sandboxed-api

mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

Author	SHA1	Message	Date
Christian Blichmann	4eede550e7	Prepare for upcoming changes in Abseil - Move canonical errors into status. PiperOrigin-RevId: 295941935 Change-Id: I9408d21b6d34239b0ef3f3cd24975f39f1405505	2020-02-19 04:43:29 -08:00
Wiktor Garbacz	539d1cac34	Replace `if (!cond) { LOG(FATAL, msg) }` with `CHECK(cond, msg)` PiperOrigin-RevId: 291916344 Change-Id: Ib522a3f202b20bf8f1ab4ca5774952d4b8f43e91	2020-01-28 05:59:33 -08:00
Christian Blichmann	441201884a	Update license header with recommended best practices PiperOrigin-RevId: 290250533 Change-Id: Ic34b253446463cf971a055b70a242df93a598ee3	2020-01-17 05:05:29 -08:00
Sandboxed API Team	aea1ecd58d	Improve diagnostics when dynamically linked binary is sandboxed, but can't be exec'd. PiperOrigin-RevId: 286391400 Change-Id: I016deb34eb895480131da24bc95a6244d92f3710	2019-12-19 07:48:32 -08:00
Wiktor Garbacz	7125458c5d	forkserver: Remove order dependent tests Sending -1 as fd will fail and take forkserver down. This should not happen normally so turned it into a check. PiperOrigin-RevId: 285391908 Change-Id: Idbb05004c36cb0be57be1bd26df1c57cecfb0019	2019-12-13 06:59:01 -08:00
Wiktor Garbacz	ece90e0bda	Fix resource leak Resulted in a lot of zombie processes. PiperOrigin-RevId: 283545337 Change-Id: Ia6b2fd24fc6fc0eed4a7aa415e264618739e8234	2019-12-03 07:59:18 -08:00
Wiktor Garbacz	035965060a	Create initial namespaces on demand PiperOrigin-RevId: 283321826 Change-Id: I746ce726b834273fd8a8e0de36b311c46e42d57a	2019-12-02 05:31:42 -08:00
Wiktor Garbacz	8a7d0d1cb3	Use a nested userns&mntns to pre-pivot_root This addresses a latency issue - chroot_fs_refs called inside pivot_root in the kernel can take several milliseconds on machines with many threads running. This might not always reduce latency for custom forkservers, as additional fork can be more costly than pivot_root. PiperOrigin-RevId: 281306284 Change-Id: If503ac76a70e5438e94caf708d79cb0219c66def	2019-11-19 09:02:28 -08:00
Christian Blichmann	276b7efc92	Internal change. PiperOrigin-RevId: 265057217 Change-Id: Id00c867b373dbe8c9112c23ef4b0300ed3ca9e5b	2019-08-23 08:08:51 -07:00
Wiktor Garbacz	691104c851	Extract RunInitProcess and SendPid/RecvPid Also properly check status of send and use one-byte messages to avoid issues with partial send, receive. PiperOrigin-RevId: 258362495 Change-Id: I889b4699c100c80d15b129bf3a254f5442405bc2	2019-07-16 07:23:17 -07:00
Wiktor Garbacz	2349325e2b	Move root chdir to namespace setup PiperOrigin-RevId: 258361265 Change-Id: Ifa065559e36606afa7111ef6d8e2d5d621b57426	2019-07-16 07:13:17 -07:00
Wiktor Garbacz	8a4e665cba	Remove redundant process setup PR_SET_PDEATHSIG is already issued for init process in SanitizeCurrentProcess Same for setsid PiperOrigin-RevId: 258142844 Change-Id: Iad9e94bd402d576c1b24caab0b03efc50e2df07e	2019-07-15 05:36:27 -07:00
Kevin Hamacher	1b50485be6	Move forkserver into a dedicated binary PiperOrigin-RevId: 242637894 Change-Id: I16f19d077e2b5b9d0d4ef58344d5caaef95af7c6	2019-04-09 14:37:41 +02:00
Kevin Hamacher	e44231e28a	Wrap waitpid with TEMP_FAILURE_RETRY and use __WALL to make sure we reap all children PiperOrigin-RevId: 242111281 Change-Id: I322623303487b0292c2aea53d6eae5d9f53d79b6	2019-04-05 05:50:12 -07:00
Kevin Hamacher	77ad64ac30	Use high FD numbers in the forkserver to avoid collision with FDs mapped by the user PiperOrigin-RevId: 242106285 Change-Id: I0f4bd130f8e66e6b47ad1d7311e0fff519aa9e90	2019-04-05 04:51:41 -07:00
Kevin Hamacher	1dd0428713	Add missing chdir() in the init process PiperOrigin-RevId: 239425921 Change-Id: Ia1b02ae0a2f319faa601d6098a9f94a3043656a8	2019-03-20 10:36:11 -07:00
Kevin Hamacher	5d216fb191	Only spawn init processes when using PID NS PiperOrigin-RevId: 239169620 Change-Id: I9f26cfab90189a1baa5b87a700ce892cf0c95a89	2019-03-19 05:14:29 -07:00
Christian Blichmann	177b969e8c	Sandboxed API OSS release. PiperOrigin-RevId: 238996664 Change-Id: I9646527e2be68ee0b6b371572b7aafe967102e57 Signed-off-by: Christian Blichmann <cblichmann@google.com>	2019-03-18 19:00:48 +01:00

18 Commits