StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
745 Commits 1 Branch 3 Tags 144 MiB
372b8e2696
Commit Graph

277 Commits

Author SHA1 Message Date
Paul Wankadia
372b8e2696 Fix constant name in log message 
PiperOrigin-RevId: 384187707
Change-Id: I3d322f6d00fa63fc7a2b33f8c7844c4291e4fef1
 2021-07-12 01:56:42 -07:00
Christian Blichmann
a290ffc8bc Seal memfd in embed_file.cc 
PiperOrigin-RevId: 383358851
Change-Id: I839a9b816f9c7f486908fbccdc3ecd621bd1c402
 2021-07-07 00:58:57 -07:00
Wiktor Garbacz
424c543eb7 Automated rollback of commit 4a38f59728. 
PiperOrigin-RevId: 381815277
Change-Id: I344c9bb1a505cc0a0dcf7e9ff979c172c484d963
 2021-06-28 02:03:06 -07:00
Wiktor Garbacz
fe2ee5dfac Do not expose stack_trace.h in public API 
PiperOrigin-RevId: 381412175
Change-Id: I30729c5af378c358e6400e4b7366d435518ae7d7
 2021-06-25 00:03:54 -07:00
Wiktor Garbacz
fe08d724e4 Simplify the dup fix and add better error handling 
Original fix might fail if RLIMIT_NOFILE is set to 1024.

PiperOrigin-RevId: 381034115
Change-Id: I39e33a90083533cf85eb04072604665c299b861f
 2021-06-23 08:14:01 -07:00
Sandboxed API Team
4a38f59728 Automated rollback of commit a850aa44d2. 
PiperOrigin-RevId: 380897565
Change-Id: Iacc50697a5ff25b79272a1549291bbf32152d3f6
 2021-06-22 14:50:33 -07:00
Wiktor Garbacz
0ec4f07f96 Fix rare failure while starting the global forkserver 
This bug only manifests if a lot of fds are open when global forkserver is started.
If the allocated exec_fd number was equal Comms::kSandbox2ClientCommsFD then it would be replaced by the comms fd and result in EACCESS at execveat.

PiperOrigin-RevId: 380805414
Change-Id: I31427fa929abfc60890477b55790cc14c749f7f5
 2021-06-22 07:48:58 -07:00
Wiktor Garbacz
a850aa44d2 Better error handling in stacktraces 
PiperOrigin-RevId: 380789060
Change-Id: I655428fd45bf305f787b75cc925d31c6ab60c074
 2021-06-22 05:52:15 -07:00
Wiktor Garbacz
e5cfce71a3 Add new x86-64 syscalls 
PiperOrigin-RevId: 377460610
Change-Id: I06833ca7fcc88447ed482e9e6914b9113781a114
 2021-06-04 01:01:34 -07:00
Wiktor Garbacz
e87a052e61 Fix restarting global forkserver 
PiperOrigin-RevId: 376643949
Change-Id: I5811e8b8a9f5e74cab21d021c8e83b2a4b91818a
 2021-05-31 02:19:28 -07:00
Sandboxed API Team
aa568597b0 Add rt_sigprocmask to AllowLogForwarding 
PiperOrigin-RevId: 376142747
Change-Id: I6470a6eea8a4e85b0921de6dc332097a6c9440a4
 2021-05-27 04:40:28 -07:00
Christian Blichmann
d73f80cfa5 Enable AArch64 syscalls in examples 
PiperOrigin-RevId: 375923215
Change-Id: I9523a074579975379b1a9d4644497268781499e1
 2021-05-26 05:47:37 -07:00
Sandboxed API Team
f159359f65 Automated rollback of commit 5bb161b0db. 
PiperOrigin-RevId: 375047066
Change-Id: I09ce8aafa92337c79a61f0f757ec66be2b2cefdc
 2021-05-21 02:59:34 -07:00
Sandboxed API Team
5bb161b0db Automated rollback of commit e97ecfb955. 
PiperOrigin-RevId: 375044368
Change-Id: Ib8bcf5d67e70fb37ef330c1433056343674a9f14
 2021-05-21 02:38:05 -07:00
Christian Blichmann
e97ecfb955 Internal change 
PiperOrigin-RevId: 375038366
Change-Id: I9180c2dc544d5ba12a73a67f5613e0c44e962505
 2021-05-21 01:44:47 -07:00
Christian Blichmann
ab469deac3 Internal change 
PiperOrigin-RevId: 374874118
Change-Id: Id669e3f099e058ada3effa62f9569daaf5b36f63
 2021-05-20 08:17:10 -07:00
Wiktor Garbacz
78d749380b Fix a data race in Comms 
PiperOrigin-RevId: 374397564
Change-Id: I630a7587242b7b25364aa66158d86d53aff5c343
 2021-05-18 05:48:54 -07:00
Christian Blichmann
2d3a040f64 Minor cleanup/formatting changes 
PiperOrigin-RevId: 374164136
Change-Id: I505cbc3ac9f899ed965cde66aaae1aba55a90c64
 2021-05-17 04:07:08 -07:00
Christian Blichmann
ca6ec4337d Add workaround for active Tomoyo LSM 
Recenly, Debian based distribution kernels started activating the Tomoyo Linux
Security Module by default. Even if it is not used, this changes the behavior
of `/dev/fd` (pointing to `/proc/self/fd` by default), which Sandbox2 needs during
`execveat()`.

