Commit Graph

953 Commits

Author SHA1 Message Date
Wiktor Garbacz
1be4d04f4e Avoid tail-call optimization in "violate" testcase
PiperOrigin-RevId: 364523883
Change-Id: I5e43534d7db37b4c16f18fc3326714664ab0ae00
2021-03-23 03:51:09 -07:00
Vincenzo Petrolo
34dcd72d7d
fix typo
Signed-off-by: Vincenzo Petrolo <vincenzo@kernel-space.org>
2021-03-22 13:08:58 +01:00
Wiktor Garbacz
df840ae38f Fix order-dependent test.
PiperOrigin-RevId: 363639702
Change-Id: I39f7ca1b4a2c65fe027bcc6ed71b10c2dcf46ca0
2021-03-18 05:56:40 -07:00
Christian Blichmann
03bf9f72c0 Replace usage of deprecated functions within Sandboxed API
PiperOrigin-RevId: 363637782
Change-Id: I804d60fb3990f891416f06d36cb71b094daf3e37
2021-03-18 05:39:50 -07:00
Martijn Vels
753eacd314 Reduce requirements for restartable sequences
PiperOrigin-RevId: 361780465
Change-Id: I299bc55c94d60575e16f0ea6b5f82b8b793af1cb
2021-03-09 04:33:29 -08:00
Martijn Vels
b30d56e871 Add policy helper to allow restartable sequences
PiperOrigin-RevId: 360266444
Change-Id: I0a3d2d071972bf7d6e7114a428c6954ed4bcef5c
2021-03-01 13:39:42 -08:00
Wiktor Garbacz
9979faf752 Internal change
PiperOrigin-RevId: 359245243
Change-Id: I1acea38c070e4533a0860152c66f8dbcf8c6fb7a
2021-02-24 03:06:55 -08:00
Sandboxed API Team
508c7066a6 asan uses mmap() internally, so allow mmap() calls in asan builds
PiperOrigin-RevId: 358802336
Change-Id: I26fa891cc9fffcfd32f6b18a63b39d6f2282ff7d
2021-02-22 06:02:35 -08:00
Wiktor Garbacz
298271f0a7 Deprecate IPC::comms()
PiperOrigin-RevId: 358380648
Change-Id: Iaf8f7dc0890be0e7e910649c6f519504f6b0a1a5
2021-02-19 04:43:14 -08:00
Wiktor Garbacz
3d0fa1f891 Replace GetNode with ResolvePath in Mounts
Now unwinding will properly handle binaries inside bind-mounted directories.

Drive-by:
 - Get rid of n^2 path handling
 - Get rid of namespace alias
PiperOrigin-RevId: 358353666
Change-Id: Ieec7690ec6a1ae6d358de375220566b69e8cb094
2021-02-19 00:43:34 -08:00
Sandboxed API Team
ec64f47bba Adds IsRetryable() method to Result class, currently just returns false.
Also fixes signature of `stack_trace()` method.

PiperOrigin-RevId: 356992845
Change-Id: I627caa9861cf7c0eb3496154504f0d948c789fb9
2021-02-11 09:34:23 -08:00
Christian Blichmann
11bb2c7fe2 Update Copybara config to add files from #83
PiperOrigin-RevId: 355587833
Change-Id: I40579d1d5a16a32a7228f440e6cca8862e2ee504
2021-02-04 03:07:12 -08:00
Copybara-Service
492cd11273 Merge pull request #83 from cblichmann:cmake-deps-1
PiperOrigin-RevId: 355585389
Change-Id: Ie8d22fed3e2876b31b61972c5afb7238e71ae34e
2021-02-04 02:47:13 -08:00
Christian Blichmann
6a58a29039 Make CMake superbuild behave more similar to FetchContent
- Move CMake superbuild files
- Drop use of `CMakeLists.txt.in` configure files
- Allow overriding dependency directories. For now, this should only be
  used by GitHub workflows. Will be expanded on later, possibly renaming
  the variables.

This change is one in a series to make it easier to consume/customize
Sandboxed API in downstream projects.

Drive-by:
- Update `.gitignore` to ignore clangd's `.cache` directory

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-02-03 18:15:15 +01:00
Christian Blichmann
42f540bc7e Be more strict about target_link_libraries()
Bazel readily enforces header visiblity for each target, CMake is more lenient.

