Commit Graph

233 Commits

Author SHA1 Message Date
Christian Blichmann
21f7373e76 Initial changes to support AArch64
This is a work in progress:
- Syscall tables need work
- Only tested on real hardware using one of our test hosts

As a drive-by, this change also enables the open source version to function on
POWER.

Another side-effect of this change is that the default policies no longer
check for different host architectures at runtime. On x86_64, we do not need
to check for PPC or AArch64 specifice and vice versa.

PiperOrigin-RevId: 331137472
Change-Id: Ic6d6be5cbe61d83dbe13d5a0be036871754b2eb8
2020-09-11 06:34:27 -07:00
Christian Blichmann
c19949eb7b Use inclusive language
PiperOrigin-RevId: 331116936
Change-Id: I7084b24440a1c78c0d70030da900330f0b8d954f
2020-09-11 03:14:12 -07:00
Christian Blichmann
6a1e4b881c Introduce config header to centralize CPU architecture checks
This allows us to remove some uses of macros.

Related changes:
- Make it clear that we support hosting sandboxed binaries from 64-bit
  processes only. CPU architectures are x86-64 and POWER64 (little endian).
- Introduced CPU architecture macros, abstracting away compiler specifics

PiperOrigin-RevId: 330918134
Change-Id: Ife7ad5f14723eec9f68055127b0583b8aecd38dd
2020-09-10 05:48:00 -07:00
Kevin Hamacher
1f8e88586b Log details when executor fails to open the sandboxee binary
PiperOrigin-RevId: 330680717
Change-Id: I4ec855861196177321783dc94f2e05a28e84d512
2020-09-09 02:12:29 -07:00
Christian Blichmann
fdf0483ca0 Migrate to open-source absl::StatusOr<>
This removes our own fork of `absl::StatusOr<>`. Sandboxed API still includes
a custom matcher for Googletest, as that is not open source yet. For
compatibility, the `statusor.h` header is still retained and now aliases
`sapi::StatusOr<>` to `absl::StatusOr<>`.

PiperOrigin-RevId: 329916309
Change-Id: I0544b73a9e312dce499bc4128c28457e04ab9929
2020-09-03 07:40:48 -07:00
Sandboxed API Team
23da55c19a Internal BUILD refactoring
PiperOrigin-RevId: 329720214
Change-Id: I25fbb94dea17db3bdca6438d17508fa304d9706f
2020-09-03 07:40:33 -07:00
Sandboxed API Team
1c833d6f25 Internal cleanup migrating StatusOr.
PiperOrigin-RevId: 329304527
Change-Id: Id6c141272df54c4e165829d690f9f5b2e9ee90cc
2020-08-31 08:13:29 -07:00
Wiktor Garbacz
c53f2a900f Automated rollback of commit e7a195ce42.
PiperOrigin-RevId: 328918626
Change-Id: Iabe93ec7062ea6e750e4185e2b0b672a37111ee7
2020-08-28 04:49:41 -07:00
Sandboxed API Team
e7a195ce42 Automated rollback of commit 82c56775ef.
PiperOrigin-RevId: 328340042
Change-Id: Ib225f8012fb373c74e3f1b3e6201b2daca7da40b
2020-08-25 09:01:22 -07:00
Wiktor Garbacz
82c56775ef StatusOr cleanups
PiperOrigin-RevId: 328318284
Change-Id: I207570c0fee6797dbc8995d36ef2130b0bff28fa
2020-08-25 06:22:05 -07:00
Sandboxed API Team
8633f22185 Increase limit on symbol table size and section size.
PiperOrigin-RevId: 325215228
Change-Id: I2e6ca131d92d86e7aa0d5cc37a3507dce03db25f
2020-08-06 06:04:14 -07:00
Christian Blichmann
eb62bae167 Refactor stack trace handling
- Drop `delim` argument from the `GetStackTrace()` family of functions.
  We only ever used plain spaces.
- Use an `std::vector<std::string>` for the symbolized stack frames and
  adjust the unwind proto accordingly.

