Wiktor Garbacz
0036d9d09f
Update Abseil
...
PiperOrigin-RevId: 559684012
Change-Id: Iee3e338a0b4dc1548f44610ba5e535e8787cf969
2023-08-24 01:59:03 -07:00
Wiktor Garbacz
6986af58bb
IWYU fixes
...
PiperOrigin-RevId: 559444773
Change-Id: If92cdc4f978a22bfdbd61b0c9e0b43ea272bca8d
2023-08-23 09:04:00 -07:00
Wiktor Garbacz
696d0eed11
Add IWYU pragma
...
PiperOrigin-RevId: 559415055
Change-Id: I8bbcc6b1e0b422ce46a63d2a9a429edd3402c51e
2023-08-23 07:14:21 -07:00
Wiktor Garbacz
9dcc9db919
Replace StrError with PLOG
...
PiperOrigin-RevId: 559380593
Change-Id: Ia7d2bcb3908b5e739ac5c4aaec1559fb6f86f383
2023-08-23 04:09:02 -07:00
Sandboxed API Team
41003aae83
Automated rollback of commit 1e26cd50dc
.
...
PiperOrigin-RevId: 559102360
Change-Id: I5dd175d5f0b9ece602f5c26454ad1f1e2e3a60fc
2023-08-22 07:12:09 -07:00
Wiktor Garbacz
c4660f8a6e
Provide sealing flags if not defined in the headers
...
Also adjust naming of MFD_ constants
PiperOrigin-RevId: 559091482
Change-Id: I74271aee443a6d174950fd258bd238587cb4c75e
2023-08-22 06:21:25 -07:00
Wiktor Garbacz
e75be07bb0
Automated rollback of commit 9c21744460
.
...
PiperOrigin-RevId: 559063479
Change-Id: I4ccf8d5717b8669921c5b580eb415975cd625eaf
2023-08-22 03:59:49 -07:00
Wiktor Garbacz
8a6b689c29
Cleanup includes
...
PiperOrigin-RevId: 559053598
Change-Id: Ie28d6db5505ed6ed14181fca9224390d883c20de
2023-08-22 03:04:38 -07:00
Wiktor Garbacz
632fdc639d
Add missing includes
...
PiperOrigin-RevId: 559052007
Change-Id: I3bc95cbc204c207d60c5aabb414840fdaba8c0c6
2023-08-22 02:56:16 -07:00
Wiktor Garbacz
1e26cd50dc
Always override forkservers comms_fd in sandboxee
...
PiperOrigin-RevId: 558721787
Change-Id: I331efd38b0571877b53cdc14190bae0ed639ce3f
2023-08-21 02:15:52 -07:00
Wiktor Garbacz
56d11ae733
Client::PrepareEnvironment simplify by supporting just a single preserved fd
...
PiperOrigin-RevId: 558133382
Change-Id: I043985fcf331761b424ce720791711e5ea1f4fb9
2023-08-18 06:52:45 -07:00
Wiktor Garbacz
1e9b686c4f
Make Comms
movable
...
PiperOrigin-RevId: 558110484
Change-Id: I87fec43c0157e16ba683c498d8b50b3655efac17
2023-08-18 04:41:30 -07:00
Wiktor Garbacz
08b81b52e0
Internal change
...
PiperOrigin-RevId: 558105430
Change-Id: I6b0c1c3a389b8b22c50fe3b2e753aba9a3e804ab
2023-08-18 04:10:42 -07:00
Wiktor Garbacz
bf9fe79dbe
Introduce a SAPI_RAW_VLOG_IS_ON just for raw_logging
...
PiperOrigin-RevId: 558094899
Change-Id: I9da55eb55af22eafc74a81999dc920dbab98a1a3
2023-08-18 03:12:36 -07:00
Wiktor Garbacz
ff23e878d3
Prefer regular logging to raw_logging
...
