Commit Graph

1095 Commits

Author SHA1 Message Date
Christian Blichmann
a290ffc8bc Seal memfd in embed_file.cc
PiperOrigin-RevId: 383358851
Change-Id: I839a9b816f9c7f486908fbccdc3ecd621bd1c402
2021-07-07 00:58:57 -07:00
Wiktor Garbacz
424c543eb7 Automated rollback of commit 4a38f59728.
PiperOrigin-RevId: 381815277
Change-Id: I344c9bb1a505cc0a0dcf7e9ff979c172c484d963
2021-06-28 02:03:06 -07:00
Wiktor Garbacz
fe2ee5dfac Do not expose stack_trace.h in public API
PiperOrigin-RevId: 381412175
Change-Id: I30729c5af378c358e6400e4b7366d435518ae7d7
2021-06-25 00:03:54 -07:00
Wiktor Garbacz
fe08d724e4 Simplify the dup fix and add better error handling
Original fix might fail if RLIMIT_NOFILE is set to 1024.

PiperOrigin-RevId: 381034115
Change-Id: I39e33a90083533cf85eb04072604665c299b861f
2021-06-23 08:14:01 -07:00
Sandboxed API Team
4a38f59728 Automated rollback of commit a850aa44d2.
PiperOrigin-RevId: 380897565
Change-Id: Iacc50697a5ff25b79272a1549291bbf32152d3f6
2021-06-22 14:50:33 -07:00
Wiktor Garbacz
0ec4f07f96 Fix rare failure while starting the global forkserver
This bug only manifests if a lot of fds are open when global forkserver is started.
If the allocated exec_fd number was equal Comms::kSandbox2ClientCommsFD then it would be replaced by the comms fd and result in EACCESS at execveat.

PiperOrigin-RevId: 380805414
Change-Id: I31427fa929abfc60890477b55790cc14c749f7f5
2021-06-22 07:48:58 -07:00
Wiktor Garbacz
a850aa44d2 Better error handling in stacktraces
PiperOrigin-RevId: 380789060
Change-Id: I655428fd45bf305f787b75cc925d31c6ab60c074
2021-06-22 05:52:15 -07:00
Wiktor Garbacz
e5cfce71a3 Add new x86-64 syscalls
PiperOrigin-RevId: 377460610
Change-Id: I06833ca7fcc88447ed482e9e6914b9113781a114
2021-06-04 01:01:34 -07:00
Wiktor Garbacz
e87a052e61 Fix restarting global forkserver
PiperOrigin-RevId: 376643949
Change-Id: I5811e8b8a9f5e74cab21d021c8e83b2a4b91818a
2021-05-31 02:19:28 -07:00
Sandboxed API Team
aa568597b0 Add rt_sigprocmask to AllowLogForwarding
PiperOrigin-RevId: 376142747
Change-Id: I6470a6eea8a4e85b0921de6dc332097a6c9440a4
2021-05-27 04:40:28 -07:00
Christian Blichmann
d73f80cfa5 Enable AArch64 syscalls in examples
PiperOrigin-RevId: 375923215
Change-Id: I9523a074579975379b1a9d4644497268781499e1
2021-05-26 05:47:37 -07:00
Sandboxed API Team
f159359f65 Automated rollback of commit 5bb161b0db.
PiperOrigin-RevId: 375047066
Change-Id: I09ce8aafa92337c79a61f0f757ec66be2b2cefdc
2021-05-21 02:59:34 -07:00
Sandboxed API Team
5bb161b0db Automated rollback of commit e97ecfb955.
PiperOrigin-RevId: 375044368
Change-Id: Ib8bcf5d67e70fb37ef330c1433056343674a9f14
2021-05-21 02:38:05 -07:00
Christian Blichmann
e97ecfb955 Internal change
PiperOrigin-RevId: 375038366
Change-Id: I9180c2dc544d5ba12a73a67f5613e0c44e962505
2021-05-21 01:44:47 -07:00
Christian Blichmann
ab469deac3 Internal change
PiperOrigin-RevId: 374874118
Change-Id: Id669e3f099e058ada3effa62f9569daaf5b36f63
2021-05-20 08:17:10 -07:00
Wiktor Garbacz
78d749380b Fix a data race in Comms
PiperOrigin-RevId: 374397564
Change-Id: I630a7587242b7b25364aa66158d86d53aff5c343
2021-05-18 05:48:54 -07:00
Wiktor Garbacz
a986278550 Raw logging should not allocate memory
PiperOrigin-RevId: 374396461
Change-Id: I709103c7834d4803a26a0b292f342a3d629d332c
2021-05-18 05:37:38 -07:00
Christian Blichmann
2d3a040f64 Minor cleanup/formatting changes
PiperOrigin-RevId: 374164136
Change-Id: I505cbc3ac9f899ed965cde66aaae1aba55a90c64
2021-05-17 04:07:08 -07:00
Christian Blichmann
ca6ec4337d Add workaround for active Tomoyo LSM
Recenly, Debian based distribution kernels started activating the Tomoyo Linux
Security Module by default. Even if it is not used, this changes the behavior
of `/dev/fd` (pointing to `/proc/self/fd` by default), which Sandbox2 needs during
`execveat()`.