This change now prints each stack frame on its own line while skipping
duplicate ones:

```
I20200717 11:47:16.811381 3636246 monitor.cc:326] Stack trace: [
I20200717 11:47:16.811415 3636246 monitor.cc:337]   map:/lib/x86_64-linux-gnu/libc-2.30.so+0xceee7(0x7fb871602ee7)
I20200717 11:47:16.811420 3636246 monitor.cc:337]   Rot13File+0x130(0x55ed24615995)
I20200717 11:47:16.811424 3636246 monitor.cc:337]   ffi_call_unix64+0x55(0x55ed2461f2dd)
I20200717 11:47:16.811429 3636246 monitor.cc:337]   map:[stack]+0x1ec80(0x7ffee4257c80)
I20200717 11:47:16.811455 3636246 monitor.cc:339]   (last frame repeated 196 times)
I20200717 11:47:16.811460 3636246 monitor.cc:347] ]
```

PiperOrigin-RevId: 322089140
Change-Id: I05b0de2f4118fed90fe920c06bbd70ea0d1119e2
2020-07-20 00:24:40 -07:00
Wiktor Garbacz
f7d3f442df Extract ForkClient to a separate target
PiperOrigin-RevId: 321757582
Change-Id: I48b89ab4e4b1d87dd9444874de5bf5bd2526531a
2020-07-17 04:54:54 -07:00
Wiktor Garbacz
e9f7293e21 Fix ptrace_hook dependency graph
PiperOrigin-RevId: 321748143
Change-Id: Idb453054b78e932ce13c5f44f7d408cc0f9c31f2
2020-07-17 03:20:43 -07:00
Christian Blichmann
b7d137721a Do not keep a reference to a temporary
PiperOrigin-RevId: 321117444
Change-Id: If6951058fcd32fe638f9241bef79181d6785e9cf
2020-07-14 01:42:05 -07:00
Christian Blichmann
1f1de9e229 Fix logging/display of syscall tables
Initializing `absl::Span`s like by assigning them from a temporary
array leaves them pointing to invalid data. Due to the way the linker
initializes these constant tables, _most_ of them will still be valid
_most_ of the time, leading to crashes when running sandboxees with the
`--sandbox2_danger_danger_permit_all_and_log` option.

PiperOrigin-RevId: 321112099
Change-Id: I891118da08cbb6000b3e2e275618bc4edaa1d020
2020-07-14 00:47:54 -07:00
Chris Kennelly
63a8b3ff15 Refactoring for internal change
PiperOrigin-RevId: 320612442
Change-Id: I65729ac5d83c76dac047a47f866b7ad4af3c56c1
2020-07-10 09:01:49 -07:00
Sandboxed API Team
a602177943 Fix AllowLlvmSanitizers for Msan.
PiperOrigin-RevId: 319947612
Change-Id: I6485d8282381c4cb2be05e138e007ccbb3e5d956
2020-07-07 02:40:24 -07:00
Sandboxed API Team
228f3e7ed1 Migrate usage of StatusOr::operator bool to StautsOr::ok.
PiperOrigin-RevId: 319931897
Change-Id: I31b4bb71c7eeaf6687a499248bbfbb26c78b94ff
2020-07-07 00:14:07 -07:00
Sandboxed API Team
88e9dbf8d4 Allow Asan to get sigaltstack
Include sigaltstack into AllowHandleSignals

PiperOrigin-RevId: 319293484
Change-Id: I4d60715893bd07eff047d2bced1450a3cd29bcec
2020-07-01 14:09:03 -07:00
Wiktor Garbacz
6008dc6db4 Reduce dependencies on libcap
PiperOrigin-RevId: 319228803
Change-Id: I1a9497f9e33bbe1e84749505305cd9c148b6d700
2020-07-01 08:23:46 -07:00
Wiktor Garbacz
0d375e69e1 Remove abort from ExecuteProcess
Otherwise ExecuteProcess is implicitly `[[noreturn]]` and this
might cause policy violations in `__asan_handle_no_return`
for ASAN builds.

