Commit Graph

1355 Commits

Author SHA1 Message Date
Sandboxed API Team
6f90a6ef2a don't drop CAP_SYS_PTRACE as it is apparently needed by sandbox
running as root when combined with apparmor (or possibly yama) LSM

PiperOrigin-RevId: 578762678
Change-Id: I60803b4ed78c6750f8ce0e0c909e5cec4f619da8
2023-11-02 00:42:33 -07:00
Sandboxed API Team
79ab44c981 drop almost all capabilities during sandbox creation
PiperOrigin-RevId: 578096197
Change-Id: I900cfab378f0069e8daac60b5eb41c5eb7401692
2023-10-31 01:31:41 -07:00
Wiktor Garbacz
4630346fd1 Fix unaligned load
PiperOrigin-RevId: 577106224
Change-Id: Icd0e113031d367fa30557d4e77571abc78e8e378
2023-10-27 00:35:10 -07:00
Wiktor Garbacz
0940a9ee4a Export config.h from syscall.h for sapi::cpu::Architecture
PiperOrigin-RevId: 569433347
Change-Id: I49b031d46f426f23cbf4556f8e22a69d6adc2c74
2023-09-29 02:32:49 -07:00
Wiktor Garbacz
37a7432178 Remove deprecated comms functions
PiperOrigin-RevId: 568510723
Change-Id: I517d739e44cb61eec8b0fd9fe6aa473e1bb8ec06
2023-09-26 05:45:27 -07:00
Wiktor Garbacz
fadfa79d7a Add missing return
PiperOrigin-RevId: 568125662
Change-Id: If9d4990de32c9503a2b78393b944d6bcb58c5477
2023-09-24 23:47:01 -07:00
Sandboxed API Team
ee7b76f592 Automated rollback of commit 4ae281b6a2.
PiperOrigin-RevId: 567287128
Change-Id: Ia12646e9ad1ebc94f6e26ae1b893b885c0908ca9
2023-09-21 06:17:56 -07:00
Wiktor Garbacz
4ae281b6a2 Remove deprecated comms functions
PiperOrigin-RevId: 567239465
Change-Id: Ic890404fa8b7e9797b2399a3b346c1339fbe133a
2023-09-21 02:31:16 -07:00
Wiktor Garbacz
9a985f91a7 Replace use of deprecated sandbox2::Comms functions
PiperOrigin-RevId: 566863078
Change-Id: Ida96eb8046ff96bdd41cec4a1427073ae43930d9
2023-09-19 23:55:05 -07:00
Wiktor Garbacz
227daf4a42 Do 1 level of recursion on libunwind crashes
PiperOrigin-RevId: 566617450
Change-Id: If5e3ce2e9763360c6cbd50145c432dfb62621136
2023-09-19 06:50:05 -07:00
Wiktor Garbacz
1cf45be7df Refactor Comms to split out listening/connecting part
Deprecated APIs slated for removal after migration of internal
clients.

PiperOrigin-RevId: 566598245
Change-Id: I5d7b920f3a788d4eccc6e78f239b660ba903adcc
2023-09-19 05:14:09 -07:00
Wiktor Garbacz
d26262d82e Remove stale comment
PiperOrigin-RevId: 566559462
Change-Id: Iafc1e05ff4a958480c14b69b4139b370cdc63149
2023-09-19 02:04:50 -07:00
Sandboxed API Team
37b3a51ca6 Use empty instead of length
PiperOrigin-RevId: 566219114
Change-Id: I123e3cb8253d092b5d2d9c8e2a85cf5348c64a58
2023-09-18 00:46:50 -07:00
Chris Kennelly
f5830c93cd Ensure that TCMalloc can execute NumCPUs.
PiperOrigin-RevId: 565683514
Change-Id: I391ab5f184f487ef3ffc553d10581cd6eaee54de
2023-09-15 08:21:13 -07:00
Wiktor Garbacz
700f8fa547 Skip sanitizers for limits_test
PiperOrigin-RevId: 565645224
Change-Id: I4441562e368ab8e0b95abbf9e3fbaa792ae59ffd
2023-09-15 04:57:24 -07:00
Wiktor Garbacz
1475458939 namespace_test: use lstat instead of stat, don't descent into procfs & sysfs
PiperOrigin-RevId: 565303140
Change-Id: I7600b60613f52260410098e617b00a2e4272b2fb
2023-09-14 02:09:12 -07:00
Wiktor Garbacz
b47a5ead07 Add TCMalloc related files to test policy
PiperOrigin-RevId: 565067820
Change-Id: I55bbe80b568042c1639435867f565880667f0180
2023-09-13 09:06:33 -07:00
Wiktor Garbacz
4289b64aa7 Disallow clone3, unsafe clone and unshare flags
Ability to create new namespaces and getting capabilities in there exposes a big kernel attack surface.

