Wiktor Garbacz
34d17b77ac
Remove dead code
...
IPC always creates comms object from a fd.
PiperOrigin-RevId: 248683525
Change-Id: Ib4285ec0494d551257237c12f92f983b943205cb
2019-05-17 02:02:03 -07:00
Wiktor Garbacz
8678af23d0
Extract GetRlimitName into util
...
PiperOrigin-RevId: 248682931
Change-Id: I702533a8d36465de956a1a90a40c634434b7a671
2019-05-17 01:55:35 -07:00
Wiktor Garbacz
6e1c3c3055
Fix prlimit error message
...
PiperOrigin-RevId: 248491089
Change-Id: Id4116939d02b6a592c74218955675acf2e3c70fe
2019-05-16 02:24:59 -07:00
Wiktor Garbacz
7294e9976e
Replace custom synchronization with absl::Notification
...
PiperOrigin-RevId: 248334969
Change-Id: I7614a3792babd399912c5d5a167ab5e0a0574d20
2019-05-15 08:09:56 -07:00
Wiktor Garbacz
42761c8b72
Add a resource starvation test
...
PiperOrigin-RevId: 248334209
Change-Id: Iff0f0b3024c67a767c429a547695cc48a2d02a30
2019-05-15 08:04:58 -07:00
Wiktor Garbacz
6588aa2a68
Reintroduce monitor changes.
...
Signal handling in Monitor::MainLoop was fixed.
PiperOrigin-RevId: 248331692
Change-Id: I0f85d319802258632d2074742c53597bb922555a
2019-05-15 07:46:49 -07:00
Sandboxed API Team
d8f7d861d2
Log the progress of dynamic libraries being resolved while creating a sandboxee's virtual FS chroot. This provides valuable insight while debugging problems with dynamically linked sandoxed binaries.
...
PiperOrigin-RevId: 247625021
Change-Id: I9bf77af7410deb8766fd49910c8564e148020601
2019-05-10 09:41:07 -07:00
Christian Blichmann
5f3c7171b7
Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44
...
PiperOrigin-RevId: 247424939
Change-Id: I22a4696f705f9dcfa7394b329c78bd126f42bd16
2019-05-09 07:57:55 -07:00
Christian Blichmann
7800fd7402
Disable compiler warnings for consistency with internal settings.
...
PiperOrigin-RevId: 247405215
Change-Id: I236170f7b47d9ecd32324db907ef7afc2e797d9a
2019-05-09 05:21:34 -07:00
Sandboxed API Team
63f0adbfbb
Revert of monitor code update.
...
PiperOrigin-RevId: 247255592
Change-Id: I3656ea1628418321b1b8b02660b6a51a58c2c61f
2019-05-08 11:34:26 -07:00
Wiktor Garbacz
3f5360a7bc
Simplify monitor code.
...
Make setting result code the condition for main loop exit.
PiperOrigin-RevId: 247218505
Change-Id: I8699012683bc301e8a9f4f41cd5ab018e3cd514c
2019-05-08 08:34:56 -07:00
Christian Blichmann
a412383d61
Fix build failure with Bazel v0.25.0+ ( #25 )
...
PiperOrigin-RevId: 247206409
Change-Id: Ic6d4d1fea42ea5746613d3ef3de67f61e72848a6
2019-05-08 07:07:29 -07:00
Sandboxed API Team
f29a5a81ed
Print final FS mounts in sandboxee's chroot
...
After all requested filesystem mounts are fully mounted under a sandboxee's virtual chroot, print a list of the outside paths and a list of the inside chroot paths that the outside paths are mapped to. This provides a valuable insight while debugging sandboxed binaries.
PiperOrigin-RevId: 247130923
Change-Id: I42b4b3db68d826587c0fe8127aabbead38bc6f20
2019-05-07 18:30:13 -07:00
Christian Blichmann
bfcd28bb91
Merge pull request #24 from cblichmann:master
...
PiperOrigin-RevId: 246817542
Change-Id: I59a35015e68a7f2daef9dd63fc9fb638cd433c1c
2019-05-06 16:30:30 +02:00
Christian Blichmann
6bfa83befe
CMake support for Sandbox2
...
- Add a superbuild in cmake/SuperBuild.cmake that downloads and builds
dependencies
- Builds for sandbox2/ and a its tests
- Helper CMake function to strip proto paths
- Module to find libcap
- Custom build for libunwind that wraps its symbols
- Fix environment so that CTest executes tests similar to Bazel
- Filewrapper functionality, like Bazel's cc_embed_data()
- Build forkserver with embedded binary
- Enable ASM language so that libunwind builds correctly
- Allow glog target to propagate transitively (to propagate its include dirs)
Signed-off-by: Christian Blichmann <cblichmann@google.com>
2019-05-06 14:03:29 +02:00
Christian Blichmann
7753cded13
Replace non-alphanumeric, non-underscore characters in filewrapper
...