PiperOrigin-RevId: 319203128
Change-Id: I5c8ba71ce88261f803aa3f16730eccea0d803dd1
2020-07-01 04:54:29 -07:00
Christian Blichmann
2ffea13759 Mark zlib as found when using SAPI CMake build
Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-06-30 08:59:50 +02:00
Sandboxed API Team
5de6b84111 Internal change
PiperOrigin-RevId: 317068509
Change-Id: I268381ca50eabed88b189bf79ccc9313e5b7d9ae
2020-06-18 03:19:01 -07:00
Christian Blichmann
5aff251a92 Move filewrapper to tools directory
This decouples it from the underlying build system

PiperOrigin-RevId: 313764652
Change-Id: I64de2f8533d307567de297942a3d02d26b0839f4
2020-05-29 05:40:52 -07:00
Christian Blichmann
143e539d79 First MVP of a LibTooling based SAPI header generator
- Extract dependent types directly from the Clang AST and re-serialize
  back into compilable code
- Collect types and emit diagnostics
- Format generated code

Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-05-15 15:35:42 +02:00
Christian Blichmann
aafc597630 Add zlib as dependency for examples
Similar to what the Bazel build does, this change adds zlib as an additional
dependency when `SAPI_ENABLE_EXAMPLES` is set to `ON`.

PiperOrigin-RevId: 309203959
Change-Id: I201a9e6415789afb1e058bc48cebbc0fc0004fe9
2020-04-30 04:57:33 -07:00
Sandboxed API Team
79049b09c0 Add helper function for MADV_WIPEONFORK.
BoringSSL (which is the crypto library used by most Google products) is starting to use madvise(_, _, MADV_WIPEONFORK) to protect random-number state from being duplicated by fork(). This causes extra madvise calls that sandboxes need to permit in order to continue functioning.

PiperOrigin-RevId: 309173849
Change-Id: I007dacc1ff1fd0ccc138caaa08735cfe5bc78234
2020-04-30 00:08:55 -07:00
Christian Blichmann
7ec20bd5d5 Update dependencies to latest versions
- Abseil (HEAD)
- Benchmark (HEAD)
- Google Flags (HEAD)
- Google Logging (HEAD)
- Google Test/Mock (HEAD)
- Protocol Buffers (3.11.4)

PiperOrigin-RevId: 309012925
Change-Id: I826846afb3f2c4e92180915796890fce6b5a1d6c
2020-04-29 06:45:44 -07:00
Sandboxed API Team
9b85dc49c1 Split sanitizer.h into a separate library
PiperOrigin-RevId: 305327952
Change-Id: I6708729d379d019c3d299e9cb54b76338ced23bf
2020-04-07 13:26:51 -07:00
Christian Blichmann
496672c333 Cleanup calls to sapi::StatusOr<>::ValueOrDie()
PiperOrigin-RevId: 304398197
Change-Id: I85d09457a5e27f65c0792fe93aebbd8219801ef6
2020-04-02 07:42:45 -07:00
Sandboxed API Team
2fa0bf85f4 Fix an ODR violation
PiperOrigin-RevId: 303066199
Change-Id: I0cde5fce6f9538136b913edccc5a3195e0b4e503
2020-03-26 01:59:05 -07:00
Sandboxed API Team
22c6417307 Adding new build rule for sanitizer
PiperOrigin-RevId: 302687093
Change-Id: I090352c70df67e51eba79a618315b7ca9696bcfe
2020-03-24 09:54:49 -07:00
Kevin Hamacher
dadf55f647 Show a warning when tmpfs size is not specified
PiperOrigin-RevId: 302441519
Change-Id: Ia4130c9067f00ed48065ea3b4854c844e7b88f85
2020-03-23 08:44:28 -07:00
Anna Sapek
4665335604 Use file::IsAbsolutePath consistently
PiperOrigin-RevId: 302073992
Change-Id: Ib3b9fbedc6e85a1abd87cbc683d8a8c3dc3daf87
2020-03-20 12:08:25 -07:00
Christian Blichmann
f44cca6c98 Fix path to generated proto sources when embedding
When embedding SAPI in an external CMake project, the version of
`protobuf_generate_cpp` that we lifted from upstream protobuf produces
the wrong generated file paths.

