StarMirror
/
sandboxed-api
mirror of https://github.com/google/sandboxed-api
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,402 Commits
1 Branch
3 Tags
144 MiB
Commit Graph

924 Commits (main)

Author SHA1 Message Date
Wiktor Garbacz 9a985f91a7 Replace use of deprecated `sandbox2::Comms` functions 
PiperOrigin-RevId: 566863078
Change-Id: Ida96eb8046ff96bdd41cec4a1427073ae43930d9
 2023-09-19 23:55:05 -07:00
Wiktor Garbacz 227daf4a42 Do 1 level of recursion on libunwind crashes 
PiperOrigin-RevId: 566617450
Change-Id: If5e3ce2e9763360c6cbd50145c432dfb62621136
 2023-09-19 06:50:05 -07:00
Wiktor Garbacz 1cf45be7df Refactor Comms to split out listening/connecting part 
Deprecated APIs slated for removal after migration of internal
clients.

PiperOrigin-RevId: 566598245
Change-Id: I5d7b920f3a788d4eccc6e78f239b660ba903adcc
 2023-09-19 05:14:09 -07:00
Wiktor Garbacz d26262d82e Remove stale comment 
PiperOrigin-RevId: 566559462
Change-Id: Iafc1e05ff4a958480c14b69b4139b370cdc63149
 2023-09-19 02:04:50 -07:00
Sandboxed API Team 37b3a51ca6 Use empty instead of length 
PiperOrigin-RevId: 566219114
Change-Id: I123e3cb8253d092b5d2d9c8e2a85cf5348c64a58
 2023-09-18 00:46:50 -07:00
Chris Kennelly f5830c93cd Ensure that TCMalloc can execute NumCPUs. 
PiperOrigin-RevId: 565683514
Change-Id: I391ab5f184f487ef3ffc553d10581cd6eaee54de
 2023-09-15 08:21:13 -07:00
Wiktor Garbacz 700f8fa547 Skip sanitizers for limits_test 
PiperOrigin-RevId: 565645224
Change-Id: I4441562e368ab8e0b95abbf9e3fbaa792ae59ffd
 2023-09-15 04:57:24 -07:00
Wiktor Garbacz 1475458939 namespace_test: use lstat instead of stat, don't descent into procfs & sysfs 
PiperOrigin-RevId: 565303140
Change-Id: I7600b60613f52260410098e617b00a2e4272b2fb
 2023-09-14 02:09:12 -07:00
Wiktor Garbacz b47a5ead07 Add TCMalloc related files to test policy 
PiperOrigin-RevId: 565067820
Change-Id: I55bbe80b568042c1639435867f565880667f0180
 2023-09-13 09:06:33 -07:00
Wiktor Garbacz 4289b64aa7 Disallow clone3, unsafe clone and unshare flags 
Ability to create new namespaces and getting capabilities in there exposes a big kernel attack surface.

PiperOrigin-RevId: 564703131
Change-Id: I3dcf4c78dca9f51a4b068df16e1b1a69916d727c
 2023-09-12 06:30:45 -07:00
Wiktor Garbacz 77f62ccb1f Remove unused `NetworkProxyClient::ConnectHandler` 
PiperOrigin-RevId: 563750900
Change-Id: Ib848aab0520032dbdcc879cb11861b133e26c4c6
 2023-09-08 07:51:13 -07:00
Wiktor Garbacz f614862e07 Remove deprecated VecStringToCharPtrArr 
PiperOrigin-RevId: 563374332
Change-Id: I6873ca0d45fd5de6ad8eab1cbc395032130e9697
 2023-09-07 03:09:30 -07:00
Wiktor Garbacz b350a41a10 Gather more coverage data 
Switch to ForkWithFlags for InitProcess (it will not reset coverage).
Explicitly dump coverage after initial namespace setup.
Return instead of exiting from libunwind sandbox.