PiperOrigin-RevId: 564703131
Change-Id: I3dcf4c78dca9f51a4b068df16e1b1a69916d727c
2023-09-12 06:30:45 -07:00
Wiktor Garbacz
77f62ccb1f Remove unused NetworkProxyClient::ConnectHandler
PiperOrigin-RevId: 563750900
Change-Id: Ib848aab0520032dbdcc879cb11861b133e26c4c6
2023-09-08 07:51:13 -07:00
Wiktor Garbacz
f614862e07 Remove deprecated VecStringToCharPtrArr
PiperOrigin-RevId: 563374332
Change-Id: I6873ca0d45fd5de6ad8eab1cbc395032130e9697
2023-09-07 03:09:30 -07:00
Wiktor Garbacz
b350a41a10 Gather more coverage data
Switch to ForkWithFlags for InitProcess (it will not reset coverage).
Explicitly dump coverage after initial namespace setup.
Return instead of exiting from libunwind sandbox.

PiperOrigin-RevId: 563368599
Change-Id: I3b764db015a71bd091ee7b4b5b614281cbb84832
2023-09-07 02:43:04 -07:00
Wiktor Garbacz
f6ec787902 PtraceMonitor: Add a hard deadline for waiting for kill to take effect
PiperOrigin-RevId: 563064233
Change-Id: Id340ba3793b82737f1976638a57df513c3d4136c
2023-09-06 04:38:51 -07:00
Wiktor Garbacz
98d7f91b4d Run more tests with sanitizers and coverage
PiperOrigin-RevId: 562768789
Change-Id: I2ee9e05a75a1f4e46887ef4c6587628f36ba16eb
2023-09-05 07:14:49 -07:00
Wiktor Garbacz
92aeadddee PolicyBuilder: test error conditions for AddPolicyOnSyscalls
PiperOrigin-RevId: 562768777
Change-Id: If756f83ea657cc6cd4c1283339a2909071a47493
2023-09-05 07:13:56 -07:00
Wiktor Garbacz
02d770adcc NetworkProxyTest: test more error conditions
PiperOrigin-RevId: 562708702
Change-Id: Ifedcb0eb2bc84396627a0b53828e1e10e4c562ad
2023-09-05 02:17:25 -07:00
Wiktor Garbacz
b088c01ab2 Add missing Aarch64 syscall entries
PiperOrigin-RevId: 562705740
Change-Id: Ie75c13b4b1669cc7bcd45baa51119c633e120993
2023-09-05 02:03:36 -07:00
Wiktor Garbacz
5f9698612e Better network proxy tests
Fix sending error on `connect` failure.

PiperOrigin-RevId: 562693682
Change-Id: I70c710a9001f22e172cbe4df328983bfa7188d3d
2023-09-05 00:57:27 -07:00
Wiktor Garbacz
3ea315858d Remove mutexes from Comms
It was never fully thread-safe.
e.g. calling SendProtoBuf concurrently from 2 threads
could result in a data race.
Also not all users need the thread-safety thus it's better left off to be done externally by the ones that require it.

PiperOrigin-RevId: 562548941
Change-Id: Ie32dfca366be9e0c32841e55b688907f4f5f7704
2023-09-04 07:00:57 -07:00
Wiktor Garbacz
197f03aa5b Adjust code so that variable name is correct
PiperOrigin-RevId: 562509424
Change-Id: I33bf50c2cdce0fbd38d669d76da95b448f1841e4
2023-09-04 03:13:42 -07:00
Jaeden Quintana
e23acfd7e7 Made slight optimizations in Sandbox2's comms.
The optimizations are:
* Reduced the number of calls to `write` (originating from `SendTLV()`) from 3 to 1-2 (depending on size of the payload).
* Reduced the number of calls to `read()` (originating from `RecvTLV()`) from 3 to 2.

PiperOrigin-RevId: 561750509
Change-Id: I81bc092edf602e12c85ee97bd2e77b587b750d65
2023-08-31 13:50:26 -07:00
Wiktor Garbacz
2c9ac02b68 Rework network_proxy related tests/examples
PiperOrigin-RevId: 561632543
Change-Id: I85843cc1cac8348273a5593339b38ae08e07592c
2023-08-31 06:06:09 -07:00
Sandboxed API Team
a0eb8d4445 Increase limits in ElfParser
PiperOrigin-RevId: 561621211
Change-Id: I3bbe8aecd3e3044251b67145927ee3a04bc56532
2023-08-31 05:01:51 -07:00
Wiktor Garbacz
dc25251af9 Enable sandboxed stack traces for coverage
PiperOrigin-RevId: 561611676
Change-Id: I852eec8fc3728da1ae0b4bca8ccc9a628b8b5adc
2023-08-31 04:05:49 -07:00
Wiktor Garbacz
f715bd8ba9 Run more tests with coverage enabled
PiperOrigin-RevId: 561575508
Change-Id: Ifc9a678b6a6cbcd892a1f8710b941514eb1d9764
2023-08-31 00:44:23 -07:00
Wiktor Garbacz
47c868e6b1 Merge block bpf/ptrace tests
PiperOrigin-RevId: 561338563
Change-Id: If2704835c75ca0ae367375212c2104289e7b5cb0
2023-08-30 07:47:15 -07:00
Wiktor Garbacz
5802d5b681 Refactor Forkserver::LaunchChild
PiperOrigin-RevId: 561331391
Change-Id: Ia96187ac1aff25a729c92dfc937f48cc0ae64342
2023-08-30 07:12:30 -07:00
Wiktor Garbacz
09a48bac06 Reduce CHECK-failures in unotify monitor
This also fixes a CHECK-failure in Join() when waiting for sandboxee
times out.