For example, given this project structure:

```
/parent/
+-- myproject/
+-- myproject_build/  <- CMake build directory
+-- sandboxed-api/    <- Checkout from GitHub
```

And a CMake file in `myproject/CMakeLists.txt` that embeds SAPI like
this:

```
cmake_minimum_required(VERSION 3.12)
project(SandboxedTest LANGUAGES CXX)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)

add_subdirectory(
  ${PROJECT_SOURCE_DIR}/../sandboxed-api
  ${PROJECT_BINARY_DIR}/sandboxed-api
)
```

Then `protobuf_generate_cpp` correctly invokes the protoc compiler to
generate
`/parent/myproject_build/sandboxed-api/sandboxed_api/proto_arg.proto.pb.cc'.
However, the path of the generated source file that is passed to the C++
compiler will be
`/parent/myproject_build/sandboxed-api/sandboxed_api/../../myproject_build/sandboxed-api/sandboxed_api/proto_arg.pb.cc`.
Note the duplicated project build directory component in the
canonicalized version:
`/parent/myproject_build/myproject_build/sandboxed-api/sandboxed_api/proto_arg.pb.cc`.

This change simple omits the computation of any relative file paths and
simply uses `_pb_PROTOC_OUT_DIR` which defauls to
`CMAKE_CURRENT_BINARY_DIR`, which should always contain the correct
path.

Signed-off-by: Christian Blichmann <mail@blichmann.eu>
2020-03-18 18:47:02 +01:00
bielec
d17482e2eb Split network_proxy example to 2 examples: with automatic handler, and without.
Created documentation for network proxy. fixed 2 things in documentation (namespaces are enabled by default for a while).

PiperOrigin-RevId: 300321016
Change-Id: Id9c54b29551e8d3b70e814e2fdbfee594126aa90
2020-03-11 07:32:50 -07:00
Christian Blichmann
f6c3db4c6e Replace sapi::Status with absl::Status
PiperOrigin-RevId: 297614681
Change-Id: I89fe1357a172ed4d28df6dd84b80fee364ce1c14
2020-02-27 09:24:12 -08:00
Sandboxed API Team
a5d931ec5f Qualify uses of std::string
PiperOrigin-RevId: 297528932
Change-Id: I750c43e356be55a5bd37a8bb59d998238bd8f1bb
2020-02-27 00:03:55 -08:00
bielec
5a4e3f3d29 Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
PiperOrigin-RevId: 296206385
Change-Id: I53b23122abece1fe318ed4c6a7e37bf3228c8f5f
2020-02-20 07:45:44 -08:00
Christian Blichmann
5d81c822d8 Automated rollback of commit e56f562fe2.
PiperOrigin-RevId: 296178631
Change-Id: I0f871aeecd70e9d2f99c7d52d94c6043a1668325
2020-02-20 04:26:37 -08:00
Maciej Szawłowski
fc514451e0 Internal BUILD changes
PiperOrigin-RevId: 296174640
Change-Id: I94c8e36d76d6cbb2b9d65f35d8700018b62d3db1
2020-02-20 04:26:23 -08:00
Sandboxed API Team
e56f562fe2 Automated rollback of commit 4eede550e7.
PiperOrigin-RevId: 295946052
Change-Id: Ie8c23fe8eec99ab52245ae7f482f1e6b99ec010e
2020-02-19 05:19:15 -08:00
Christian Blichmann
4eede550e7 Prepare for upcoming changes in Abseil
- Move canonical errors into status.