As a result, Sandbox2 and Sandboxed API always fail without one of the following
conditions
- `/proc` mounted within the sandboxee
- `/dev` mounted
- `/dev/fd` symlinked to `/proc/self/fd` in the sandboxee's mount namespace

Some code pointers to upstream Linux 5.12.2:
- https://elixir.bootlin.com/linux/v5.12.2/source/fs/exec.c#L1775
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/tomoyo.c#L107
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/domain.c#L729

To find out whether your system has Tomoyo enabled, use this command, similar to
what this change does in code:

```
$ cat /sys/kernel/security/lsm | grep tomoyo && echo "Tomoyo active"
capability,yama,apparmor,tomoyo
Tomoyo active
```

The config setting `CONFIG_DEFAULT_SECURITY` controls which LSMs are built into
the kernel by default.

PiperOrigin-RevId: 372919524
Change-Id: I2181819c04f15f57d96c44ea9977d0def4a1b623
 2021-05-10 07:04:04 -07:00
Christian Blichmann
00a7cc5a33 Use sapi::file::GetContents() and light Mini-ELF refactoring 
Plus some style fixes.

PiperOrigin-RevId: 370901533
Change-Id: If4f9d7c3157fdfc2ca4302b06cd95e96e7a8ebdd
 2021-04-28 07:49:17 -07:00
Christian Blichmann
08e1e733a0 Update third-party dependencies 
Also include-what-you-use the `signal.h` header.