As a result, Sandbox2 and Sandboxed API always fail without one of the following
conditions
- `/proc` mounted within the sandboxee
- `/dev` mounted
- `/dev/fd` symlinked to `/proc/self/fd` in the sandboxee's mount namespace

Some code pointers to upstream Linux 5.12.2:
- https://elixir.bootlin.com/linux/v5.12.2/source/fs/exec.c#L1775
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/tomoyo.c#L107
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/domain.c#L729

To find out whether your system has Tomoyo enabled, use this command, similar to
what this change does in code:

```
$ cat /sys/kernel/security/lsm | grep tomoyo && echo "Tomoyo active"
capability,yama,apparmor,tomoyo
Tomoyo active
```

The config setting `CONFIG_DEFAULT_SECURITY` controls which LSMs are built into
the kernel by default.

PiperOrigin-RevId: 372919524
Change-Id: I2181819c04f15f57d96c44ea9977d0def4a1b623
2021-05-10 07:04:04 -07:00
Christian Blichmann
5c7903ecd9 Check for either violate() or ViolateIndirect() in stack trace
Depending on architecture and optimization level, the compiler may choose to
not generate full stack frames, even with no-inline and no tail-call
attributes.

PiperOrigin-RevId: 372339987
Change-Id: I42043131bbb6092ff234e80ae9047f7a2bf31161
2021-05-06 07:36:13 -07:00
Christian Blichmann
0750216bc1 Make stack trace test more resilient against optimizer
This fixes tests for PPC, where the tail-call optimization would consistently
remove 'violate()' from the stack trace.

PiperOrigin-RevId: 371103794
Change-Id: Ifb1a7d588a455041a6b0f3c763276ed44de47e60
2021-04-29 06:01:24 -07:00
Christian Blichmann
00a7cc5a33 Use sapi::file::GetContents() and light Mini-ELF refactoring
Plus some style fixes.

PiperOrigin-RevId: 370901533
Change-Id: If4f9d7c3157fdfc2ca4302b06cd95e96e7a8ebdd
2021-04-28 07:49:17 -07:00
Christian Blichmann
08e1e733a0 Update third-party dependencies
Also include-what-you-use the `signal.h` header.

PiperOrigin-RevId: 370433834
Change-Id: I934fe6fbf65091e365127db0fc4544499720841c
2021-04-26 05:00:30 -07:00
Christian Blichmann
ab7943abdc Simplify ptrace emulation and code style fixes
PiperOrigin-RevId: 369862187
Change-Id: Ia0759c320cde1c9e3798f0df5c2a0d50ca20fd71
2021-04-22 06:56:45 -07:00
Wiktor Garbacz
d9824dff16 Use absl::Span in BPF disassembler
PiperOrigin-RevId: 369636095
Change-Id: I13a8ae08ba354e54c502e0f6cdd35287fdfbb723
2021-04-21 05:33:12 -07:00
Catalin Patulea
4344bbceba Add optional VLOG(1) for additional process info on Syscall Violation.
PiperOrigin-RevId: 368900451
Change-Id: I331d0e239e2f3176c435bd42012d155d60d0b1ac
2021-04-16 12:43:08 -07:00
Christian Blichmann
be6c878b01 Internal change touching the generator rules
PiperOrigin-RevId: 368802693
Change-Id: Ia0102d1a92a49b807d4432ee3d0a6a02f528ef00
2021-04-16 01:38:08 -07:00
Catalin Patulea
d5bd1cb38f Pretty-print ptrace event name on WIFSTOPPED.
PiperOrigin-RevId: 368688417
Change-Id: I4368268f1b05148213010768a6d4eaa87211ea45
2021-04-15 12:02:11 -07:00
Wiktor Garbacz
c15b5cb123 Log more info for seccomp setup failure
PiperOrigin-RevId: 368618345
Change-Id: Ia1559ece8f83cf27623adab4baa141cd8cfdf143
2021-04-15 05:09:38 -07:00
Wiktor Garbacz
6a679a407d Automated rollback of commit 54ac8f86fc.
PiperOrigin-RevId: 368616441
Change-Id: I6ff53b730b44b5f08986be62b32fda13932ec19a
2021-04-15 04:54:14 -07:00
Wiktor Garbacz
54ac8f86fc Automated rollback of commit 2ff96ba0e7.
PiperOrigin-RevId: 368597960
Change-Id: Ifa6c8a57fbd7761fb5e121b589a49ad67333e7cd
2021-04-15 02:17:50 -07:00
Wiktor Garbacz
2ff96ba0e7 Add missing TSAN syscalls
PiperOrigin-RevId: 368427218
Change-Id: I73cd330028b805d8a86712936fb0c5103ce9914a
2021-04-14 07:39:13 -07:00
Wiktor Garbacz
bc6bb0c7e5 Fix Mounts::ResolvePath for dir nodes.
PiperOrigin-RevId: 368390904
Change-Id: I4f59e8d74b0d81497255cb0838d6d3132cae160b
2021-04-14 02:45:41 -07:00
Martijn Vels
2efaa463c9 Implement enabling RSEQ inside AllowTcMalloc in terms of AllowRestartableSequences()
PiperOrigin-RevId: 368208391
Change-Id: Ie1204cb3a0824ebe54b770e2669ae31f7932ed51
2021-04-13 07:14:55 -07:00
Christian Blichmann
5eb412ac32 Internal change
PiperOrigin-RevId: 368172152
Change-Id: Ie1479862473bfef7f08d555109a577d47bfbabc7
2021-04-13 01:58:11 -07:00
Wiktor Garbacz
00649577d9 Fix Reg<long double> for MSAN
On x86 `long double` has 10 bytes of meaningful data, but `sizeof(long double)` is 16 - the remaining bytes are random garbage.

