CMake already provides `CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES`, so there's
no need to invoke the compiler to determine system include directories.
For the Clang tool based header generator, adding the includes from the
current toolchain is strictly more correct than having it try and figure them
out itself (which will favor files from any installed libc++ and/or Clang).
PiperOrigin-RevId: 531207747
Change-Id: Icfcf7b495a0a5782c21a665984d9039d365db898
`SAPI_ENABLE_GENERATOR` => `SAPI_ENABLE_CLANG_TOOL`
This prepares further changes in this area.
PiperOrigin-RevId: 531201213
Change-Id: I56bd450e6ed2dd1dbbf45db2825a75c56d277037
This avoids a warning in newer CMake versions. For `CMP0083`, we still need to
explicitly select `NEW` behavior. `check_pie_supported()` will error if it is
unset even on later CMake versions.
PiperOrigin-RevId: 531200735
Change-Id: Icb17a00cac087bd6888f8a9b9f8dd837358a6090
This makes should ensure global forkserver will be single threaded before forking the sandboxees as it does not go through WaitAndFork.
Waiting for sanitizers is not needed in the monitor and should reduce latency
by 1 second for all sanitizer builds. Currently it'll always wait up to 1 seconds for the process to become single-threaded, which will never happen as monitor itself is running in a separate thread.
PiperOrigin-RevId: 530878018
Change-Id: Ie9f663848502f2738721861b0ba2dc6f3cc9f1c9
Allows to create a Comms with unix domain sockets that are not abstract. This allows to use Comms to talk across network namespaces
PiperOrigin-RevId: 518854724
Change-Id: I4fd65466bba9512f448b73bde367f38a0fbb584d
Fixes incorrect timeout calculation and increases the wakeup interval.
Also makes poll behave correctly in presence of signals.
PiperOrigin-RevId: 516514260
Change-Id: I035701e1bb351f9ad26157b59b13b4f300cc229a
Unotify based monitor should bring big performance wins
if the sandboxee heavily uses threading or signals.
Some of the features are not supported in that mode:
- execveat is always allowed instead of just the initial one
- stack traces are not collected on normal exit or if the process is terminated by signal
PiperOrigin-RevId: 515040101
Change-Id: Ia5574d34b4ff7e91e3601edb8c9cb913e011fbf6
When symbolize.cc is built with unwind tables function from the lib calling into symbolize.cc might be duplicated in stack trace (libunwind fallback to LR)
PiperOrigin-RevId: 514324815
Change-Id: I76ee4ccf5aaf388924714284d9896fa367f5f752
Running with a permissive test policy should not interfere with sanitizers
or coverage.
Most tests should run with such a permissive policy.
The exception are tests which actually tests policy enforcement.
PiperOrigin-RevId: 513548936
Change-Id: I9a4c2cc8074997cff08cc22d15f4736219ce4d63
Check unwinding recursive calls.
Verify we can unwind in absence of unwind tables.
PiperOrigin-RevId: 513506498
Change-Id: Ib87240b7481dae3a4513c944e17a7924a54926e9