PiperOrigin-RevId: 563368599
Change-Id: I3b764db015a71bd091ee7b4b5b614281cbb84832
 2023-09-07 02:43:04 -07:00
Wiktor Garbacz f6ec787902 PtraceMonitor: Add a hard deadline for waiting for kill to take effect 
PiperOrigin-RevId: 563064233
Change-Id: Id340ba3793b82737f1976638a57df513c3d4136c
 2023-09-06 04:38:51 -07:00
Wiktor Garbacz 98d7f91b4d Run more tests with sanitizers and coverage 
PiperOrigin-RevId: 562768789
Change-Id: I2ee9e05a75a1f4e46887ef4c6587628f36ba16eb
 2023-09-05 07:14:49 -07:00
Wiktor Garbacz 92aeadddee PolicyBuilder: test error conditions for AddPolicyOnSyscalls 
PiperOrigin-RevId: 562768777
Change-Id: If756f83ea657cc6cd4c1283339a2909071a47493
 2023-09-05 07:13:56 -07:00
Wiktor Garbacz 02d770adcc NetworkProxyTest: test more error conditions 
PiperOrigin-RevId: 562708702
Change-Id: Ifedcb0eb2bc84396627a0b53828e1e10e4c562ad
 2023-09-05 02:17:25 -07:00
Wiktor Garbacz b088c01ab2 Add missing Aarch64 syscall entries 
PiperOrigin-RevId: 562705740
Change-Id: Ie75c13b4b1669cc7bcd45baa51119c633e120993
 2023-09-05 02:03:36 -07:00
Wiktor Garbacz 5f9698612e Better network proxy tests 
Fix sending error on `connect` failure.

PiperOrigin-RevId: 562693682
Change-Id: I70c710a9001f22e172cbe4df328983bfa7188d3d
 2023-09-05 00:57:27 -07:00
Wiktor Garbacz 3ea315858d Remove mutexes from Comms 
It was never fully thread-safe.
e.g. calling SendProtoBuf concurrently from 2 threads
could result in a data race.
Also not all users need the thread-safety thus it's better left off to be done externally by the ones that require it.

PiperOrigin-RevId: 562548941
Change-Id: Ie32dfca366be9e0c32841e55b688907f4f5f7704
 2023-09-04 07:00:57 -07:00
Wiktor Garbacz 197f03aa5b Adjust code so that variable name is correct 
PiperOrigin-RevId: 562509424
Change-Id: I33bf50c2cdce0fbd38d669d76da95b448f1841e4
 2023-09-04 03:13:42 -07:00
Jaeden Quintana e23acfd7e7 Made slight optimizations in Sandbox2's comms. 
The optimizations are:
* Reduced the number of calls to `write` (originating from `SendTLV()`) from 3 to 1-2 (depending on size of the payload).
* Reduced the number of calls to `read()` (originating from `RecvTLV()`) from 3 to 2.

PiperOrigin-RevId: 561750509
Change-Id: I81bc092edf602e12c85ee97bd2e77b587b750d65
 2023-08-31 13:50:26 -07:00
Wiktor Garbacz 2c9ac02b68 Rework network_proxy related tests/examples 
PiperOrigin-RevId: 561632543
Change-Id: I85843cc1cac8348273a5593339b38ae08e07592c
 2023-08-31 06:06:09 -07:00
Sandboxed API Team a0eb8d4445 Increase limits in ElfParser 
PiperOrigin-RevId: 561621211
Change-Id: I3bbe8aecd3e3044251b67145927ee3a04bc56532
 2023-08-31 05:01:51 -07:00
Wiktor Garbacz dc25251af9 Enable sandboxed stack traces for coverage 
PiperOrigin-RevId: 561611676
Change-Id: I852eec8fc3728da1ae0b4bca8ccc9a628b8b5adc
 2023-08-31 04:05:49 -07:00
Wiktor Garbacz f715bd8ba9 Run more tests with coverage enabled 
PiperOrigin-RevId: 561575508
Change-Id: Ifc9a678b6a6cbcd892a1f8710b941514eb1d9764
 2023-08-31 00:44:23 -07:00
Wiktor Garbacz 47c868e6b1 Merge block bpf/ptrace tests 
PiperOrigin-RevId: 561338563
Change-Id: If2704835c75ca0ae367375212c2104289e7b5cb0
 2023-08-30 07:47:15 -07:00
Wiktor Garbacz 5802d5b681 Refactor Forkserver::LaunchChild 
PiperOrigin-RevId: 561331391
Change-Id: Ia96187ac1aff25a729c92dfc937f48cc0ae64342
 2023-08-30 07:12:30 -07:00
Wiktor Garbacz 09a48bac06 Reduce CHECK-failures in unotify monitor 
This also fixes a CHECK-failure in Join() when waiting for sandboxee
times out.