PiperOrigin-RevId: 558089528
Change-Id: Id3fb3ec16d25c5df859c305e1b0db00b54212958
2023-08-18 02:43:27 -07:00
Wiktor Garbacz
b258535161
Treat libunwind sandbox as a ~regular sandboxee
...
This removes dependency on unwind from forkserver,
which should reduce binary size for all the custom forkservers (also the SAPI generated ones).
Unwind was only ever used by the global forkserver anyhow
PiperOrigin-RevId: 557921074
Change-Id: Iea4904da0506fee5a00f970538f512cba7b02326
2023-08-17 13:32:44 -07:00
Wiktor Garbacz
6a64659fac
Use default SAPI policy in the examples
...
PiperOrigin-RevId: 557903883
Change-Id: Ieb65c5cf109037073449f16a466e33937deeb553
2023-08-17 12:34:47 -07:00
Wiktor Garbacz
77fbfa7f5f
forkserver: use eventfd instead pipe for initial namespace creation
...
PiperOrigin-RevId: 557764601
Change-Id: I146c67bc6d4ba68f17c2117b1ca4d6bc71d30ffa
2023-08-17 03:02:19 -07:00
Wiktor Garbacz
5d13550877
Allow set_robust_list for TSAN
...
It might spawn a thread which will likely invoke that syscall.
PiperOrigin-RevId: 557762639
Change-Id: I26a7a79253338bbe83d22d1680256e5cdb914762
2023-08-17 02:52:53 -07:00
Wiktor Garbacz
18c64ae10f
Adjust sandboxed_api default policy
...
PiperOrigin-RevId: 557762512
Change-Id: I600c8126ee09b8bab927013de25fcb836c78ac9a
2023-08-17 02:51:59 -07:00
Christian Blichmann
f378d22405
Clang tool: Skip protobuf namespaces when emitting headers
...
The protobuf internals are not needed in the API header and will be made
available as soon as user code includes any generated proto header.
PiperOrigin-RevId: 557749772
Change-Id: Idc48a652ab1892dae559192afbde20ae34e4c7ce
2023-08-17 01:58:33 -07:00
Wiktor Garbacz
0a0bf05dc3
Readd VLOGs removed by mistake
...
PiperOrigin-RevId: 557739843
Change-Id: I21497028fc26388fec8a45ee1bfa2f11cf9022d2
2023-08-17 01:13:21 -07:00
Sandboxed API Team
7d78b89777
Fix typo.
...
PiperOrigin-RevId: 557598808
Change-Id: I02ac71ca025be9a5e45011b1bbeb07a144b2e632
2023-08-16 14:13:42 -07:00
Sandboxed API Team
034f24001e
In Sandbox2 IPC class, add a MapDupedFd() function to allow application to retain ownership of the local_fd.
...
PiperOrigin-RevId: 557539211
Change-Id: Ib74a305333bc51a261c766052284e9fa68115e9d
2023-08-16 10:58:55 -07:00
Wiktor Garbacz
abd3faf51b
monitor_unotify: Use eventfd instead of pipe for notifications
...
PiperOrigin-RevId: 557479262
Change-Id: Ie03e4e8915950999ff0b47e8b08c50241e53a600
2023-08-16 07:29:11 -07:00
Wiktor Garbacz
7a57d32711
forkserver: Remove waitpid flag
...
It was superseded by sandboxee rusage when using unotify monitor
PiperOrigin-RevId: 557396642
Change-Id: I41f84149227f62d4b7727030f9359834a9b61dbc
2023-08-16 01:33:12 -07:00
Christian Blichmann
c501379056
Clang tool: Prevent extra nesting of namespaces
...
When specifying the `namespace` argument in Bazel (`NAMESPACE` in CMake), the
Clang tool used to put _all_ dependent types in that namespace.
For a declaration of `namespace a::b { struct S {...};` and a `namespace`
argument of `a::b`, this means that the header output was similar to
```
namespace a::b {
namespace a::b {
struct S { ...
