In the case of decompression, we are using the same chunk of memory
twice. The first is to obtain the size of decompressed data, and
the second is to decompress it. In the current code, we are copying
the chunk of memory twice. The memory doesn't change between
the calls, so there is no point in copying it over and over.
Let's synchronize memory only during first call.
- `SKIP_BUILD_RPATH` needs to be set per directory (not allow-listed for
`INTERFACE` properties)
- Use correct name for position independent code
- `-pie`/`-fPIE` will only propagate fully on 3.14+
PiperOrigin-RevId: 428986266
Change-Id: Idf9d7fc184fbeec8ec1b77505246e262d9b8d880
- Link `zipe.c` statically (safe)
- Update policy to allow any use of `stat()`
PiperOrigin-RevId: 428971638
Change-Id: Ib0f5f496ea2389582986b41a8830592e6c1d4390
This adds a first basic test to be run using GitHub Actions on push and pull
request for the CMake build (internally we run everything on Bazel/Blaze).
The Ubuntu runners are implemented as full VMs, so we can run tests directly.
In order to run Sandboxed API/Sandbox2 tests inside a container, it must be
started as privileged, unconfined and retain its capabilities.
Since GitHub does not support modifying the Docker invocation for container
based workflows, we need to manually run the `docker` command.
Until #118 is fixed, this change makes GitHub ignore the test failure on
Fedora.
PiperOrigin-RevId: 428485354
Change-Id: I6b55c5441c4c27b018d19498d2296c7d3da65846
Instead of C++17 structured bindings, use a plain `const auto&` and annotate
arguments with comments instead.
We still support Clang 6.0, as that is the compiler that ships with Ubuntu
18.04 LTS by default.
PiperOrigin-RevId: 428016214
Change-Id: I3a43b2d47c6825ac4425d22018750282cfe23c1b
This fixes a couple of tests in the open source version of the code.
Internally, since we are using a different ELF loader, the page offset
will always be zero. Hence we never notices this was broken.
PiperOrigin-RevId: 427996428
Change-Id: I44c5b5610b074cf69b9f0c5eeb051be50923e351
Note that `//sandboxed_api/sandbox2:stack_trace_test` may still fail for
unrelated reasons, as we are linking libc statically, which is brittle. A
follow-up change will fix this.
PiperOrigin-RevId: 427175045
Change-Id: Ifb5ec2ac3d60f4bcc9708f26c834c83b75e769d7
Newer versions of the GNU gold linkers sometimes omit the symbols for
sandboxed functions, leading to errors like `function not found` when
Sandboxed API tries to call them at runtime.
The fix is simple: Do what Bazel does and wrap the static library in
a `-Wl,--whole-archive`/`-Wl,--no-whole-archive` pair.
PiperOrigin-RevId: 426910732
Change-Id: Id4183f2964a2dea4fc1dfd8c409bc0b1af9db170
--
55de8f7fd7 by Demi Marie Obenour <demi@invisiblethingslab.com>:
Simple libidn2 wrapper
This adds a simple libidn2 wrapper, including unit tests via GTest.
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/sandboxed-api/pull/96 from DemiMarie:libidn2 55de8f7fd7
PiperOrigin-RevId: 426121420
Change-Id: I79b23560ba23c0c2f1da063bfaa85eac13b2f517
Addresses #104 and also fixes a TODO to use `target_link_options()`
and the `LINKER:` prefix in the SAPI build defs.
PiperOrigin-RevId: 426113536
Change-Id: I5322ab975986ceccedfab030cd4610287d297c35