PiperOrigin-RevId: 561282248
Change-Id: I5568c3b9e6b8dce531167c267f7896996326d2e2
 2023-08-30 02:56:16 -07:00
Wiktor Garbacz 4a6b0d4633 Always override forkservers comms_fd in sandboxee 
PiperOrigin-RevId: 561276110
Change-Id: I8bd1ce7e2f363b5e371a431b1e6db6534023e401
 2023-08-30 02:20:56 -07:00
Wiktor Garbacz 0150026d38 Make PolicyBuilder helpers more self-contained 
PiperOrigin-RevId: 561032912
Change-Id: I74db0c33609eb74df144db8d1d844b7267bf8ce4
 2023-08-29 08:12:19 -07:00
Wiktor Garbacz 37f00991b9 Final round of IWYU fixes for Sandbox2 
PiperOrigin-RevId: 560077736
Change-Id: Id810db20b0042b8cd4f8f7a352b2cc571de51b71
 2023-08-25 06:50:29 -07:00
Christian Blichmann c04ef4572c CMake: Re-add missing library deps due to bad merge 
PiperOrigin-RevId: 560020224
Change-Id: I54d329b12282f1a0c711b60f31f174c42ab3d893
 2023-08-25 01:49:39 -07:00
Wiktor Garbacz 7de1c4d8d0 More IWYU annotations 
PiperOrigin-RevId: 560004823
Change-Id: If4d5048d01b09041c8b7175498a751df51ac0ba6
 2023-08-25 00:35:09 -07:00
Wiktor Garbacz c175ac2c20 Fix missing dep for users of SANDBOX2_TRACE 
PiperOrigin-RevId: 560004680
Change-Id: I7e9b86939ab1df2e2a400887ee53c8b9110e341c
 2023-08-25 00:34:20 -07:00
Wiktor Garbacz edde724ab9 Internal change 
PiperOrigin-RevId: 559996678
Change-Id: I25a18212dc2ab15dd106cffea6132bea4a3b842d
 2023-08-24 23:55:35 -07:00
Wiktor Garbacz 8254d13faf Reenable the stack_trace_test 
It was fixed internally and https://github.com/libunwind/libunwind/pull/602 should make it better for OSS.

PiperOrigin-RevId: 559772982
Change-Id: Ifcbf824d37cb4988dc56db20a8bbaaaf52a2cb81
 2023-08-24 09:11:56 -07:00
Christian Blichmann d5ff466c59 Support passing `stderrthreshold` to sandboxee 
PiperOrigin-RevId: 559769140
Change-Id: I57ad45e1155355e51a821d7903b2eb73dd1303ee
 2023-08-24 08:58:26 -07:00
Wiktor Garbacz 3adc232a07 Add missing dependencies bazel/BUILD 
PiperOrigin-RevId: 559742911
Change-Id: I4212fa4abf27d8318b394425c1f3206b9377e63b
 2023-08-24 07:09:14 -07:00
Wiktor Garbacz 127176d72f Bulk IWYU and build_cleaner fixes 
PiperOrigin-RevId: 559733768
Change-Id: Ia38f4c176e9f0abbfdb3a8f1109f482d8870eb0f
 2023-08-24 06:23:36 -07:00
Wiktor Garbacz 38e5be910e Temporarily disable a non-sandboxed crash stack_trace_test 
This might fail under some versions of libunwind.

PiperOrigin-RevId: 559728630
Change-Id: I12bad6ec68a52164f79c8bf9a7b349fcd1a462e9
 2023-08-24 05:59:50 -07:00
Christian Blichmann eaf8ef88c4 Sandboxed API: Env vars: Set `GOOGLE_STDERRTHRESHOLD` used by OSS Abseil 
Internally, Abseil and Google logging use different flags and env vars to
control output.