```
This was never intended and also does not match the Python based header
generator. The Clang tool now "merges" those same namespaces. This is
correct, as it processes `namespace`d spellings with their full namespace
path.
PiperOrigin-RevId: 557393076
Change-Id: I1474dd30b6c4150d0ae3c1c48579f88060974980
2023-08-16 01:17:54 -07:00
Wiktor Garbacz
1c2596785b
Clearer logs on execveat failures
...
Drive-by: remove redundant log prefix (PLOG prepends filename and line)
PiperOrigin-RevId: 557367980
Change-Id: Id7cc945969e0ae06a451ca3dd0f3e288402b9136
2023-08-15 23:30:44 -07:00
Christian Blichmann
ae3d334cc2
generator2: Skip anonymous structs/unions
...
The Python code has been relying on `spelling` to return `None` for skipping
anonymous structs/unions.
libclang has been returning a "spelling" for those for a while now (LLVM 16
introduced this in its branch in 2022), though, so this check no longer works.
Use the correct method `clang.CIndex.is_anonymous()` instead.
PiperOrigin-RevId: 557099905
Change-Id: I13707509dbae03481c5edce7fa92554cefdd57e7
2023-08-15 05:20:47 -07:00
Christian Blichmann
352d1f8fb2
Clang tool: Emit aggregates with default initialized members
...
PiperOrigin-RevId: 556765694
Change-Id: I2547919cdc1fcb048c99de325a8b2c24800b0e06
2023-08-14 06:14:43 -07:00
Wiktor Garbacz
8b70461db4
Automated rollback of commit a946cedc95
.
...
PiperOrigin-RevId: 555902433
Change-Id: I93efb401e64b90ba114911b87ed680456037d248
2023-08-11 04:54:59 -07:00
Wiktor Garbacz
a946cedc95
PtraceMonitor: Add a hard deadline for waiting for kill to take effect
...
PiperOrigin-RevId: 555854230
Change-Id: If323725e5112344105627844910356dd14c9ad31
2023-08-11 02:01:10 -07:00
Wiktor Garbacz
01e14e0bb7
Fix bypass for enabling ptrace
/bpf
...
PiperOrigin-RevId: 555847265
Change-Id: I671c0650caeefaac590d3d0030ff90e18fda6bbd
2023-08-11 01:34:27 -07:00
Wiktor Garbacz
3079d2b4e0
Make Policy a simple copyable type
...
PiperOrigin-RevId: 555146979
Change-Id: I83d7260d65d4291c418e6c8e80385cbdc8fbc758
2023-08-09 06:44:22 -07:00
Wiktor Garbacz
c14312c3a2
Kill on each iteration of graceful exit loop
...
I believe it's possible for the `main_pid` to disappear between `kill` and `sigtimedwait` by means of an `exec` from a multithreaded process (`PTRACE_EVENT_EXIT` happens after the `exec`ing thread changes its tid to main_pid)
PiperOrigin-RevId: 555137959
Change-Id: Id22908fb31497c0906e4f4fda66400fbf9ac9efb
2023-08-09 06:00:19 -07:00
Christian Blichmann
999336a27d
Buildkite: Add specific version for 'clang' Python package
...
PiperOrigin-RevId: 554780053
Change-Id: Ia2cc1649aac173d8c606e049955b5dde1d585dc8
2023-08-08 04:48:59 -07:00
Wiktor Garbacz
48bbb06fe7
Move log warning about non-namespaced stacktraces
...
PiperOrigin-RevId: 554493643
Change-Id: I27755322edcd7c0191cd125ec8ffdace18a6460c
2023-08-07 09:07:06 -07:00
Wiktor Garbacz
4890c86cec
Mark GetNamespaceDescription const
...
PiperOrigin-RevId: 554460753
Change-Id: I3304fb7d19f93750b1d74aeb1b8213af2f0fea85
2023-08-07 06:48:11 -07:00
Wiktor Garbacz
dd664400d7
More verbose logging on graceful exit timeout
...