PiperOrigin-RevId: 370433834
Change-Id: I934fe6fbf65091e365127db0fc4544499720841c
 2021-04-26 05:00:30 -07:00
Christian Blichmann
ab7943abdc Simplify ptrace emulation and code style fixes 
PiperOrigin-RevId: 369862187
Change-Id: Ia0759c320cde1c9e3798f0df5c2a0d50ca20fd71
 2021-04-22 06:56:45 -07:00
Wiktor Garbacz
d9824dff16 Use absl::Span in BPF disassembler 
PiperOrigin-RevId: 369636095
Change-Id: I13a8ae08ba354e54c502e0f6cdd35287fdfbb723
 2021-04-21 05:33:12 -07:00
Catalin Patulea
4344bbceba Add optional VLOG(1) for additional process info on Syscall Violation. 
PiperOrigin-RevId: 368900451
Change-Id: I331d0e239e2f3176c435bd42012d155d60d0b1ac
 2021-04-16 12:43:08 -07:00
Catalin Patulea
d5bd1cb38f Pretty-print ptrace event name on WIFSTOPPED. 
PiperOrigin-RevId: 368688417
Change-Id: I4368268f1b05148213010768a6d4eaa87211ea45
 2021-04-15 12:02:11 -07:00
Wiktor Garbacz
c15b5cb123 Log more info for seccomp setup failure 
PiperOrigin-RevId: 368618345
Change-Id: Ia1559ece8f83cf27623adab4baa141cd8cfdf143
 2021-04-15 05:09:38 -07:00
Wiktor Garbacz
6a679a407d Automated rollback of commit 54ac8f86fc. 
PiperOrigin-RevId: 368616441
Change-Id: I6ff53b730b44b5f08986be62b32fda13932ec19a
 2021-04-15 04:54:14 -07:00
Wiktor Garbacz
54ac8f86fc Automated rollback of commit 2ff96ba0e7. 
PiperOrigin-RevId: 368597960
Change-Id: Ifa6c8a57fbd7761fb5e121b589a49ad67333e7cd
 2021-04-15 02:17:50 -07:00
Wiktor Garbacz
2ff96ba0e7 Add missing TSAN syscalls 
PiperOrigin-RevId: 368427218
Change-Id: I73cd330028b805d8a86712936fb0c5103ce9914a
 2021-04-14 07:39:13 -07:00
Wiktor Garbacz
bc6bb0c7e5 Fix Mounts::ResolvePath for dir nodes. 
PiperOrigin-RevId: 368390904
Change-Id: I4f59e8d74b0d81497255cb0838d6d3132cae160b
 2021-04-14 02:45:41 -07:00
Martijn Vels
2efaa463c9 Implement enabling RSEQ inside AllowTcMalloc in terms of AllowRestartableSequences() 
PiperOrigin-RevId: 368208391
Change-Id: Ie1204cb3a0824ebe54b770e2669ae31f7932ed51
 2021-04-13 07:14:55 -07:00
Christian Blichmann
17f561f221 Use explicit conversion to std::string for look up in Protobuf maps 
This is needed for some compiler versions where `absl::string_view` == `std::string_view`.

PiperOrigin-RevId: 367392064
Change-Id: Id91d23510501df4745f386475ef9049d94062e1b
 2021-04-08 02:51:29 -07:00
Christian Blichmann
55049983c4
Add more compiler variants to GitHub Actions 
This changes the workflow definition so that we always try to install
compiler toolchains that we need.

See https://github.com/actions/virtual-environments/issues/2950 for more
context.

Drive-by:
- Mini fix to enable compilation under Clang 6.0

Signed-off-by: Christian Blichmann <cblichmann@google.com>
 2021-04-07 15:23:23 +02:00
Wiktor Garbacz
df840ae38f Fix order-dependent test. 
PiperOrigin-RevId: 363639702
Change-Id: I39f7ca1b4a2c65fe027bcc6ed71b10c2dcf46ca0
 2021-03-18 05:56:40 -07:00
Martijn Vels
753eacd314 Reduce requirements for restartable sequences 
PiperOrigin-RevId: 361780465
Change-Id: I299bc55c94d60575e16f0ea6b5f82b8b793af1cb
 2021-03-09 04:33:29 -08:00
Martijn Vels
b30d56e871 Add policy helper to allow restartable sequences 
PiperOrigin-RevId: 360266444
Change-Id: I0a3d2d071972bf7d6e7114a428c6954ed4bcef5c
 2021-03-01 13:39:42 -08:00
Wiktor Garbacz
9979faf752 Internal change 
PiperOrigin-RevId: 359245243
Change-Id: I1acea38c070e4533a0860152c66f8dbcf8c6fb7a
 2021-02-24 03:06:55 -08:00
Sandboxed API Team
508c7066a6 asan uses mmap() internally, so allow mmap() calls in asan builds 
PiperOrigin-RevId: 358802336
Change-Id: I26fa891cc9fffcfd32f6b18a63b39d6f2282ff7d
 2021-02-22 06:02:35 -08:00
Wiktor Garbacz
298271f0a7 Deprecate IPC::comms() 
PiperOrigin-RevId: 358380648
Change-Id: Iaf8f7dc0890be0e7e910649c6f519504f6b0a1a5
 2021-02-19 04:43:14 -08:00
Wiktor Garbacz
3d0fa1f891 Replace GetNode with ResolvePath in Mounts 
Now unwinding will properly handle binaries inside bind-mounted directories.