PiperOrigin-RevId: 559715938
Change-Id: I4a908eb835ae0c5d598fb1ca6dc09182a9c3be22
 2023-08-24 04:50:21 -07:00
Wiktor Garbacz 0036d9d09f Update Abseil 
PiperOrigin-RevId: 559684012
Change-Id: Iee3e338a0b4dc1548f44610ba5e535e8787cf969
 2023-08-24 01:59:03 -07:00
Wiktor Garbacz 6986af58bb IWYU fixes 
PiperOrigin-RevId: 559444773
Change-Id: If92cdc4f978a22bfdbd61b0c9e0b43ea272bca8d
 2023-08-23 09:04:00 -07:00
Wiktor Garbacz 696d0eed11 Add IWYU pragma 
PiperOrigin-RevId: 559415055
Change-Id: I8bbcc6b1e0b422ce46a63d2a9a429edd3402c51e
 2023-08-23 07:14:21 -07:00
Wiktor Garbacz 9dcc9db919 Replace StrError with PLOG 
PiperOrigin-RevId: 559380593
Change-Id: Ia7d2bcb3908b5e739ac5c4aaec1559fb6f86f383
 2023-08-23 04:09:02 -07:00
Sandboxed API Team 41003aae83 Automated rollback of commit 1e26cd50dc. 
PiperOrigin-RevId: 559102360
Change-Id: I5dd175d5f0b9ece602f5c26454ad1f1e2e3a60fc
 2023-08-22 07:12:09 -07:00
Wiktor Garbacz c4660f8a6e Provide sealing flags if not defined in the headers 
Also adjust naming of MFD_ constants

PiperOrigin-RevId: 559091482
Change-Id: I74271aee443a6d174950fd258bd238587cb4c75e
 2023-08-22 06:21:25 -07:00
Wiktor Garbacz e75be07bb0 Automated rollback of commit 9c21744460. 
PiperOrigin-RevId: 559063479
Change-Id: I4ccf8d5717b8669921c5b580eb415975cd625eaf
 2023-08-22 03:59:49 -07:00
Wiktor Garbacz 8a6b689c29 Cleanup includes 
PiperOrigin-RevId: 559053598
Change-Id: Ie28d6db5505ed6ed14181fca9224390d883c20de
 2023-08-22 03:04:38 -07:00
Wiktor Garbacz 632fdc639d Add missing includes 
PiperOrigin-RevId: 559052007
Change-Id: I3bc95cbc204c207d60c5aabb414840fdaba8c0c6
 2023-08-22 02:56:16 -07:00
Wiktor Garbacz 1e26cd50dc Always override forkservers comms_fd in sandboxee 
PiperOrigin-RevId: 558721787
Change-Id: I331efd38b0571877b53cdc14190bae0ed639ce3f
 2023-08-21 02:15:52 -07:00
Wiktor Garbacz 56d11ae733 Client::PrepareEnvironment simplify by supporting just a single preserved fd 
PiperOrigin-RevId: 558133382
Change-Id: I043985fcf331761b424ce720791711e5ea1f4fb9
 2023-08-18 06:52:45 -07:00
Wiktor Garbacz 1e9b686c4f Make `Comms` movable 
PiperOrigin-RevId: 558110484
Change-Id: I87fec43c0157e16ba683c498d8b50b3655efac17
 2023-08-18 04:41:30 -07:00
Wiktor Garbacz 08b81b52e0 Internal change 
PiperOrigin-RevId: 558105430
Change-Id: I6b0c1c3a389b8b22c50fe3b2e753aba9a3e804ab
 2023-08-18 04:10:42 -07:00
Wiktor Garbacz bf9fe79dbe Introduce a SAPI_RAW_VLOG_IS_ON just for raw_logging 
PiperOrigin-RevId: 558094899
Change-Id: I9da55eb55af22eafc74a81999dc920dbab98a1a3
 2023-08-18 03:12:36 -07:00
Wiktor Garbacz ff23e878d3 Prefer regular logging to raw_logging 
PiperOrigin-RevId: 558089528
Change-Id: Id3fb3ec16d25c5df859c305e1b0db00b54212958
 2023-08-18 02:43:27 -07:00
Wiktor Garbacz b258535161 Treat libunwind sandbox as a ~regular sandboxee 
This removes dependency on unwind from forkserver,
which should reduce binary size for all the custom forkservers (also the SAPI generated ones).
Unwind was only ever used by the global forkserver anyhow

PiperOrigin-RevId: 557921074
Change-Id: Iea4904da0506fee5a00f970538f512cba7b02326
 2023-08-17 13:32:44 -07:00
Wiktor Garbacz 6a64659fac Use default SAPI policy in the examples 
PiperOrigin-RevId: 557903883
Change-Id: Ieb65c5cf109037073449f16a466e33937deeb553
 2023-08-17 12:34:47 -07:00
Wiktor Garbacz 77fbfa7f5f forkserver: use eventfd instead pipe for initial namespace creation 
PiperOrigin-RevId: 557764601
Change-Id: I146c67bc6d4ba68f17c2117b1ca4d6bc71d30ffa
 2023-08-17 03:02:19 -07:00
Wiktor Garbacz 5d13550877 Allow set_robust_list for TSAN 
It might spawn a thread which will likely invoke that syscall.

