It was never fully thread-safe.
e.g. calling SendProtoBuf concurrently from 2 threads
could result in a data race.
Also not all users need the thread-safety thus it's better left off to be done externally by the ones that require it.
PiperOrigin-RevId: 562548941
Change-Id: Ie32dfca366be9e0c32841e55b688907f4f5f7704
The optimizations are:
* Reduced the number of calls to `write` (originating from `SendTLV()`) from 3 to 1-2 (depending on size of the payload).
* Reduced the number of calls to `read()` (originating from `RecvTLV()`) from 3 to 2.
PiperOrigin-RevId: 561750509
Change-Id: I81bc092edf602e12c85ee97bd2e77b587b750d65
This also fixes a CHECK-failure in Join() when waiting for sandboxee
times out.
PiperOrigin-RevId: 561282248
Change-Id: I5568c3b9e6b8dce531167c267f7896996326d2e2
It was fixed internally and https://github.com/libunwind/libunwind/pull/602 should make it better for OSS.
PiperOrigin-RevId: 559772982
Change-Id: Ifcbf824d37cb4988dc56db20a8bbaaaf52a2cb81
Internally, Abseil and Google logging use different flags and env vars to
control output.
PiperOrigin-RevId: 559715938
Change-Id: I4a908eb835ae0c5d598fb1ca6dc09182a9c3be22
This removes dependency on unwind from forkserver,
which should reduce binary size for all the custom forkservers (also the SAPI generated ones).
Unwind was only ever used by the global forkserver anyhow
PiperOrigin-RevId: 557921074
Change-Id: Iea4904da0506fee5a00f970538f512cba7b02326
The protobuf internals are not needed in the API header and will be made
available as soon as user code includes any generated proto header.
PiperOrigin-RevId: 557749772
Change-Id: Idc48a652ab1892dae559192afbde20ae34e4c7ce
When specifying the `namespace` argument in Bazel (`NAMESPACE` in CMake), the
Clang tool used to put _all_ dependent types in that namespace.
For a declaration of `namespace a::b { struct S {...};` and a `namespace`
argument of `a::b`, this means that the header output was similar to
```
namespace a::b {
namespace a::b {
struct S { ...
```
This was never intended and also does not match the Python based header
generator. The Clang tool now "merges" those same namespaces. This is
correct, as it processes `namespace`d spellings with their full namespace
path.
PiperOrigin-RevId: 557393076
Change-Id: I1474dd30b6c4150d0ae3c1c48579f88060974980
The Python code has been relying on `spelling` to return `None` for skipping
anonymous structs/unions.
libclang has been returning a "spelling" for those for a while now (LLVM 16
introduced this in its branch in 2022), though, so this check no longer works.
Use the correct method `clang.CIndex.is_anonymous()` instead.
PiperOrigin-RevId: 557099905
Change-Id: I13707509dbae03481c5edce7fa92554cefdd57e7
I believe it's possible for the `main_pid` to disappear between `kill` and `sigtimedwait` by means of an `exec` from a multithreaded process (`PTRACE_EVENT_EXIT` happens after the `exec`ing thread changes its tid to main_pid)
PiperOrigin-RevId: 555137959
Change-Id: Id22908fb31497c0906e4f4fda66400fbf9ac9efb
There is no strong reason why this shouln't be the case.
Some future refactorings will depend on this.
PiperOrigin-RevId: 553456024
Change-Id: I452a2804c59ed006326ab37cbe0dec80f53cd714
CRIU while restoring memfd sometimes reopens them, which might result in ETXTBUSY on execveat.
PiperOrigin-RevId: 553114741
Change-Id: I11ee7aabe48a2853a8921a270c6cdcc70b50a518
The `CreateMemFd` function sets the `MFD_ALLOW_SEALING` flag which enables seals to be set and creating an empty file seal.
PiperOrigin-RevId: 550850108
Change-Id: I1a84b7b14cc9396144048bbeb8995f2f7eca9fb7
In cases where SAPI users overwrite the default policy instead of extending it, the sandbox will fail with an `openat` violation. This is automatically inherited in the default policy.
The advantage with this implementation is that we don't expose the open* syscalls when not running under the sanitizers.
PiperOrigin-RevId: 550845188
Change-Id: I151d467848983b00b71ec8447d662394fa7176db
This causes whole repo (with history) to be fetched.
Protobuf repo is especially big (>200MiB).
PiperOrigin-RevId: 549285765
Change-Id: Ifb5e3a549a014adb51e6e5eef41e72abf0149558
This is to facilitate online/offline core counting for an accurate count of the
maximum CPU ID that may be seen.
PiperOrigin-RevId: 548715133
Change-Id: I159c0d51b9800fa633172986ba4f8eca352ae336
If a sandboxing target sets a `compatible_with` constraint, the current sapi.bzl doesn't propagate this to the subsequent target generations.
We implement the forwarding similarly to the `visibility` attribute.
PiperOrigin-RevId: 546838438
Change-Id: I8a0b2623ee3aa91ffe7e6f4b001177c03806f532
- If --sandbox2_danger_danger_permit_all_and_log is set, we write to a logfile (passed via the flag).
- If --sandbox2_danger_danger_permit_all is set, we do not write any log information.
This change introduces a means to also see the syscall information on stderr by passing --v=1 and --alsologtostderr.
PiperOrigin-RevId: 542232271
Change-Id: Ie4d30f0d8e25bb1de7c60bb37736b27b89406336
To avoid code that is being parsed to include the intrinsics headers, undefine
a few key preprocessor defines.
PiperOrigin-RevId: 539878995
Change-Id: I8afb7cbdadcab3214c943c0acb9006e8bcc30611
- Abseil
- Protobuf
- Benchmark
- Googletest
In turn, some code changes were necessary:
- Use absolute imports in `sapi_generator.py` when invoked by Bazel
- Add Abseil's source dir as include dir in generated proto `.cc` files
- Bazel: Use `@rules_proto` for `proto_library` and use native `cc_proto_library`
Drive-by:
- Update year in `README.md`
- Look for clang versions 16, 15, 14, and 13 as well in `code.py`
PiperOrigin-RevId: 539032012
Change-Id: Ib9cd1d7fb38409d884eb45e1fa08927f6af83a21
This should only affect the Bazel `BUILD.bazel` files and their formatting.
PiperOrigin-RevId: 538426054
Change-Id: I0162726d3fb4bcb4d7938cddc6f39e0d9f2b4a3d
Also make sure we don't kill everything (with a `kill(-1, SIGKILL)`) if reading the pid fails.
PiperOrigin-RevId: 536371566
Change-Id: I17f6ae36b73ec43735709ff16d276abaebb00d44
Drive-by:
- Add flags to link libgcc and libstdc++ statically into the binary, making it
"mostly static"
PiperOrigin-RevId: 532349354
Change-Id: I0a86eb29b6a40aec4cec3cffeaf9511726ee4dc8