PiperOrigin-RevId: 246320238
Change-Id: I08454dc19b6227e4ce2c1b7677b916706e7be5a5
2019-05-02 08:11:50 -07:00
Wiktor Garbacz
64cfb949f4
Internal change
...
PiperOrigin-RevId: 245410078
Change-Id: I9ef7680885927b23734c02e063a617c9dbc3b856
2019-05-02 05:21:32 -07:00
Wiktor Garbacz
3a2829bafc
Fix minielf test
...
PiperOrigin-RevId: 245409987
Change-Id: I5c728f012776105b7070e88d77bba27a205d56f1
2019-04-26 06:22:31 -07:00
Wiktor Garbacz
e8ef753821
Internal change
...
PiperOrigin-RevId: 245409914
Change-Id: I20f23a997e09ce4cc2fe9353ac6f341a641e2263
2019-04-26 06:20:43 -07:00
Wiktor Garbacz
b1aa95fcde
Internal change
...
PiperOrigin-RevId: 245409846
Change-Id: Ic9f398146a4c0d72592f5bb7b46a01333303ba12
2019-04-26 06:20:05 -07:00
Wiktor Garbacz
523620f8ab
Internal change
...
PiperOrigin-RevId: 245409785
Change-Id: I37b1611bed459522803fa1e49c4252d2cad80076
2019-04-26 06:18:59 -07:00
Wiktor Garbacz
5e645a9190
Fix build
...
PiperOrigin-RevId: 245400890
Change-Id: I899ef49edd8e371b8714478fa3c911cfb771419b
2019-04-26 04:42:52 -07:00
Sandboxed API Team
f3c9c6e388
Internal change
...
PiperOrigin-RevId: 245377524
Change-Id: If41601b2d68c6ff0f7d3f37811aac62c32441d1f
2019-04-26 00:46:11 -07:00
Sandboxed API Team
afec50fdb5
automated internal change
...
PiperOrigin-RevId: 245070237
Change-Id: Ib6b0d9201f8b603e185eb91c1bc9f500f1af1ed6
2019-04-24 10:31:13 -07:00
Christian Blichmann
feba2c35d7
Apply special whole-archive linker options only where necessary
...
PiperOrigin-RevId: 245038294
Change-Id: I99367e7c982a340a88acf730619a467d34d53203
2019-04-24 07:07:14 -07:00
Wiktor Garbacz
c6d16a58eb
Internal change
...
PiperOrigin-RevId: 244882748
Change-Id: I0342f445df8f60f864d3e7f56145051b821a86e0
2019-04-23 10:47:34 -07:00
Wiktor Garbacz
53d85ab4f2
Internal change
...
PiperOrigin-RevId: 244882228
Change-Id: I506b92326fa83f214b1e7fab6c5b2e0889f8b197
2019-04-23 10:46:58 -07:00
Wiktor Garbacz
63006c1476
Internal change
...
PiperOrigin-RevId: 244881751
Change-Id: I3f3200c4d85906058ac17ed941e69ea22d9a4090
2019-04-23 10:42:14 -07:00
Wiktor Garbacz
0fd468be7c
Internal change
...
PiperOrigin-RevId: 244879634
Change-Id: Ifa63ef7b0cc10e87d18f17b85cce55af03cd37cf
2019-04-23 10:31:51 -07:00
Wiktor Garbacz
6cbaaead8b
Make StatusMatcher more flexible
...
PiperOrigin-RevId: 244879203
Change-Id: I5f7994130a898e84f041b18c0b5313d7e8b32780
2019-04-23 10:30:45 -07:00
Sandboxed API Team
726b1fb451
n/a
...
PiperOrigin-RevId: 244836017
Change-Id: I034cfb1af4835256aa9b8b7ac3e80a341e9a9271
2019-04-23 05:14:22 -07:00
Kevin Hamacher
8ad4fcd0a8
minielf: Increase maximum amount of symbols loaded
...
PiperOrigin-RevId: 243775723
Change-Id: I5398ec23bd76be01c48c69bd4decb015a48386fc
2019-04-16 03:00:28 -07:00
Kevin Hamacher
af44845246
Try to demangle c++ symbols when logging the stacktrace
...
PiperOrigin-RevId: 243612828
Change-Id: I09c748da0c119ba2024b2906802858b5b9bcfeb0
2019-04-15 07:37:23 -07:00
Chris Kennelly
d90b2c6328
Allow TCMalloc to access the rseq syscall.
...
PiperOrigin-RevId: 243441655
Change-Id: I82918459c20f164b56cc0c5b621b004315a011ec
2019-04-13 13:45:35 -07:00
Chris Kennelly
e2eb0597cb
Internal change
...