PiperOrigin-RevId: 295941935
Change-Id: I9408d21b6d34239b0ef3f3cd24975f39f1405505
2020-02-19 04:43:29 -08:00
Wiktor Garbacz
5b1119aa6d Internal change
PiperOrigin-RevId: 295579669
Change-Id: I2488a87a78cf76f0d4ddf73d115e443bd801e420
2020-02-17 06:54:52 -08:00
Sandboxed API Team
05280287e0 Automated rollback of commit 800339d672.
PiperOrigin-RevId: 294644781
Change-Id: I88ad35abd96468476294039a41b6f2a8234db6ca
2020-02-17 10:39:08 +01:00
bielec
800339d672 Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
PiperOrigin-RevId: 294640297
Change-Id: I4c6520685a658f8b7762af238588830f71b3f54a
2020-02-17 10:38:44 +01:00
Wiktor Garbacz
f1ce6fcb87 Internal change
PiperOrigin-RevId: 292529030
Change-Id: Ie6b315d9edd5f253386474be4afff1a59e24a91e
2020-01-31 05:39:25 -08:00
Sandboxed API Team
daa1c7a64e Allow sandboxee to read from /proc when sanitizers are allowed.
Sanitizers read from /proc. For example:
69445f095c/lib/sanitizer_common/sanitizer_linux.cpp (L1101)

PiperOrigin-RevId: 292363903
Change-Id: Icc383ededcad363b4e96f5551f140f012b07b495
2020-01-30 09:30:42 -08:00
Sandboxed API Team
b9c866410d Replace deprecated thread annotations macros.
PiperOrigin-RevId: 292326427
Change-Id: Iebd745bf0c6b0b14e090462a9df44ebd7d374c7d
2020-01-30 05:07:40 -08:00
Wiktor Garbacz
539d1cac34 Replace if (!cond) { LOG(FATAL, msg) } with CHECK(cond, msg)
PiperOrigin-RevId: 291916344
Change-Id: Ib522a3f202b20bf8f1ab4ca5774952d4b8f43e91
2020-01-28 05:59:33 -08:00
Wiktor Garbacz
d88c9f7598 Log mount flags in human readable format
PiperOrigin-RevId: 291690800
Change-Id: I6c4acdad93aeed29616d1ea44f797dad6fc7f277
2020-01-27 03:19:56 -08:00
Wiktor Garbacz
d74215d30d Properly test read-only mounts
PiperOrigin-RevId: 291337704
Change-Id: I806d0d09051ab205813d6626ea70e9e57a28a7a5
2020-01-24 02:38:11 -08:00
Wiktor Garbacz
e3d638466d Internal change
PiperOrigin-RevId: 290621061
Change-Id: I4b575ac65a9c225453552db74416eed45f1f4ebd
2020-01-20 08:35:24 -08:00
Wiktor Garbacz
bd22a18f87 Internal change
PiperOrigin-RevId: 290586117
Change-Id: I637ca27121ef541d48a717903496cab256214a0a
2020-01-20 02:55:04 -08:00
Christian Blichmann
441201884a Update license header with recommended best practices
PiperOrigin-RevId: 290250533
Change-Id: Ic34b253446463cf971a055b70a242df93a598ee3
2020-01-17 05:05:29 -08:00
Wiktor Garbacz
96d9ce90e5 Properly set mount flags
PiperOrigin-RevId: 290052082
Change-Id: I35222d25a24c3d641a998b2734b90bd178759df6
2020-01-16 06:05:11 -08:00
Wiktor Garbacz
c2bd47e978 Change mount propagation to private
PiperOrigin-RevId: 289639932
Change-Id: Iac976134d5f43dcdfe895446d7caab463cc70d1a
2020-01-14 06:32:23 -08:00
Christian Blichmann
18776b6f16 Refactor syscall definitions to rely less on macros
PiperOrigin-RevId: 288478535
Change-Id: I56bf8b8817f31d60db4726b2847f8400215b7b8c
2020-01-07 05:27:21 -08:00
Sandboxed API Team
3e442b252c Allow stack trace collection when namespaces are disabled, if sandbox_libunwind_crash_handler==false.
PiperOrigin-RevId: 288267119
Change-Id: I5fce1b28521d3d685186717f153f20fb498c94e2
2020-01-06 02:34:03 -08:00
Sandboxed API Team
aea1ecd58d Improve diagnostics when dynamically linked binary is sandboxed, but can't be exec'd.
PiperOrigin-RevId: 286391400
Change-Id: I016deb34eb895480131da24bc95a6244d92f3710
2019-12-19 07:48:32 -08:00
Wiktor Garbacz
e969deea33 Global deadline for ptrace attach instead of per process
PiperOrigin-RevId: 286196033
Change-Id: Ic456b881c18518c4b52ca051fa5c58590794da17
2019-12-18 08:23:55 -08:00
Wiktor Garbacz
7125458c5d forkserver: Remove order dependent tests
Sending -1 as fd will fail and take forkserver down.
This should not happen normally so turned it into a check.