PiperOrigin-RevId: 561282248
Change-Id: I5568c3b9e6b8dce531167c267f7896996326d2e2
2023-08-30 02:56:16 -07:00
Wiktor Garbacz
4a6b0d4633 Always override forkservers comms_fd in sandboxee
PiperOrigin-RevId: 561276110
Change-Id: I8bd1ce7e2f363b5e371a431b1e6db6534023e401
2023-08-30 02:20:56 -07:00
Wiktor Garbacz
0150026d38 Make PolicyBuilder helpers more self-contained
PiperOrigin-RevId: 561032912
Change-Id: I74db0c33609eb74df144db8d1d844b7267bf8ce4
2023-08-29 08:12:19 -07:00
Wiktor Garbacz
37f00991b9 Final round of IWYU fixes for Sandbox2
PiperOrigin-RevId: 560077736
Change-Id: Id810db20b0042b8cd4f8f7a352b2cc571de51b71
2023-08-25 06:50:29 -07:00
Christian Blichmann
c04ef4572c CMake: Re-add missing library deps due to bad merge
PiperOrigin-RevId: 560020224
Change-Id: I54d329b12282f1a0c711b60f31f174c42ab3d893
2023-08-25 01:49:39 -07:00
Wiktor Garbacz
7de1c4d8d0 More IWYU annotations
PiperOrigin-RevId: 560004823
Change-Id: If4d5048d01b09041c8b7175498a751df51ac0ba6
2023-08-25 00:35:09 -07:00
Wiktor Garbacz
c175ac2c20 Fix missing dep for users of SANDBOX2_TRACE
PiperOrigin-RevId: 560004680
Change-Id: I7e9b86939ab1df2e2a400887ee53c8b9110e341c
2023-08-25 00:34:20 -07:00
Wiktor Garbacz
edde724ab9 Internal change
PiperOrigin-RevId: 559996678
Change-Id: I25a18212dc2ab15dd106cffea6132bea4a3b842d
2023-08-24 23:55:35 -07:00
Wiktor Garbacz
8254d13faf Reenable the stack_trace_test
It was fixed internally and https://github.com/libunwind/libunwind/pull/602 should make it better for OSS.

PiperOrigin-RevId: 559772982
Change-Id: Ifcbf824d37cb4988dc56db20a8bbaaaf52a2cb81
2023-08-24 09:11:56 -07:00
Christian Blichmann
d5ff466c59 Support passing stderrthreshold to sandboxee
PiperOrigin-RevId: 559769140
Change-Id: I57ad45e1155355e51a821d7903b2eb73dd1303ee
2023-08-24 08:58:26 -07:00
Wiktor Garbacz
3adc232a07 Add missing dependencies bazel/BUILD
PiperOrigin-RevId: 559742911
Change-Id: I4212fa4abf27d8318b394425c1f3206b9377e63b
2023-08-24 07:09:14 -07:00
Wiktor Garbacz
127176d72f Bulk IWYU and build_cleaner fixes
PiperOrigin-RevId: 559733768
Change-Id: Ia38f4c176e9f0abbfdb3a8f1109f482d8870eb0f
2023-08-24 06:23:36 -07:00
Wiktor Garbacz
38e5be910e Temporarily disable a non-sandboxed crash stack_trace_test
This might fail under some versions of libunwind.

PiperOrigin-RevId: 559728630
Change-Id: I12bad6ec68a52164f79c8bf9a7b349fcd1a462e9
2023-08-24 05:59:50 -07:00
Christian Blichmann
eaf8ef88c4 Sandboxed API: Env vars: Set GOOGLE_STDERRTHRESHOLD used by OSS Abseil
Internally, Abseil and Google logging use different flags and env vars to
control output.

PiperOrigin-RevId: 559715938
Change-Id: I4a908eb835ae0c5d598fb1ca6dc09182a9c3be22
2023-08-24 04:50:21 -07:00