Christian Blichmann
a60ff1a95c
Remove OsErrorMessage
in favor of Abseil's new ErrnoToStatus
...
#Cleanup
PiperOrigin-RevId: 443359044
Change-Id: I2b3e385a1846feac79edd28fcbf6e85b1429a44a
2022-04-21 06:15:38 -07:00
Oliver Kunz
206547591b
Migrate forkserver.proto to proto3 syntax
...
PiperOrigin-RevId: 434458725
Change-Id: I277f76a1a5ebd3eed15c6b3f3e7f849bf6edacea
2022-03-14 07:28:23 -07:00
Wiktor Garbacz
50c55e8ac0
Provide clearer error message when global forkserver is chrooted
...
PiperOrigin-RevId: 433686276
Change-Id: Ieb01f9dcafdce7bcb548807169f429cc8a181e56
2022-03-10 01:32:55 -08:00
Wiktor Garbacz
20edaae54f
Add an option to allow mount propagation
...
PiperOrigin-RevId: 433211924
Change-Id: I653f000d44de10b668b375fd2dfff3c668cbf673
2022-03-08 08:01:19 -08:00
Christian Blichmann
d451478e26
Change license link to HTTPS URL
...
PiperOrigin-RevId: 424811734
Change-Id: If5ea692edc56ddc9c99fd478673df41c0246e9cc
2022-01-28 01:39:09 -08:00
Wiktor Garbacz
ae9432bc03
Internal change
...
PiperOrigin-RevId: 423070471
Change-Id: I876ef8f1d2464383ac319e196c1ba64c46ea4201
2022-01-20 08:09:53 -08:00
Wiktor Garbacz
3f5184770d
Introduce util::CharPtrArray with proper ownership semantics
...
Replace existing calls to VecStringToCharPtrArr
PiperOrigin-RevId: 417383812
Change-Id: Ibf9d878df5ada2cb3a0872f7ca7cab96c304a5c1
2021-12-20 05:08:12 -08:00
Kevin Hamacher
aea8bb2ed0
Automated rollback of commit 2036f5b2f0
.
...
PiperOrigin-RevId: 395893427
Change-Id: Iabd32de9cd83de5cc8567834e1f91e48c521ac60
2021-09-10 03:34:44 -07:00
Sandboxed API Team
2036f5b2f0
Automated rollback of commit 4b018757c3
.
...
PiperOrigin-RevId: 395067992
Change-Id: I5db335ed881aa81748a0fc8082091b160fe83e86
2021-09-06 04:07:11 -07:00
Kevin Hamacher
4b018757c3
Use absl::flat_hash_set
+ Status in favor of std::set
in the sanitizer API
...
PiperOrigin-RevId: 395061068
Change-Id: I31548eb6fc9f27f55acf25bd6d3d0b941a529e63
2021-09-06 03:15:39 -07:00
Kevin Hamacher
eb2c5a66f4
Rework GetListOfFDs
API
...
PiperOrigin-RevId: 395043959
Change-Id: I77ce13f0c786d3644971ed239f3106319667e979
2021-09-06 01:01:19 -07:00
Christian Blichmann
ccd7b03026
Introduce sapi::OsErrorMessage()
for error handling
...
This should make handling OS error less repetetive.
PiperOrigin-RevId: 387074642
Change-Id: I09b8c5e37e7f7b08341e22ba01ccda21a916a4bc
2021-07-27 04:10:04 -07:00
Wiktor Garbacz
34c7be759a
Another round of file descriptor handling fixes
...
PiperOrigin-RevId: 384646707
Change-Id: Ia1b51a348bcb2a1426ba26a4ed045b0522168745
2021-07-14 01:33:34 -07:00
Christian Blichmann
2d3a040f64
Minor cleanup/formatting changes
...
PiperOrigin-RevId: 374164136
Change-Id: I505cbc3ac9f899ed965cde66aaae1aba55a90c64
2021-05-17 04:07:08 -07:00
Christian Blichmann
ca6ec4337d
Add workaround for active Tomoyo LSM
...