PiperOrigin-RevId: 557762639
Change-Id: I26a7a79253338bbe83d22d1680256e5cdb914762
 2023-08-17 02:52:53 -07:00
Wiktor Garbacz 18c64ae10f Adjust sandboxed_api default policy 
PiperOrigin-RevId: 557762512
Change-Id: I600c8126ee09b8bab927013de25fcb836c78ac9a
 2023-08-17 02:51:59 -07:00
Christian Blichmann f378d22405 Clang tool: Skip protobuf namespaces when emitting headers 
The protobuf internals are not needed in the API header and will be made
available as soon as user code includes any generated proto header.

PiperOrigin-RevId: 557749772
Change-Id: Idc48a652ab1892dae559192afbde20ae34e4c7ce
 2023-08-17 01:58:33 -07:00
Wiktor Garbacz 0a0bf05dc3 Readd VLOGs removed by mistake 
PiperOrigin-RevId: 557739843
Change-Id: I21497028fc26388fec8a45ee1bfa2f11cf9022d2
 2023-08-17 01:13:21 -07:00
Sandboxed API Team 7d78b89777 Fix typo. 
PiperOrigin-RevId: 557598808
Change-Id: I02ac71ca025be9a5e45011b1bbeb07a144b2e632
 2023-08-16 14:13:42 -07:00
Sandboxed API Team 034f24001e In Sandbox2 IPC class, add a MapDupedFd() function to allow application to retain ownership of the local_fd. 
PiperOrigin-RevId: 557539211
Change-Id: Ib74a305333bc51a261c766052284e9fa68115e9d
 2023-08-16 10:58:55 -07:00
Wiktor Garbacz abd3faf51b monitor_unotify: Use eventfd instead of pipe for notifications 
PiperOrigin-RevId: 557479262
Change-Id: Ie03e4e8915950999ff0b47e8b08c50241e53a600
 2023-08-16 07:29:11 -07:00
Wiktor Garbacz 7a57d32711 forkserver: Remove waitpid flag 
It was superseded by sandboxee rusage when using unotify monitor

PiperOrigin-RevId: 557396642
Change-Id: I41f84149227f62d4b7727030f9359834a9b61dbc
 2023-08-16 01:33:12 -07:00
Christian Blichmann c501379056 Clang tool: Prevent extra nesting of namespaces 
When specifying the `namespace` argument in Bazel (`NAMESPACE` in CMake), the
Clang tool used to put _all_ dependent types in that namespace.

For a declaration of `namespace a::b { struct S {...};` and a `namespace`
argument of `a::b`, this means that the header output was similar to
```
namespace a::b {
namespace a::b {
struct S { ...
```

This was never intended and also does not match the Python based header
generator. The Clang tool now "merges" those same namespaces. This is
correct, as it processes `namespace`d spellings with their full namespace
path.

PiperOrigin-RevId: 557393076
Change-Id: I1474dd30b6c4150d0ae3c1c48579f88060974980
 2023-08-16 01:17:54 -07:00
Wiktor Garbacz 1c2596785b Clearer logs on execveat failures 
Drive-by: remove redundant log prefix (PLOG prepends filename and line)
PiperOrigin-RevId: 557367980
Change-Id: Id7cc945969e0ae06a451ca3dd0f3e288402b9136
 2023-08-15 23:30:44 -07:00
Christian Blichmann ae3d334cc2 generator2: Skip anonymous structs/unions 
The Python code has been relying on `spelling` to return `None` for skipping
anonymous structs/unions.

libclang has been returning a "spelling" for those for a while now (LLVM 16
introduced this in its branch in 2022), though, so this check no longer works.
Use the correct method `clang.CIndex.is_anonymous()` instead.