PiperOrigin-RevId: 554382651
Change-Id: I7205fed9285b2aaff93860782d65d3dc829bb5f9
2023-08-07 00:28:10 -07:00
Sandboxed API Team
0a0ac6a66b
Automated rollback of commit 4d625e521b
.
...
PiperOrigin-RevId: 553536999
Change-Id: If6ae319e54a3ea5eb88e00888044ba1088bd62d2
2023-08-03 11:23:05 -07:00
Wiktor Garbacz
7722c07d0c
Mark Mounts::RecursivelyListMounts()
const
...
PiperOrigin-RevId: 553472906
Change-Id: Ia222751fd4b978dece6ef12c6677db8f3092ac1b
2023-08-03 07:40:16 -07:00
Wiktor Garbacz
4d625e521b
Move log warning about non-namespaced stacktraces
...
PiperOrigin-RevId: 553472372
Change-Id: Iba43cba78edd1826afb29f49a7e08e919554ed80
2023-08-03 07:37:54 -07:00
Wiktor Garbacz
3f9e9a2b25
Make Namespace copyable, movable and copy/move assignable
...
There is no strong reason why this shouln't be the case.
Some future refactorings will depend on this.
PiperOrigin-RevId: 553456024
Change-Id: I452a2804c59ed006326ab37cbe0dec80f53cd714
2023-08-03 06:21:13 -07:00
Wiktor Garbacz
29b7b49325
Use return value directly instead of SAPI_ASSIGN_OR_RETURN dance
...
PiperOrigin-RevId: 553449209
Change-Id: Id344bc84a42edfaf92b95dc8cf92582001183494
2023-08-03 05:45:58 -07:00
Wiktor Garbacz
fc8a2340c7
Rename GetCloneFlags
...
PiperOrigin-RevId: 553448623
Change-Id: Ia49b16dd4b8795ba95bab8a8ea0c7ffc50bba628
2023-08-03 05:42:29 -07:00
Wiktor Garbacz
8fbe21ce0e
Really give priority to main_pid
...
Do process all events as soon one for priority_pid arrives.
PiperOrigin-RevId: 553156575
Change-Id: I57a9b4ca54a0e0fe5f01245b130f53ef3f8678fc
2023-08-02 08:42:51 -07:00
Wiktor Garbacz
3bbb98c494
Better error when calling RunAsync on a Sandbox2 instance twice
...
PiperOrigin-RevId: 553129224
Change-Id: I92ff15d111ccd5e7d4310a2e1559811dd1cc7027
2023-08-02 06:44:21 -07:00
Wiktor Garbacz
1c960e8389
EmbedFile: Reopen memfds as readonly to workaround problems with CRIU
...
CRIU while restoring memfd sometimes reopens them, which might result in ETXTBUSY on execveat.
PiperOrigin-RevId: 553114741
Change-Id: I11ee7aabe48a2853a8921a270c6cdcc70b50a518
2023-08-02 05:28:04 -07:00
Oliver Kunz
eaa175c8d2
Sandbox2: Remove file sealing for in-memory files.
...
The `CreateMemFd` function sets the `MFD_ALLOW_SEALING` flag which enables seals to be set and creating an empty file seal.
PiperOrigin-RevId: 550850108
Change-Id: I1a84b7b14cc9396144048bbeb8995f2f7eca9fb7
2023-07-25 05:04:52 -07:00
Oliver Kunz
04ed89906b
Adding AllowOpen to AllowLlvmSanitizers to avoid having to add AllowOpen in addition when it's only needed for running under the sanitizers.
...
In cases where SAPI users overwrite the default policy instead of extending it, the sandbox will fail with an `openat` violation. This is automatically inherited in the default policy.
The advantage with this implementation is that we don't expose the open* syscalls when not running under the sanitizers.
PiperOrigin-RevId: 550845188
Change-Id: I151d467848983b00b71ec8447d662394fa7176db
2023-07-25 04:38:43 -07:00