Now unwinding will properly handle binaries inside bind-mounted directories.
Drive-by:
- Get rid of n^2 path handling
- Get rid of namespace alias
PiperOrigin-RevId: 358353666
Change-Id: Ieec7690ec6a1ae6d358de375220566b69e8cb094
- Move CMake superbuild files
- Drop use of `CMakeLists.txt.in` configure files
- Allow overriding dependency directories. For now, this should only be
used by GitHub workflows. Will be expanded on later, possibly renaming
the variables.
This change is one in a series to make it easier to consume/customize
Sandboxed API in downstream projects.
Drive-by:
- Update `.gitignore` to ignore clangd's `.cache` directory
Signed-off-by: Christian Blichmann <cblichmann@google.com>
Bazel readily enforces header visiblity for each target, CMake is more lenient.
PiperOrigin-RevId: 355407845
Change-Id: Ic59fa2162db8456d4c5cf4205c0fe42cc79874a9
The former is to fix compilation on GCC 7, the latter to satisfy MSAN.
PiperOrigin-RevId: 355114355
Change-Id: I5c89a65df16fe9338bcfa24b2e48c246d240ce62
Using C++17 means we can get rid of many `#ifdef`s by using `if constexpr`.
This way, we ensure that both branches compile and still retain zero runtime
overhead.
Note that open source builds of Sandboxed API do not ship with sanitizer
configurations yet. This will be added in follow-up changes.
PiperOrigin-RevId: 354932160
Change-Id: I3678dffc47ea873919f0a8c01f3a7d999fc29a5b
Also accept `absl::string_view` and `absl::Span<const std::string>` arguments.
Drive-by:
- Move using declaration into namespace
PiperOrigin-RevId: 354271016
Change-Id: Iadd873377e51cac7fa3800aab1f9e85ff94bd4e9
- Update sandbox policy (bring back inclusion of `/lib` to enable glibc
resolver
- Better error handling using new `curl_util` library
Signed-off-by: Christian Blichmann <cblichmann@google.com>
Due to a naming mixup in `oss-internship-2020/curl/CMakeLists.txt`, the
necessary `WriteToMemory()` callback was not linked into the sandboxee,
leading to a segfault in the sandboxee when trying to run the
tests/examples.
As another issue, cURL seems to call `sysinfo` and `rt_sigaction` in
recent versions and with recent libc.
Drive-by changes:
- Use the SAPI status macros instead of manually checking `absl::Status`
- Put tests in namespace
- Some Google C++-style fixes
- Start the mock test server only once per test suite
Fixes#72 for cURL.
Signed-off-by: Christian Blichmann <cblichmann@google.com>
Only externally visible changes should be a few changed includes as well as
some formatting changes.
PiperOrigin-RevId: 353226662
Change-Id: Iebf5be13774efcbd94c5d5a17b9b27e47275b229
This change should make it less confusing where utility code comes from.
Having it in two places made sense when we were debating whether to publish
Sandbox2 separately, but not any longer.
Follow-up changes will move `sandbox2/util.h` and rename the remaining
`sandbox2/util` folder.
PiperOrigin-RevId: 351601640
Change-Id: I6256845261f610e590c25e2c59851cc51da2d778
This also allows to install `libclang1` instead of `libclang1-dev` as
one of the build dependencies on Ubuntu/Debian.
Signed-off-by: Christian Blichmann <cblichmann@google.com>
This change enables support for 32-bit ARM, as used by embedded controllers and older phones.
Note: This does not support 32-bit sandboxees on AArch64. Both sandboxee and host code must have the same bitness.
PiperOrigin-RevId: 347835193
Change-Id: I6395882677530f9862f118d2dc10230a61049836
Because any change that touches continuous integration needs a companion o.O
PiperOrigin-RevId: 347769780
Change-Id: I20525aaac2ce41c48f619b641baa31e880432e50
- Ubuntu 18.04 ships with GCC 7, which needs `std::move()` when returning an `absl::StatusOr<>`
- Ignore C++ AST nodes of type `cindex.TypeKind.UNEXPOSED` in Python generator
- Remove default values in `ubuntu-cmake.yml`
PiperOrigin-RevId: 347605109
Change-Id: Ibe167249ecf4ef1af1654d63c2e067fc02e5782d
This allows resource-constrained environments to benefit from the
space savings of dynamic linking. This is not meant to be used in
the general case.
PiperOrigin-RevId: 347398828
Change-Id: Ia634959148a31159878f48c44255dd733424a2b8
FS checks are an internal feature that has been deprecated for a while in
favor of user namespaces.
PiperOrigin-RevId: 347378761
Change-Id: I1d7956cecd6db47b2b96fdedaada0b2a36f9b112