PiperOrigin-RevId: 557099905
Change-Id: I13707509dbae03481c5edce7fa92554cefdd57e7
 2023-08-15 05:20:47 -07:00
Christian Blichmann 352d1f8fb2 Clang tool: Emit aggregates with default initialized members 
PiperOrigin-RevId: 556765694
Change-Id: I2547919cdc1fcb048c99de325a8b2c24800b0e06
 2023-08-14 06:14:43 -07:00
Wiktor Garbacz 8b70461db4 Automated rollback of commit a946cedc95. 
PiperOrigin-RevId: 555902433
Change-Id: I93efb401e64b90ba114911b87ed680456037d248
 2023-08-11 04:54:59 -07:00
Wiktor Garbacz a946cedc95 PtraceMonitor: Add a hard deadline for waiting for kill to take effect 
PiperOrigin-RevId: 555854230
Change-Id: If323725e5112344105627844910356dd14c9ad31
 2023-08-11 02:01:10 -07:00
Wiktor Garbacz 01e14e0bb7 Fix bypass for enabling `ptrace`/`bpf` 
PiperOrigin-RevId: 555847265
Change-Id: I671c0650caeefaac590d3d0030ff90e18fda6bbd
 2023-08-11 01:34:27 -07:00
Wiktor Garbacz 3079d2b4e0 Make Policy a simple copyable type 
PiperOrigin-RevId: 555146979
Change-Id: I83d7260d65d4291c418e6c8e80385cbdc8fbc758
 2023-08-09 06:44:22 -07:00
Wiktor Garbacz c14312c3a2 Kill on each iteration of graceful exit loop 
I believe it's possible for the `main_pid` to disappear between `kill` and `sigtimedwait` by means of an `exec` from a multithreaded process (`PTRACE_EVENT_EXIT` happens after the `exec`ing thread changes its tid to main_pid)

PiperOrigin-RevId: 555137959
Change-Id: Id22908fb31497c0906e4f4fda66400fbf9ac9efb
 2023-08-09 06:00:19 -07:00
Wiktor Garbacz 48bbb06fe7 Move log warning about non-namespaced stacktraces 
PiperOrigin-RevId: 554493643
Change-Id: I27755322edcd7c0191cd125ec8ffdace18a6460c
 2023-08-07 09:07:06 -07:00
Wiktor Garbacz 4890c86cec Mark GetNamespaceDescription const 
PiperOrigin-RevId: 554460753
Change-Id: I3304fb7d19f93750b1d74aeb1b8213af2f0fea85
 2023-08-07 06:48:11 -07:00
Wiktor Garbacz dd664400d7 More verbose logging on graceful exit timeout 
PiperOrigin-RevId: 554382651
Change-Id: I7205fed9285b2aaff93860782d65d3dc829bb5f9
 2023-08-07 00:28:10 -07:00
Sandboxed API Team 0a0ac6a66b Automated rollback of commit 4d625e521b. 
PiperOrigin-RevId: 553536999
Change-Id: If6ae319e54a3ea5eb88e00888044ba1088bd62d2
 2023-08-03 11:23:05 -07:00
Wiktor Garbacz 7722c07d0c Mark `Mounts::RecursivelyListMounts()` const 
PiperOrigin-RevId: 553472906
Change-Id: Ia222751fd4b978dece6ef12c6677db8f3092ac1b
 2023-08-03 07:40:16 -07:00
Wiktor Garbacz 4d625e521b Move log warning about non-namespaced stacktraces 
PiperOrigin-RevId: 553472372
Change-Id: Iba43cba78edd1826afb29f49a7e08e919554ed80
 2023-08-03 07:37:54 -07:00
Wiktor Garbacz 3f9e9a2b25 Make Namespace copyable, movable and copy/move assignable 
There is no strong reason why this shouln't be the case.
Some future refactorings will depend on this.

PiperOrigin-RevId: 553456024
Change-Id: I452a2804c59ed006326ab37cbe0dec80f53cd714
 2023-08-03 06:21:13 -07:00
Wiktor Garbacz 29b7b49325 Use return value directly instead of SAPI_ASSIGN_OR_RETURN dance 
PiperOrigin-RevId: 553449209
Change-Id: Id344bc84a42edfaf92b95dc8cf92582001183494
 2023-08-03 05:45:58 -07:00
Wiktor Garbacz fc8a2340c7 Rename GetCloneFlags 
PiperOrigin-RevId: 553448623
Change-Id: Ia49b16dd4b8795ba95bab8a8ea0c7ffc50bba628
 2023-08-03 05:42:29 -07:00
Wiktor Garbacz 8fbe21ce0e Really give priority to main_pid 
Do process all events as soon one for priority_pid arrives.