Roll forward after fixing a bug in the original commit.

PiperOrigin-RevId: 368170639
Change-Id: I4a1d2d95b92eed6b71c37145726f7320cfc00ba0
2021-04-13 01:44:01 -07:00
Sandboxed API Team
141fe911f5 Automated rollback of commit 16880d4e3c.
PiperOrigin-RevId: 367459654
Change-Id: I93e13da18cb322c13f7c3e3a3ca4e301ccc49fdd
2021-04-08 10:38:01 -07:00
Wiktor Garbacz
16880d4e3c Fix Reg<long double> for MSAN
On x86 `long double` has 10 bytes of meaningful data, but `sizeof(long double)` is 16 - the remaining bytes are random garbage.

PiperOrigin-RevId: 367423349
Change-Id: I769b3444ce4fa60f941ccd2115b0b09ccc809f13
2021-04-08 07:10:37 -07:00
Christian Blichmann
17f561f221 Use explicit conversion to std::string for look up in Protobuf maps
This is needed for some compiler versions where `absl::string_view` == `std::string_view`.

PiperOrigin-RevId: 367392064
Change-Id: Id91d23510501df4745f386475ef9049d94062e1b
2021-04-08 02:51:29 -07:00
Copybara-Service
6edd16f1b3 Merge pull request #85 from cblichmann:main
PiperOrigin-RevId: 367217172
Change-Id: I147ba51ac643d0f6d3a92c1147cef7f91d24271d
2021-04-07 07:40:51 -07:00
Christian Blichmann
55049983c4
Add more compiler variants to GitHub Actions
This changes the workflow definition so that we always try to install
compiler toolchains that we need.

See https://github.com/actions/virtual-environments/issues/2950 for more
context.

Drive-by:
- Mini fix to enable compilation under Clang 6.0

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-04-07 15:23:23 +02:00
Wiktor Garbacz
bc9d7a8db6 Properly handle unsigned-by-default char types
PiperOrigin-RevId: 364774936
Change-Id: I2e411555d98cad128945949ea3eedb045af0421d
2021-03-24 04:48:16 -07:00
Wiktor Garbacz
1be4d04f4e Avoid tail-call optimization in "violate" testcase
PiperOrigin-RevId: 364523883
Change-Id: I5e43534d7db37b4c16f18fc3326714664ab0ae00
2021-03-23 03:51:09 -07:00
Vincenzo Petrolo
34dcd72d7d
fix typo
Signed-off-by: Vincenzo Petrolo <vincenzo@kernel-space.org>
2021-03-22 13:08:58 +01:00
Wiktor Garbacz
df840ae38f Fix order-dependent test.
PiperOrigin-RevId: 363639702
Change-Id: I39f7ca1b4a2c65fe027bcc6ed71b10c2dcf46ca0
2021-03-18 05:56:40 -07:00
Christian Blichmann
03bf9f72c0 Replace usage of deprecated functions within Sandboxed API
PiperOrigin-RevId: 363637782
Change-Id: I804d60fb3990f891416f06d36cb71b094daf3e37
2021-03-18 05:39:50 -07:00
Martijn Vels
753eacd314 Reduce requirements for restartable sequences
PiperOrigin-RevId: 361780465
Change-Id: I299bc55c94d60575e16f0ea6b5f82b8b793af1cb
2021-03-09 04:33:29 -08:00
Martijn Vels
b30d56e871 Add policy helper to allow restartable sequences
PiperOrigin-RevId: 360266444
Change-Id: I0a3d2d071972bf7d6e7114a428c6954ed4bcef5c
2021-03-01 13:39:42 -08:00
Wiktor Garbacz
9979faf752 Internal change
PiperOrigin-RevId: 359245243
Change-Id: I1acea38c070e4533a0860152c66f8dbcf8c6fb7a
2021-02-24 03:06:55 -08:00
Sandboxed API Team
508c7066a6 asan uses mmap() internally, so allow mmap() calls in asan builds
PiperOrigin-RevId: 358802336
Change-Id: I26fa891cc9fffcfd32f6b18a63b39d6f2282ff7d
2021-02-22 06:02:35 -08:00