Drive-by:
 - Get rid of n^2 path handling
 - Get rid of namespace alias
PiperOrigin-RevId: 358353666
Change-Id: Ieec7690ec6a1ae6d358de375220566b69e8cb094
 2021-02-19 00:43:34 -08:00
Sandboxed API Team
ec64f47bba Adds IsRetryable() method to Result class, currently just returns false. 
Also fixes signature of `stack_trace()` method.

PiperOrigin-RevId: 356992845
Change-Id: I627caa9861cf7c0eb3496154504f0d948c789fb9
 2021-02-11 09:34:23 -08:00
Wiktor Garbacz
0bbcb495ee Remove unneeded Executor ctors 
absl::Span<const T> has an implicit ctor from container types.
PiperOrigin-RevId: 355155858
Change-Id: I70aea6b276b5e51f7682cba45bb2d4514cb1bc90
 2021-02-02 06:55:30 -08:00
Wiktor Garbacz
8cc018a242 Internal change 
PiperOrigin-RevId: 355126142
Change-Id: Iba8e54095e94f55811a92243d8af85d893418909
 2021-02-02 02:41:13 -08:00
Christian Blichmann
55a8373ec3 Avoid sanitizer macros use Abseil's where necessary 
Using C++17 means we can get rid of many `#ifdef`s by using `if constexpr`.
This way, we ensure that both branches compile and still retain zero runtime
overhead.

Note that open source builds of Sandboxed API do not ship with sanitizer
configurations yet. This will be added in follow-up changes.

PiperOrigin-RevId: 354932160
Change-Id: I3678dffc47ea873919f0a8c01f3a7d999fc29a5b
 2021-02-01 07:11:15 -08:00
Wiktor Garbacz
552a510777 Fix overload for Executor ctor calls with brace-initializers 
PiperOrigin-RevId: 354319778
Change-Id: I7b47ef2de734683f9168ef80f8b29357532d51ff
 2021-01-28 08:43:22 -08:00
Wiktor Garbacz
ec870c3d15 Simplify Executor ctor hierarchy 
Also accept `absl::string_view` and `absl::Span<const std::string>` arguments.

Drive-by:
 - Move using declaration into namespace
PiperOrigin-RevId: 354271016
Change-Id: Iadd873377e51cac7fa3800aab1f9e85ff94bd4e9
 2021-01-28 02:20:37 -08:00
Christian Blichmann
a617f4e8f0 Improvements to limits.h header 
- Directly initialize member fields
- Reword comments

PiperOrigin-RevId: 354093192
Change-Id: I19852c3f2bd1b05ed280102b0bed1ea62d8c4adc
 2021-01-27 08:05:25 -08:00
Christian Blichmann
6f33cef716 Allow FUTEX_WAKE for recent libc allocators 
PiperOrigin-RevId: 353827808
Change-Id: I6d1509016297fd16bec0ae6ea263896a1af9dc37
 2021-01-26 02:32:26 -08:00
Christian Blichmann
1459cc612e Cleanup, fix OSS Bazel build 
Bazel 4.0.0 is less lenient in handling escape sequences.

PiperOrigin-RevId: 353827443
Change-Id: I972841464449ed2262a0ef486343ae1ed444ad3c
 2021-01-26 02:29:08 -08:00
Wiktor Garbacz
b98bed9860 Internal change 
PiperOrigin-RevId: 353233756
Change-Id: Ib658a3602097dc0288af592e21db373eb12e2077
 2021-01-22 07:00:05 -08:00