This change allows Sandbox2 to change how the default FD for comms is chosen.
PiperOrigin-RevId: 479521810
Change-Id: Ia2ca1df95eb21783207ffb625c924790de20480d
This is to abstract the FD number away, so that we can change the way the FD number is chosen/communicated.
PiperOrigin-RevId: 479282707
Change-Id: Ic6726bcd0a17e97bde60804476ecbca2ffbf6525
We have removed an internal-only sandbox mechanism that has been deprecated
for years. Some formatting/include changes may leak into the OSS version.
PiperOrigin-RevId: 475230500
Change-Id: Ib4efdf3282529ea50e8302e5ef7acfdd7d4c68e5
This is the first in a series of changes that will remove our custom logging
implementation in favor of the newly released Abseil log library.
PiperOrigin-RevId: 475221012
Change-Id: I5d21ad104049dc70abe2a8d49659128e9cf3e9c0
When not requesting any particular function, `sapi_library()` will try and
make available _all_ functions it finds. In this case, system headers should
be skipped to avoid inflating the API surface. Standard library functions
can still be manually requested by adding them to the `functions` (Bazel)/
`FUNCTIONS` (CMake) argument.
PiperOrigin-RevId: 472272506
Change-Id: I8f8d79796d3044e598eebb7f87ce4cf464b47ed7
If it isn't, assume that the process has exited and the event msg contains an exit code.
PiperOrigin-RevId: 471258449
Change-Id: I44408c30fe7fb39e20b55cea871f3efb68fcde67
Instead of doing waitpid() and processing one thread at a time, gather all waiting threads and then process them.
This avoids starving older threads when newer threads raise a lot of events.
PiperOrigin-RevId: 466366533
Change-Id: I81a878f038feac86407a8e961ecba181004f0f8a
With this change, the generated build system can now decide when the SAPI
protos are out of date and need to be rebuilt. Previously, the protos had
to always be regenerated which meant compiling a big part of the codebase
after each CMake configure run, even if nothing else changed.
PiperOrigin-RevId: 455599389
Change-Id: If75b6e870cd37f3136681fc73a404c5678623e52
- Update Sandbox policy
- Compile libzip wrapper functions as part of libzip in CMake
PiperOrigin-RevId: 454837665
Change-Id: Ife6cc99296873e030b9613959eff88d4b0746a5e
- Minor reformatting in `CMakeLists.txt`
- Update c-blosc to latest revision
PiperOrigin-RevId: 454148849
Change-Id: I7a659c0786b1dc35d94059a518a0ec2859055432
- Drop patch from `CMakeLists.txt` in favor forcing C compilation
- Use `sapi` namespace and new logging integration
- Update sandbox policy to allow to retrieve thread ids
- Add tests to GitHub Workflow
PiperOrigin-RevId: 454133584
Change-Id: I50946245c723eb1e496ed1403b70ba08d977494e
Our internal builds do not build the `contrib/` sandboxes, so I didn't notice
the failing libraw build :-/
PiperOrigin-RevId: 453868469
Change-Id: Ic084b066197ace6f52c3e7ed541a811c501d20b1
Ubuntu 22.04 is an LTS version, so we should add it. This change set
`ignore-errors = true`, as the corresponding build environment is still in
beta on GitHub.
PiperOrigin-RevId: 453868434
Change-Id: I988e38cda30deedd0704314f21a1f4c33c1456a0
--
656cd15cb6 by Piotr Bartman <prbartman@gmail.com>:
LibRaw
--
a505222184 by Piotr Bartman <prbartman@gmail.com>:
CMake cleanup
--
7fc66b2026 by Piotr Bartman <prbartman@gmail.com>:
cleanup + img.raw
--
1b1c085cfe by Piotr Bartman <prbartman@gmail.com>:
libraw: data checking
--
7e76425c37 by Piotr Bartman <prbartman@gmail.com>:
libraw: CR @cblichmann
PiperOrigin-RevId: 453859071
Change-Id: Ib9e1887f97d48ecbebda05c5c6df01e3642bbfba
This finally prevents Ninja from rebuilding everything needlessly each time a
CMake reconfiguration was triggered. The root cause is that we used
`file(WRITE ...)`, which always unconditionally overwrites, so Ninja sees
those files as "dirty".
PiperOrigin-RevId: 453849514
Change-Id: Ib878df21371387baa7bf791a0a054e1ea5d6b6ae
E.g. a failed `KillSandboxee` for a timeout would already set the exit status code while there could be an external kill pending at the same time which would try to `KillSandboxee` again and thus set exit status code again.
PiperOrigin-RevId: 448464765
Change-Id: Ic5744a576c4255504bfb1d5c4f33253b5bb32b6f
This should make multithreaded sandboxees that exec (or send `SIGKILL`) behave more reliably.
PiperOrigin-RevId: 447458426
Change-Id: Ifdace340462199dc24c8cdf25d589ef6b24991e1
Instead of calling `google::InitGoogleLogging()` directly, introduce an
indirection via a new utility library. After this change, Sandboxed API
should consistently use `sapi::InitLogging()` everywhere.
For now, `sapi::InitLogging()` simply calls its glog equivalent. However,
this enables us to migrate away from the gflags dependency and use Abseil
flags. Once a follow-up change lands, `sapi::InitLogging()` will instead
initialize the google logging library with flags defined from Aseil.
Later still, once Abseil releases logging, we can then drop the glog
dependency entirely.
PiperOrigin-RevId: 445363592
Change-Id: Ia23a7dc88b8ffe65a422ea4d5233bba7bdd1303a