PiperOrigin-RevId: 285391908
Change-Id: Idbb05004c36cb0be57be1bd26df1c57cecfb0019
2019-12-13 06:59:01 -08:00
Sandboxed API Team
4608a7baea Explicitly export files needed by other packages
PiperOrigin-RevId: 283942197
Change-Id: If1287d2544b2161e3087fb7f5f5395f69a2eb741
2019-12-05 03:33:32 -08:00
Wiktor Garbacz
ece90e0bda Fix resource leak
Resulted in a lot of zombie processes.

PiperOrigin-RevId: 283545337
Change-Id: Ia6b2fd24fc6fc0eed4a7aa415e264618739e8234
2019-12-03 07:59:18 -08:00
Wiktor Garbacz
035965060a Create initial namespaces on demand
PiperOrigin-RevId: 283321826
Change-Id: I746ce726b834273fd8a8e0de36b311c46e42d57a
2019-12-02 05:31:42 -08:00
Sandboxed API Team
44443779bc Internal change
PiperOrigin-RevId: 282945153
Change-Id: I26d4a9d21574fad2751708fe4bb9b38ecdd8131f
2019-11-28 08:07:00 -08:00
Christian Blichmann
5c38f62ba7 Fix unused warning for IsFdOpen()
PiperOrigin-RevId: 282346983
Change-Id: I7010caf0e6f3ddb420ef992f6aa2554d540667a3
2019-11-25 06:44:14 -08:00
Wiktor Garbacz
8a7d0d1cb3 Use a nested userns&mntns to pre-pivot_root
This addresses a latency issue - chroot_fs_refs called inside pivot_root
in the kernel can take several milliseconds on machines with many threads
running.
This might not always reduce latency for custom forkservers, as additional
fork can be more costly than pivot_root.

PiperOrigin-RevId: 281306284
Change-Id: If503ac76a70e5438e94caf708d79cb0219c66def
2019-11-19 09:02:28 -08:00
Wiktor Garbacz
1673ade4e4 Remount chroot as read-only
PiperOrigin-RevId: 280394655
Change-Id: I1490b7dfbbca3d91f5efb4dd5800397c9da57da8
2019-11-14 03:51:26 -08:00
Wiktor Garbacz
a1b291d44a Fix mount entries listing for tmpfs
PiperOrigin-RevId: 276447076
Change-Id: Ia5873e34327c281e5c9fb66f5f58a0dd49ba10b0
2019-10-24 02:37:54 -07:00
Sandboxed API Team
282f2d65e7 Fix a file descriptor leak in sandbox2::Executor.
PiperOrigin-RevId: 276294193
Change-Id: I9def39a41704db9948735c259e435ccfc71bacc5
2019-10-23 09:52:07 -07:00
Kevin Hamacher
4da8f68aa8 Rework stacktrace mounttree logic
The previous one was not quite correct in cases where the outside binary path
did not match the inside path. This should be fixed with this.

PiperOrigin-RevId: 276075886
Change-Id: I1c7c4fa0191960437a2d2360b805c7098b1407c9
2019-10-22 09:05:33 -07:00
Wiktor Garbacz
a7cfbb92a6 Remove uneeded read-only remount
Caused failures if root is mounted as nodev, nosuid etc.
Root is pivoted and unmounted right after this anyhow.

PiperOrigin-RevId: 273707731
Change-Id: I75f1edaf2877c096e4f5bb7dc1b2bb8eb5c437a3
2019-10-09 02:47:38 -07:00
Kristj?n J?nsson
78824353d1 Make PolicyBuilder a value class.
This makes the class more ergonomic because
* You don't have to heap allocate the builder.
* You can create a policy builder "template" and re-use it across sandboxes to avoid repetitive work.

