the underlying memory for the pointer before the call.
|
// Synchronizes the underlying memory for the pointer before the call.
|
||||||
|
@ -115,7 +115,9 @@ class Sandbox {
|
||||||
absl::Status SetWallTimeLimit(absl::Duration limit) const;
|
absl::Status SetWallTimeLimit(absl::Duration limit) const;
|
||||||
ABSL_DEPRECATED(
|
ABSL_DEPRECATED(
|
||||||
"Use sapi::Sandbox::SetWallTimeLimit(absl::Duration) overload instead")
|
"Use sapi::Sandbox::SetWallTimeLimit(absl::Duration) overload instead")
|
||||||
absl::Status SetWallTimeLimit(time_t limit) const;
|
absl::Status SetWallTimeLimit(time_t limit) const {
|
||||||
|
return this->SetWallTimeLimit(absl::Seconds(limit));
|
||||||
|
}
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
#define SANDBOXED_API_SANDBOX2_LIMITS_H_
|
#define SANDBOXED_API_SANDBOX2_LIMITS_H_
|
||||||
|
|
||||||
#include <sys/resource.h>
|
#include <sys/resource.h>
|
||||||
|
|
||||||
#include <cstdint>
|
#include <cstdint>
|
||||||
#include <ctime>
|
#include <ctime>
|
||||||
|
|
||||||
|
@ -34,7 +35,7 @@ class Limits final {
|
||||||
Limits(const Limits&) = delete;
|
Limits(const Limits&) = delete;
|
||||||
Limits& operator=(const Limits&) = delete;
|
Limits& operator=(const Limits&) = delete;
|
||||||
|
|
||||||
// Rlimit-s getters/setters.
|
// rlimits getters/setters.
|
||||||
//
|
//
|
||||||
// Use RLIM64_INFINITY for unlimited values, but remember that some of those
|
// Use RLIM64_INFINITY for unlimited values, but remember that some of those
|
||||||
// cannot exceed system limits (e.g. RLIMIT_NOFILE).
|
// cannot exceed system limits (e.g. RLIMIT_NOFILE).
|
||||||
|
|
|
@ -484,10 +484,10 @@ class PolicyBuilder final {
|
||||||
"Explicitly specify tmpfs size by using AddTmpfs(inside, sz) instead")
|
"Explicitly specify tmpfs size by using AddTmpfs(inside, sz) instead")
|
||||||
PolicyBuilder& AddTmpfs(absl::string_view inside) {
|
PolicyBuilder& AddTmpfs(absl::string_view inside) {
|
||||||
LOG(WARNING) << "Tmpfs size not specified, defaulting to 4 MiB";
|
LOG(WARNING) << "Tmpfs size not specified, defaulting to 4 MiB";
|
||||||
return AddTmpfs(inside, 4 << 20 /* 4 MiB */);
|
return this->AddTmpfs(inside, /*size=*/4ULL << 20 /* 4 MiB */);
|
||||||
}
|
}
|
||||||
|
|
||||||
PolicyBuilder& AddTmpfs(absl::string_view inside, size_t sz);
|
PolicyBuilder& AddTmpfs(absl::string_view inside, size_t size);
|
||||||
|
|
||||||
// Allows unrestricted access to the network by *not* creating a network
|
// Allows unrestricted access to the network by *not* creating a network
|
||||||
// namespace. Note that this only disables the network namespace. To actually
|
// namespace. Note that this only disables the network namespace. To actually
|
||||||
|
|
|
@ -104,12 +104,7 @@ class Sandbox2 final {
|
||||||
void set_walltime_limit(absl::Duration limit) const;
|
void set_walltime_limit(absl::Duration limit) const;
|
||||||
|
|
||||||
// Gets the pid inside the executor.
|
// Gets the pid inside the executor.
|
||||||
pid_t GetPid() {
|
pid_t GetPid() { return monitor_ != nullptr ? monitor_->pid_ : -1; }
|
||||||
if (monitor_ != nullptr) {
|
|
||||||
return monitor_->pid_;
|
|
||||||
}
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Gets the comms inside the executor.
|
// Gets the comms inside the executor.
|
||||||
Comms* comms() {
|
Comms* comms() {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user