PiperOrigin-RevId: 243440925
Change-Id: I085535962e1d754f7bc32e08b1785a574062edaa
2019-04-13 13:45:25 -07:00
Kevin Hamacher
ac6a5dfc85
Delete copy constructor of FDCloser
...
PiperOrigin-RevId: 243263443
Change-Id: If22d287ce1872ad070454824e8daa36585ab0258
2019-04-12 07:54:31 -07:00
Kevin Hamacher
6b5f3645ab
Make embed_file use raw logging
...
PiperOrigin-RevId: 242868093
Change-Id: Ibf1f448878219a9ce8fc6bb7d3e93626fa24b1f6
2019-04-10 07:56:06 -07:00
Wiktor Garbacz
79525950fe
Add support for new SECCOMP_RET_* in disassembler
...
PiperOrigin-RevId: 242642525
Change-Id: Iea9a54f01d56cadf19a020340d07c1790c858a0f
2019-04-09 14:38:05 +02:00
Kevin Hamacher
1b50485be6
Move forkserver into a dedicated binary
...
PiperOrigin-RevId: 242637894
Change-Id: I16f19d077e2b5b9d0d4ef58344d5caaef95af7c6
2019-04-09 14:37:41 +02:00
Kevin Hamacher
e44231e28a
Wrap waitpid with TEMP_FAILURE_RETRY and use __WALL to make sure we reap all children
...
PiperOrigin-RevId: 242111281
Change-Id: I322623303487b0292c2aea53d6eae5d9f53d79b6
2019-04-05 05:50:12 -07:00
Copybara-Service
5b0c46fa18
Merge pull request #21 from happyCoder92:master
...
PiperOrigin-RevId: 242110016
Change-Id: I148ba1d8a6d2c675271662e91b41c4aa04b7d0c9
2019-04-05 05:34:00 -07:00
Kevin Hamacher
77ad64ac30
Use high FD numbers in the forkserver to avoid collision with FDs mapped by the user
...
PiperOrigin-RevId: 242106285
Change-Id: I0f4bd130f8e66e6b47ad1d7311e0fff519aa9e90
2019-04-05 04:51:41 -07:00
Wiktor Garbacz
98928a0570
Document required deps for Gentoo
2019-04-05 11:09:02 +02:00
Sandboxed API Team
6a65e63eae
Add //tools/cpp:current_cc_toolchain to the toolchains attribute.
...
This is so that CC Make Variables will be resolved properly.
PiperOrigin-RevId: 241721367
Change-Id: Ic0d3f864b1398107118a1ada4c99cc4516db924f
2019-04-03 16:51:55 +02:00
Wiktor Garbacz
29fac2d393
mounts: Validate interpreter as early as possible
...
PiperOrigin-RevId: 240972700
Change-Id: I9049af7d053152cebd264fbfc352d2971a06d363
2019-03-29 07:07:55 -07:00
Sandboxed API Team
137f772f2b
Allow TCMalloc to call madvise with MADV_NOHUGEPAGE
...
PiperOrigin-RevId: 240555428
Change-Id: I05fd61ecd09fc0a3f76dade0341d35b04a590b90
2019-03-27 07:40:57 -07:00
Christian Blichmann
dda0daa449
Fix typo
...
PiperOrigin-RevId: 240368596
Change-Id: Id517ae6ecece98998316ba5a2672e075e037133a
2019-03-26 09:57:32 -07:00
Christian Blichmann
88213b0d1b
Copybara import of the project:
...
- 05cbe1250a0905c975cb3de175a6c3690dbbc00b Don't accidentially generate trigraphs by Mackie Loeffel <mackie.loeffel@web.de>
- 25e66c1080fa50d8b0661d10ecde39cfcbf51289 Merge 05cbe1250a0905c975cb3de175a6c3690dbbc00b into 6679f... by MackieLoeffel <MackieLoeffel@users.noreply.github.com>
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/sandboxed-api/pull/17 from MackieLoeffel:fix_trigraphs_in_filewrapper 05cbe1250a0905c975cb3de175a6c3690dbbc00b
PiperOrigin-RevId: 240365879
Change-Id: I31fa5dfeadac3cee79e7d66b4dd4fe58a7a4b242
2019-03-26 09:43:16 -07:00
Christian Blichmann
f04be9276f
Formatting fixes and include file hygiene.
...
PiperOrigin-RevId: 240346890
Change-Id: I1a9617f10a62a848b6314a6196512e016ae02643
2019-03-26 07:54:21 -07:00
Christian Blichmann
33206c5d3f
Use a longer string in the CRC4 buffer overflow example.
...
On some newer compiler versions, compiler optimizations and loop unrolling
change the memory layout so that 64 bytes are not enough to overwrite the
return address reliably.
PiperOrigin-RevId: 240343358
Change-Id: Ifb1a1dc1cb482793b7387887f0fd68a237879227
2019-03-26 07:28:15 -07:00