PiperOrigin-RevId: 273555679
Change-Id: I4084ee9c74f95ebfde873eb0dc021b3b3cdc5ea2
2019-10-08 10:45:45 -07:00
Sandboxed API Team
9931593fdc Corrects typo in link
PiperOrigin-RevId: 273248066
Change-Id: I37682d1b82fbe0b0e06d43dfe511da0d6aaa8c5a
2019-10-07 02:36:35 -07:00
Christian Blichmann
c6b8e301e4 This fixes broken _proto_cc_cc_proto build target suffixes.
These where inadvertently introduced in an internal cleanup change.

This change also removes a C++17-ism in var_proto.h. To make things easier for
downstream projects, we should stick to C++11 for the time being.

PiperOrigin-RevId: 271117700
Change-Id: I4eaacec88be16e1a561d3f77a61acce0a1af0b9d
2019-09-25 07:13:58 -07:00
Sandboxed API Team
ce46cb3fef internal BUILD file cleanup.
PiperOrigin-RevId: 270906748
Change-Id: I6a79c2f84a1d8a9fcb91061caa5f9e538fa83cba
2019-09-24 08:12:21 -07:00
Kevin Hamacher
1cf9bf8ab6 Internal change
PiperOrigin-RevId: 270878802
Change-Id: I4c946fdb5f566909eaead35a3050a99ab9047553
2019-09-24 04:50:18 -07:00
Kevin Hamacher
c337ea117e Return descriptive string if stack-traces are disabled
PiperOrigin-RevId: 270876245
Change-Id: I899a4628541712a212aa24d3a01d48d9b070c734
2019-09-24 04:27:09 -07:00
Kevin Hamacher
51d1a0e8ba Rollback of an internal change
PiperOrigin-RevId: 270874732
Change-Id: I69538a0a37ba008a41220fe9d77b3e59f8d06610
2019-09-24 04:11:52 -07:00
Sandboxed API Team
cee4ac35ae Internal BUILD file cleanup
PiperOrigin-RevId: 270672739
Change-Id: I752113fc1fa5fa3f1585b918c89ca68c058db098
2019-09-23 07:33:08 -07:00
Sandboxed API Team
a6285716f1 Internal cleanup
PiperOrigin-RevId: 270653397
Change-Id: I495a30cffdfa932da045ebed626bf97f1cb68bb2
2019-09-23 05:14:00 -07:00
Wiktor Garbacz
d43d09c746 fail soft if sandboxee exits before init is ptraced
PiperOrigin-RevId: 270254470
Change-Id: Ifa13f4fe0e7ae91b79fc689e1d7dcb2a49b09cde
2019-09-20 06:13:44 -07:00
Sandboxed API Team
0aec7a511b Don't try to parse "[vsyscall]" as an ELF image.
PiperOrigin-RevId: 269811752
Change-Id: I2118badab9b5392eae7bfd36583384a33ab8a7d5
2019-09-18 08:32:11 -07:00
Wiktor Garbacz
846717def1 Fix coverage for network and network_proxy tests
PiperOrigin-RevId: 269314101
Change-Id: I65f15261a22f8f5b6250396e41d76ef40a90ef94
2019-09-16 05:43:06 -07:00
Wiktor Garbacz
d6ca9d9564 Use proper return code for static_sandbox example
Also bump FSIZE limit to make it less likely to fail.

PiperOrigin-RevId: 268857718
Change-Id: I955ed4a10d8a49585ae330ab668a0bd891bb6ed6
2019-09-13 01:22:36 -07:00
Wiktor Garbacz
2e22b13b39 Enable namespaces by default
PiperOrigin-RevId: 268417712
Change-Id: I496d76e8a90665627b9be2bb5f9872a5df1c84e4
2019-09-11 02:39:49 -07:00
Christian Blichmann
ea1a934d51 Migrate Sandboxed API docs to developer.google.com/sandboxed-api
This change removes the in-tree documentation in favor of the one hosted on
the Google's Developer site. This makes it easier to maintain for the
sandbox team, as there is now only a single source of truth for both internal
and external documentation.