Recenly, Debian based distribution kernels started activating the Tomoyo Linux
Security Module by default. Even if it is not used, this changes the behavior
of `/dev/fd` (pointing to `/proc/self/fd` by default), which Sandbox2 needs during
`execveat()`.
As a result, Sandbox2 and Sandboxed API always fail without one of the following
conditions
- `/proc` mounted within the sandboxee
- `/dev` mounted
- `/dev/fd` symlinked to `/proc/self/fd` in the sandboxee's mount namespace
Some code pointers to upstream Linux 5.12.2:
- https://elixir.bootlin.com/linux/v5.12.2/source/fs/exec.c#L1775
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/tomoyo.c#L107
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/domain.c#L729
To find out whether your system has Tomoyo enabled, use this command, similar to
what this change does in code:
```
$ cat /sys/kernel/security/lsm | grep tomoyo && echo "Tomoyo active"
capability,yama,apparmor,tomoyo
Tomoyo active
```
The config setting `CONFIG_DEFAULT_SECURITY` controls which LSMs are built into
the kernel by default.
PiperOrigin-RevId: 372919524
Change-Id: I2181819c04f15f57d96c44ea9977d0def4a1b623
2021-05-10 07:04:04 -07:00
Christian Blichmann
dbaf95c724
Move utility code into sandboxed_api/util
...
This change should make it less confusing where utility code comes from.
Having it in two places made sense when we were debating whether to publish
Sandbox2 separately, but not any longer.
Follow-up changes will move `sandbox2/util.h` and rename the remaining
`sandbox2/util` folder.
PiperOrigin-RevId: 351601640
Change-Id: I6256845261f610e590c25e2c59851cc51da2d778
2021-01-13 09:25:52 -08:00
Christian Blichmann
c3ac45be3e
Reimplement raw logging to avoid Abseil internals
...
The defined raw logging macros should be compatible with Abseil and
we can remove our version once Abseil releases theirs.
PiperOrigin-RevId: 347354273
Change-Id: I178a89cfd2e19bcd707a06fa9dfd7b767e2b654b
2020-12-14 03:34:02 -08:00
Wiktor Garbacz
f8a2729c32
Start global fork-server on demand
...
Allow disabling global fork-server with a flag.
PiperOrigin-RevId: 340860588
Change-Id: I184603dc3a81eb90f715053e14fb3b8d66a6f104
2020-11-05 08:48:03 -08:00
Sandboxed API Team
23da55c19a
Internal BUILD refactoring
...
PiperOrigin-RevId: 329720214
Change-Id: I25fbb94dea17db3bdca6438d17508fa304d9706f
2020-09-03 07:40:33 -07:00
Wiktor Garbacz
c53f2a900f
Automated rollback of commit e7a195ce42
.
...
PiperOrigin-RevId: 328918626
Change-Id: Iabe93ec7062ea6e750e4185e2b0b672a37111ee7
2020-08-28 04:49:41 -07:00
Sandboxed API Team
e7a195ce42
Automated rollback of commit 82c56775ef
.
...
PiperOrigin-RevId: 328340042
Change-Id: Ib225f8012fb373c74e3f1b3e6201b2daca7da40b
2020-08-25 09:01:22 -07:00
Wiktor Garbacz
82c56775ef
StatusOr
cleanups
...
PiperOrigin-RevId: 328318284
Change-Id: I207570c0fee6797dbc8995d36ef2130b0bff28fa
2020-08-25 06:22:05 -07:00
Wiktor Garbacz
f7d3f442df
Extract ForkClient to a separate target
...
PiperOrigin-RevId: 321757582
Change-Id: I48b89ab4e4b1d87dd9444874de5bf5bd2526531a
2020-07-17 04:54:54 -07:00
Wiktor Garbacz
e9f7293e21
Fix ptrace_hook dependency graph
...