PiperOrigin-RevId: 355407845
Change-Id: Ic59fa2162db8456d4c5cf4205c0fe42cc79874a9
2021-02-03 09:01:31 -08:00
Sandboxed API Team
637dc471ac Avoid buffer overflows when the sandboxee shrinks a shared buffer.
PiperOrigin-RevId: 355336078
Change-Id: I36aa106b3044cbc20b30718a12bd35d147c339c6
2021-02-02 23:59:12 -08:00
Wiktor Garbacz
0bbcb495ee Remove unneeded Executor ctors
absl::Span<const T> has an implicit ctor from container types.
PiperOrigin-RevId: 355155858
Change-Id: I70aea6b276b5e51f7682cba45bb2d4514cb1bc90
2021-02-02 06:55:30 -08:00
Christian Blichmann
e77099876a Update/rephrase README
PiperOrigin-RevId: 355129169
Change-Id: Ie2670f15d65c0075db7a639f61402278dde7b49c
2021-02-02 03:08:31 -08:00
Wiktor Garbacz
8cc018a242 Internal change
PiperOrigin-RevId: 355126142
Change-Id: Iba8e54095e94f55811a92243d8af85d893418909
2021-02-02 02:41:13 -08:00
Christian Blichmann
1840083919 Avoid complex designated initializer, initialize internal struct padding
The former is to fix compilation on GCC 7, the latter to satisfy MSAN.

PiperOrigin-RevId: 355114355
Change-Id: I5c89a65df16fe9338bcfa24b2e48c246d240ce62
2021-02-02 00:56:58 -08:00
Christian Blichmann
55a8373ec3 Avoid sanitizer macros use Abseil's where necessary
Using C++17 means we can get rid of many `#ifdef`s by using `if constexpr`.
This way, we ensure that both branches compile and still retain zero runtime
overhead.

Note that open source builds of Sandboxed API do not ship with sanitizer
configurations yet. This will be added in follow-up changes.

PiperOrigin-RevId: 354932160
Change-Id: I3678dffc47ea873919f0a8c01f3a7d999fc29a5b
2021-02-01 07:11:15 -08:00
Sandboxed API Team
6dcef3d5c9 Integrate LLVM at llvm/llvm-project@1c762a81d2
Updates LLVM usage to match
[1c762a81d20f](https://github.com/llvm/llvm-project/commit/1c762a81d20f)

PiperOrigin-RevId: 354567452
Change-Id: I29758805e7e2030d014bbc0007f5c548f119246f
2021-01-29 11:02:56 -08:00
Wiktor Garbacz
552a510777 Fix overload for Executor ctor calls with brace-initializers
PiperOrigin-RevId: 354319778
Change-Id: I7b47ef2de734683f9168ef80f8b29357532d51ff
2021-01-28 08:43:22 -08:00
Wiktor Garbacz
ec870c3d15 Simplify Executor ctor hierarchy
Also accept `absl::string_view` and `absl::Span<const std::string>` arguments.

Drive-by:
 - Move using declaration into namespace
PiperOrigin-RevId: 354271016
Change-Id: Iadd873377e51cac7fa3800aab1f9e85ff94bd4e9
2021-01-28 02:20:37 -08:00
Christian Blichmann
a617f4e8f0 Improvements to limits.h header
- Directly initialize member fields
- Reword comments

PiperOrigin-RevId: 354093192
Change-Id: I19852c3f2bd1b05ed280102b0bed1ea62d8c4adc
2021-01-27 08:05:25 -08:00
Copybara-Service
fb1822b579 Merge pull request #82 from cblichmann:main
PiperOrigin-RevId: 353870558
Change-Id: If51eb17a94ad0f42876e5fa980918532153c42e9
2021-01-26 08:18:57 -08:00
Christian Blichmann
d1e8ad94a8
Improve curl example
- Update sandbox policy (bring back inclusion of `/lib` to enable glibc
  resolver
- Better error handling using new `curl_util` library

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-01-26 17:01:02 +01:00
Christian Blichmann
6f33cef716 Allow FUTEX_WAKE for recent libc allocators
PiperOrigin-RevId: 353827808
Change-Id: I6d1509016297fd16bec0ae6ea263896a1af9dc37
2021-01-26 02:32:26 -08:00
Christian Blichmann
1459cc612e Cleanup, fix OSS Bazel build
Bazel 4.0.0 is less lenient in handling escape sequences.

PiperOrigin-RevId: 353827443
Change-Id: I972841464449ed2262a0ef486343ae1ed444ad3c
2021-01-26 02:29:08 -08:00
Christian Blichmann
2f58cfc77f Merge pull request #81 from cblichmann:main
PiperOrigin-RevId: 353812058
Change-Id: I500cab1c3f44ce24e321df3a3253710911feada9
2021-01-26 09:40:27 +01:00
Christian Blichmann
3a95d9df41 Fix cURL example
Due to a naming mixup in `oss-internship-2020/curl/CMakeLists.txt`, the
necessary `WriteToMemory()` callback was not linked into the sandboxee,
leading to a segfault in the sandboxee when trying to run the
tests/examples.

As another issue, cURL seems to call `sysinfo` and `rt_sigaction` in
recent versions and with recent libc.

Drive-by changes:
- Use the SAPI status macros instead of manually checking `absl::Status`
- Put tests in namespace
- Some Google C++-style fixes
- Start the mock test server only once per test suite

Fixes #72 for cURL.