PiperOrigin-RevId: 553156575
Change-Id: I57a9b4ca54a0e0fe5f01245b130f53ef3f8678fc
 2023-08-02 08:42:51 -07:00
Wiktor Garbacz 3bbb98c494 Better error when calling RunAsync on a Sandbox2 instance twice 
PiperOrigin-RevId: 553129224
Change-Id: I92ff15d111ccd5e7d4310a2e1559811dd1cc7027
 2023-08-02 06:44:21 -07:00
Wiktor Garbacz 1c960e8389 EmbedFile: Reopen memfds as readonly to workaround problems with CRIU 
CRIU while restoring memfd sometimes reopens them, which might result in ETXTBUSY on execveat.

PiperOrigin-RevId: 553114741
Change-Id: I11ee7aabe48a2853a8921a270c6cdcc70b50a518
 2023-08-02 05:28:04 -07:00
Oliver Kunz eaa175c8d2 Sandbox2: Remove file sealing for in-memory files. 
The `CreateMemFd` function sets the `MFD_ALLOW_SEALING` flag which enables seals to be set and creating an empty file seal.

PiperOrigin-RevId: 550850108
Change-Id: I1a84b7b14cc9396144048bbeb8995f2f7eca9fb7
 2023-07-25 05:04:52 -07:00
Oliver Kunz 04ed89906b Adding AllowOpen to AllowLlvmSanitizers to avoid having to add AllowOpen in addition when it's only needed for running under the sanitizers. 
In cases where SAPI users overwrite the default policy instead of extending it, the sandbox will fail with an `openat` violation. This is automatically inherited in the default policy.

The advantage with this implementation is that we don't expose the open* syscalls when not running under the sanitizers.

PiperOrigin-RevId: 550845188
Change-Id: I151d467848983b00b71ec8447d662394fa7176db
 2023-07-25 04:38:43 -07:00
Wiktor Garbacz 9d1d4b7fd3 Disallow AddPolicyForSyscalls with an empty list 
PiperOrigin-RevId: 549887306
Change-Id: I05a97b39a2c92ad5ab2002c7af7e83a8184392cf
 2023-07-21 02:24:44 -07:00
Wiktor Garbacz e86462db77 Remove redundant buffer test 
It tested Comms rather than different Buffer functionality.

PiperOrigin-RevId: 549880115
Change-Id: I095464540fa21cc4b3bee1d87e1e046807b6f18c
 2023-07-21 01:53:54 -07:00
Wiktor Garbacz 7683f6995b Do not use GIT in FetchContent_Declare 
This causes whole repo (with history) to be fetched.
Protobuf repo is especially big (>200MiB).

PiperOrigin-RevId: 549285765
Change-Id: Ifb5e3a549a014adb51e6e5eef41e72abf0149558
 2023-07-19 05:20:28 -07:00
Wiktor Garbacz 25f27ef935 Allow replacing a read-only node with writable for same target 
PiperOrigin-RevId: 548942347
Change-Id: I4b22740ca27772831afcddb69d515c84aca04c51
 2023-07-18 02:45:13 -07:00
Chris Kennelly 4ba75ea0a2 Allow TCMalloc users access to the possible cpus list. 
This is to facilitate online/offline core counting for an accurate count of the
maximum CPU ID that may be seen.

PiperOrigin-RevId: 548715133
Change-Id: I159c0d51b9800fa633172986ba4f8eca352ae336
 2023-07-17 09:31:22 -07:00
Wiktor Garbacz f0e85cea13 Introduce AddFile(At)IfNamespaced/AddDirectory(At)IfNamespaced 
Use the new interface in AllowRestartableSequences.

PiperOrigin-RevId: 548619728
Change-Id: I1f8aeb9a1cb412c50391d65a3cd148f77b46bd6f
 2023-07-17 01:58:46 -07:00
Sandboxed API Team 39026f7678 Internal Code Change 
PiperOrigin-RevId: 548043988
Change-Id: Iba4a828eeb53205f28dae85fc179cee21b104632
 2023-07-14 00:30:56 -07:00
Sandboxed API Team a3fa7d27d5 Internal Code Change 
PiperOrigin-RevId: 547689091
Change-Id: I76ddcaefcc50f8ce706d59dae99877ca6f28544d
 2023-07-12 22:13:27 -07:00
Sandboxed API Team 619030326c Internal Code Change 
PiperOrigin-RevId: 547420866
Change-Id: I7b80e96531a234281a323c03903b922704019135
 2023-07-12 01:09:40 -07:00