PiperOrigin-RevId: 321748143
Change-Id: Idb453054b78e932ce13c5f44f7d408cc0f9c31f2
2020-07-17 03:20:43 -07:00
Chris Kennelly
63a8b3ff15
Refactoring for internal change
...
PiperOrigin-RevId: 320612442
Change-Id: I65729ac5d83c76dac047a47f866b7ad4af3c56c1
2020-07-10 09:01:49 -07:00
Wiktor Garbacz
6008dc6db4
Reduce dependencies on libcap
...
PiperOrigin-RevId: 319228803
Change-Id: I1a9497f9e33bbe1e84749505305cd9c148b6d700
2020-07-01 08:23:46 -07:00
Wiktor Garbacz
0d375e69e1
Remove abort from ExecuteProcess
...
Otherwise ExecuteProcess is implicitly `[[noreturn]]` and this
might cause policy violations in `__asan_handle_no_return`
for ASAN builds.
PiperOrigin-RevId: 319203128
Change-Id: I5c8ba71ce88261f803aa3f16730eccea0d803dd1
2020-07-01 04:54:29 -07:00
Christian Blichmann
496672c333
Cleanup calls to sapi::StatusOr<>::ValueOrDie()
...
PiperOrigin-RevId: 304398197
Change-Id: I85d09457a5e27f65c0792fe93aebbd8219801ef6
2020-04-02 07:42:45 -07:00
Christian Blichmann
f6c3db4c6e
Replace sapi::Status with absl::Status
...
PiperOrigin-RevId: 297614681
Change-Id: I89fe1357a172ed4d28df6dd84b80fee364ce1c14
2020-02-27 09:24:12 -08:00
Christian Blichmann
5d81c822d8
Automated rollback of commit e56f562fe2
.
...
PiperOrigin-RevId: 296178631
Change-Id: I0f871aeecd70e9d2f99c7d52d94c6043a1668325
2020-02-20 04:26:37 -08:00
Maciej Szawłowski
fc514451e0
Internal BUILD changes
...
PiperOrigin-RevId: 296174640
Change-Id: I94c8e36d76d6cbb2b9d65f35d8700018b62d3db1
2020-02-20 04:26:23 -08:00
Sandboxed API Team
e56f562fe2
Automated rollback of commit 4eede550e7
.
...
PiperOrigin-RevId: 295946052
Change-Id: Ie8c23fe8eec99ab52245ae7f482f1e6b99ec010e
2020-02-19 05:19:15 -08:00
Christian Blichmann
4eede550e7
Prepare for upcoming changes in Abseil
...
- Move canonical errors into status.
PiperOrigin-RevId: 295941935
Change-Id: I9408d21b6d34239b0ef3f3cd24975f39f1405505
2020-02-19 04:43:29 -08:00
Wiktor Garbacz
539d1cac34
Replace if (!cond) { LOG(FATAL, msg) }
with CHECK(cond, msg)
...
PiperOrigin-RevId: 291916344
Change-Id: Ib522a3f202b20bf8f1ab4ca5774952d4b8f43e91
2020-01-28 05:59:33 -08:00
Christian Blichmann
441201884a
Update license header with recommended best practices
...
PiperOrigin-RevId: 290250533
Change-Id: Ic34b253446463cf971a055b70a242df93a598ee3
2020-01-17 05:05:29 -08:00
Sandboxed API Team
aea1ecd58d
Improve diagnostics when dynamically linked binary is sandboxed, but can't be exec'd.
...
PiperOrigin-RevId: 286391400
Change-Id: I016deb34eb895480131da24bc95a6244d92f3710
2019-12-19 07:48:32 -08:00
Wiktor Garbacz
7125458c5d
forkserver: Remove order dependent tests
...
Sending -1 as fd will fail and take forkserver down.
This should not happen normally so turned it into a check.
PiperOrigin-RevId: 285391908
Change-Id: Idbb05004c36cb0be57be1bd26df1c57cecfb0019
2019-12-13 06:59:01 -08:00
Wiktor Garbacz
ece90e0bda
Fix resource leak
...