If you find errors/bugs in the documentation, please file regular GitHub
issues.

PiperOrigin-RevId: 267132623
Change-Id: I4c950fcef77da0b361cb35b99aa2f187efe6f320
2019-09-04 05:22:03 -07:00
Wiktor Garbacz
daa3defac0 Internal change
PiperOrigin-RevId: 266889781
Change-Id: Ibea87a7bb5fafb50ae3d09f7b0df876beecaf087
2019-09-04 05:21:47 -07:00
Wiktor Garbacz
da3c6c138e Fail in monitor if init process pid not received
PiperOrigin-RevId: 266886637
Change-Id: I4e896ebda8d9e15d0aefcb4139c8dc07ab938502
2019-09-03 02:37:09 -07:00
Sandboxed API Team
84702e6c97 No public change.
PiperOrigin-RevId: 265663675
Change-Id: I6ffcf796a13cddaea4f8b8a0ca20b92cc8e316a7
2019-08-27 05:36:35 -07:00
Christian Blichmann
2dd7d27952 Fix unused variable warning in monitor
PiperOrigin-RevId: 265439933
Change-Id: Idc62e0e1640bd2b866bd1a6f3c60370ae1b70592
2019-08-26 06:03:03 -07:00
Christian Blichmann
276b7efc92 Internal change.
PiperOrigin-RevId: 265057217
Change-Id: Id00c867b373dbe8c9112c23ef4b0300ed3ca9e5b
2019-08-23 08:08:51 -07:00
Christian Blichmann
b7cbc36071 Follow-up to 3c51348 fixing linker issues with gflags and glog
The temporary solution for binaries/tests that fully statically linked is to
link against `gflags` using `-Wl,--whole-archive`. This will no longer be
necessary, once Abseil ships with logging. Then we can (finally) use Abseil
flags and use a logging library that does not depend on a different flags
library.

PiperOrigin-RevId: 260705702
Change-Id: I8562faaff59f9c3e0e1d331186d2806d387438fb
2019-07-30 06:48:38 -07:00
Christian Blichmann
3c51348aaf Enable CMake projects to consume Sandboxed API via add_subdirectory()
This change moves away from a classical superbuild which downloads and builds
at build time. Instead, we now follow a "Fetch Content" workflow (available as
FetchContent in CMake 3.11+) and download dependencies at config time.

Rationale: Superbuild projects have the disadvantage that projects cannot
directly access their individual declared targets. This is not a problem with
regular libraries, as those are usually/supposed to be installed. With
Sandboxed API, this is not desirable, as it has dependencies like Abseil and
glog, which are almost always consumed by including their source tree using
add_subdirectory().

Fixes #10 and makes external embedding easier.

PiperOrigin-RevId: 260129870
Change-Id: I70f295f29a6e4fc8c330512c94b01ef10c017166
2019-07-26 05:51:08 -07:00
bielec
ef7592cfdd Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
PiperOrigin-RevId: 259512665
Change-Id: I2747c7548ab24c7d2c90abb303fd783c11fed6f4
2019-07-23 04:41:08 -07:00
Wiktor Garbacz
2300141bdb Require namespaces to be disabled explicitly
PiperOrigin-RevId: 258730797
Change-Id: I5a1df23c5176a3cecd5a343483500550f27adf44
2019-07-18 02:18:26 -07:00
Wiktor Garbacz
691104c851 Extract RunInitProcess and SendPid/RecvPid
Also properly check status of send and use one-byte messages
to avoid issues with partial send, receive.

PiperOrigin-RevId: 258362495
Change-Id: I889b4699c100c80d15b129bf3a254f5442405bc2
2019-07-16 07:23:17 -07:00
Wiktor Garbacz
2349325e2b Move root chdir to namespace setup
PiperOrigin-RevId: 258361265
Change-Id: Ifa065559e36606afa7111ef6d8e2d5d621b57426
2019-07-16 07:13:17 -07:00