This is a preparatory step to introduce a Sandbox2 mode that does not use ptrace.
PiperOrigin-RevId: 503919613
Change-Id: I446adecc66e697c592ad938627fbfdbea12516e1
If the platform does not have `std::string_view` (i.e. `absl::string_view` is not an alias of `std::string_view`) the lookup will cause build failure.
PiperOrigin-RevId: 503159858
Change-Id: Ide8229ae0219d1cb6f3b36aba26da8d53183bc4b
Libunwind sandbox no longer needs to join sandboxee's userns.
This cleans up a lot of special handling for the libunwind sandbox.
PiperOrigin-RevId: 503140778
Change-Id: I020ea3adda05ae6ff74137b668a5fa7509c138f8
when the sandboxee did not exit normally.
Disabled by default, enabled with a flag.
PiperOrigin-RevId: 502807175
Change-Id: Icb5236cbfac0168a2d855c68967f7a1e8bd13fe3
New wrappers:
- `AllowEpollWait` (`epoll_wait`, `epoll_pwait`, `epoll_pwait2`)
- `AllowInotifyInit` (`inotify_init`, `inotify_init1`)
- `AllowSelect` (`select`, `pselect6`)
- `AllowDup` (`dup`, `dup2`, `dup3`)
- `AllowPipe` (`pipe`, `pipe2`)
- `AllowChmod` (`chmod`, `fchmod`, `fchmodat`)
- `AllowChown` (`chown`, `lchown`, `fchown`, `fchownat`)
- `AllowReadlink` (`readlink`, `readlinkat`)
- `AllowLink` (`link`, `linkat`)
- `AllowSymlink` (`symlink`, `symlinkat`)
- `AllowMkdir` (`mkdir`, `mkdirat`)
- `AllowUtime` (`utime`, `utimes`, `futimens`, `utimensat`)
- `AllowAlarm` (`alarm`, `setitimer`)
- `AllowGetPGIDs` (`getpgid`, `getpgrp`)
- `AllowPoll` (`poll`, `ppoll`)
Updated wrappers:
- `AllowOpen` now includes `creat`. `openat` already grants the ability to create files, and is the designated replacement for `creat` on newer platforms.
- `AllowStat` now includes `fstatfs` and `fstatfs64`. The comment already claimed that these syscalls were included; I believe they were omitted by accident.
- `AllowUnlink` now includes `rmdir`. `unlinkat` already grants the ability to remove empty directories, and is the designated replacement for `rmdir` on newer platforms.
PiperOrigin-RevId: 495045432
Change-Id: I41eccb74fda250b27586b6b7fe4c480332e48846
On successful completion, `unw_step()` returns a positive value
if the updated cursor refers to a valid stack frame,
or `0` if the previous stack frame was the last frame in the
chain. On error, the negative value of one of the error-codes
below is returned.
PiperOrigin-RevId: 491588164
Change-Id: Ie361023ef69eed6c895856832a8208f2791f644d
Follow-up changes might be required to fully fix up the contrib sandboxes.
PiperOrigin-RevId: 482475998
Change-Id: Iff631eb838a024b2f047a1be61bb27e35a8ff2f4
This change allows Sandbox2 to change how the default FD for comms is chosen.
PiperOrigin-RevId: 479526309
Change-Id: I69add85a244bc0385eaa164ab0ea3b036503c6d3
This is to abstract the FD number away, so that we can change the way the FD number is chosen/communicated.
PiperOrigin-RevId: 479282707
Change-Id: Ic6726bcd0a17e97bde60804476ecbca2ffbf6525
We have removed an internal-only sandbox mechanism that has been deprecated
for years. Some formatting/include changes may leak into the OSS version.
PiperOrigin-RevId: 475230500
Change-Id: Ib4efdf3282529ea50e8302e5ef7acfdd7d4c68e5
If it isn't, assume that the process has exited and the event msg contains an exit code.
PiperOrigin-RevId: 471258449
Change-Id: I44408c30fe7fb39e20b55cea871f3efb68fcde67
Instead of doing waitpid() and processing one thread at a time, gather all waiting threads and then process them.
This avoids starving older threads when newer threads raise a lot of events.
PiperOrigin-RevId: 466366533
Change-Id: I81a878f038feac86407a8e961ecba181004f0f8a