Resulted in a lot of zombie processes.
PiperOrigin-RevId: 283545337
Change-Id: Ia6b2fd24fc6fc0eed4a7aa415e264618739e8234
2019-12-03 07:59:18 -08:00
Wiktor Garbacz
035965060a
Create initial namespaces on demand
...
PiperOrigin-RevId: 283321826
Change-Id: I746ce726b834273fd8a8e0de36b311c46e42d57a
2019-12-02 05:31:42 -08:00
Wiktor Garbacz
8a7d0d1cb3
Use a nested userns&mntns to pre-pivot_root
...
This addresses a latency issue - chroot_fs_refs called inside pivot_root
in the kernel can take several milliseconds on machines with many threads
running.
This might not always reduce latency for custom forkservers, as additional
fork can be more costly than pivot_root.
PiperOrigin-RevId: 281306284
Change-Id: If503ac76a70e5438e94caf708d79cb0219c66def
2019-11-19 09:02:28 -08:00
Christian Blichmann
276b7efc92
Internal change.
...
PiperOrigin-RevId: 265057217
Change-Id: Id00c867b373dbe8c9112c23ef4b0300ed3ca9e5b
2019-08-23 08:08:51 -07:00
Wiktor Garbacz
691104c851
Extract RunInitProcess and SendPid/RecvPid
...
Also properly check status of send and use one-byte messages
to avoid issues with partial send, receive.
PiperOrigin-RevId: 258362495
Change-Id: I889b4699c100c80d15b129bf3a254f5442405bc2
2019-07-16 07:23:17 -07:00
Wiktor Garbacz
2349325e2b
Move root chdir to namespace setup
...
PiperOrigin-RevId: 258361265
Change-Id: Ifa065559e36606afa7111ef6d8e2d5d621b57426
2019-07-16 07:13:17 -07:00
Wiktor Garbacz
8a4e665cba
Remove redundant process setup
...
PR_SET_PDEATHSIG is already issued for init process in SanitizeCurrentProcess
Same for setsid
PiperOrigin-RevId: 258142844
Change-Id: Iad9e94bd402d576c1b24caab0b03efc50e2df07e
2019-07-15 05:36:27 -07:00
Kevin Hamacher
1b50485be6
Move forkserver into a dedicated binary
...
PiperOrigin-RevId: 242637894
Change-Id: I16f19d077e2b5b9d0d4ef58344d5caaef95af7c6
2019-04-09 14:37:41 +02:00
Kevin Hamacher
e44231e28a
Wrap waitpid with TEMP_FAILURE_RETRY and use __WALL to make sure we reap all children
...
PiperOrigin-RevId: 242111281
Change-Id: I322623303487b0292c2aea53d6eae5d9f53d79b6
2019-04-05 05:50:12 -07:00
Kevin Hamacher
77ad64ac30
Use high FD numbers in the forkserver to avoid collision with FDs mapped by the user
...
PiperOrigin-RevId: 242106285
Change-Id: I0f4bd130f8e66e6b47ad1d7311e0fff519aa9e90
2019-04-05 04:51:41 -07:00
Kevin Hamacher
1dd0428713
Add missing chdir() in the init process
...
PiperOrigin-RevId: 239425921
Change-Id: Ia1b02ae0a2f319faa601d6098a9f94a3043656a8
2019-03-20 10:36:11 -07:00
Kevin Hamacher
5d216fb191
Only spawn init processes when using PID NS
...
PiperOrigin-RevId: 239169620
Change-Id: I9f26cfab90189a1baa5b87a700ce892cf0c95a89
2019-03-19 05:14:29 -07:00
Christian Blichmann
177b969e8c
Sandboxed API OSS release.
...
PiperOrigin-RevId: 238996664
Change-Id: I9646527e2be68ee0b6b371572b7aafe967102e57
Signed-off-by: Christian Blichmann <cblichmann@google.com>
2019-03-18 19:00:48 +01:00