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-01-25 17:01:54 +01:00
Wiktor Garbacz
b98bed9860 Internal change
PiperOrigin-RevId: 353233756
Change-Id: Ib658a3602097dc0288af592e21db373eb12e2077
2021-01-22 07:00:05 -08:00
Christian Blichmann
75bbd0e1c1 Internal change
Only externally visible changes should be a few changed includes as well as
some formatting changes.

PiperOrigin-RevId: 353226662
Change-Id: Iebf5be13774efcbd94c5d5a17b9b27e47275b229
2021-01-22 06:01:34 -08:00
Christian Blichmann
19fd11b91e Move GetInternalDataDependencyFilePath() into internal namespace
Implements #79

PiperOrigin-RevId: 351778836
Change-Id: I726837d8e75880bf5ddfb1a327249dd666adec53
2021-01-14 05:11:22 -08:00
Christian Blichmann
dbaf95c724 Move utility code into sandboxed_api/util
This change should make it less confusing where utility code comes from.
Having it in two places made sense when we were debating whether to publish
Sandbox2 separately, but not any longer.

Follow-up changes will move `sandbox2/util.h` and rename the remaining
`sandbox2/util` folder.

PiperOrigin-RevId: 351601640
Change-Id: I6256845261f610e590c25e2c59851cc51da2d778
2021-01-13 09:25:52 -08:00
Sandboxed API Team
b61b2a37b7 Add IsStarted() method to GlobalForkClient.
PiperOrigin-RevId: 351170872
Change-Id: I5544eb27962606a562ce79b97d508f841ec0dc56
2021-01-11 09:34:13 -08:00
Sandboxed API Team
3d737e3830 Automated rollback of commit 7440916b80.
PiperOrigin-RevId: 351144593
Change-Id: Ic1401e16dcf2b6b009a9f53395929e31a68cfa77
2021-01-11 06:58:30 -08:00
Maciej Szawłowski
7440916b80 Internal tests tweak.
PiperOrigin-RevId: 351138044
Change-Id: I98e27ca5f0ea456a906c5382aa22135f21c8a1d9
2021-01-11 06:07:45 -08:00
Wiktor Garbacz
451c24c1c4 Fix fd leak
Support swapping and move assignment in FDCloser

PiperOrigin-RevId: 351119550
Change-Id: I9865d2fcad029a440cab60328b8731f8e1dc340f
2021-01-11 03:33:27 -08:00
Wiktor Garbacz
e94ba3a16b Fix cURL example build
Fixes #76

PiperOrigin-RevId: 350728353
Change-Id: Iebc4a0a381fff379498b66dfa9238d33efa69ec1
2021-01-08 02:48:05 -08:00
Wiktor Garbacz
6dd0a52561 Use unique var name in SAPI_RETURN_IF_ERROR to avoid name clashes
PiperOrigin-RevId: 350724380
Change-Id: I07c11b1897043df188bbef7934b5a41185a82a79
2021-01-08 02:09:40 -08:00
Copybara-Service
918a409126 Merge pull request #78 from cblichmann:gen2-clang-path
PiperOrigin-RevId: 350524271
Change-Id: I46080c86c8e03f13a7468a73d752e968d5e9b56d
2021-01-07 03:19:55 -08:00
Christian Blichmann
f9b4083dee
Header generator: Enable to find latest Clang
This also allows to install `libclang1` instead of `libclang1-dev` as
one of the build dependencies on Ubuntu/Debian.

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-01-07 11:15:13 +01:00
Copybara-Service
f2e4817509 Merge pull request #75 from cblichmann:modules
PiperOrigin-RevId: 350351630
Change-Id: I3ccbadd8a12dee2ede87b9aeece95a115553c29c
2021-01-06 07:50:01 -08:00
Christian Blichmann
4ff125df7a
Reactivate cURL git submodule
- Fix commands in `README.md`

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2021-01-06 16:11:00 +01:00
Wiktor Garbacz
195ac67c9d Fix dependencies in CMake build
PiperOrigin-RevId: 350313683
Change-Id: I133594e930cd3a710b6053de64bc94894d872241
2021-01-06 02:34:53 -08:00
Wiktor Garbacz
a59cb96d52 Fix dependencies in add_sapi_library
PiperOrigin-RevId: 350307675
Change-Id: Ib3a085ad214690083fcf23a791f194c37223da11
2021-01-06 01:48:55 -08:00
Wiktor Garbacz
3e8a60c5b1 Fix raw_logging includes
PiperOrigin-RevId: 350142444
Change-Id: I15184e6e46594f7eecf75ff0a6f0961caa015f2d
2021-01-05 08:10:05 -08:00
Wiktor Garbacz
fe79c95a50 IWYU in sapi code generator
PiperOrigin-RevId: 350134692
Change-Id: I5389df8a02f6679a3881b20b599ff5d9fc81650e
2021-01-05 07:18:41 -08:00
Sandboxed API Team
142c35898c Allow TcMalloc to use membarrier syscall.
PiperOrigin-RevId: 348604579
Change-Id: Ibe54acc51597f36d1682368eb6baf1f8d45cf3dd
2020-12-22 02:50:16 -08:00