Commit Graph

  • 3990ff23f4 Automated Code Change main Oliver Kunz 2024-03-11 01:14:04 -0700
  • d33fe262b9 We have deprecated sapi:✌️:NullPtr earlier this year. Users of SAPI can now pass directly a nullptr to the sandboxed API function. We believe that this will reduce development efforts and improve readability. Oliver Kunz 2024-03-11 01:13:16 -0700
  • 64ed644f73 Include-what-you-use fix Christian Blichmann 2024-03-07 06:47:38 -0800
  • c6bab97690 Added more descriptive Syscall argument types, and an API for introspecting arguments. Sandboxed API Team 2024-03-05 11:06:15 -0800
  • 1f390c279e Adding API for getting the current PolicyBuilder status. Sandboxed API Team 2024-03-05 10:35:10 -0800
  • c8a26fbfa0 Replace usages of deprecated sapi:✌️:NullPtr Wiktor Garbacz 2024-02-29 07:24:30 -0800
  • 86e356b7ee Add Sandbox::AllocateAndTransferToSandboxee utility function. Oliver Kunz 2024-02-28 10:38:26 -0800
  • 180aa03603 Internal change Kevin Hamacher 2024-02-28 07:36:18 -0800
  • e7c5de0db8 Fix sapi:✌️:Proto<T>::FromMessage Wiktor Garbacz 2024-02-28 06:00:44 -0800
  • f7f4cdb458 More complete error handling in SerializeProto Wiktor Garbacz 2024-02-28 05:46:27 -0800
  • 2430bc8ae8 Use sandboxed libunwind also with sanitizers Wiktor Garbacz 2024-02-27 04:35:44 -0800
  • 2cacad6008 var_abstract: Use the string representation of Type. Oliver Kunz 2024-02-21 05:11:15 -0800
  • 008b45c9b7 PolicyBuilder: ignore duplicate calls to more complex helpers Wiktor Garbacz 2024-02-19 06:13:03 -0800
  • 34f129dc51 Comms: Always use the inline buffer Wiktor Garbacz 2024-02-14 07:12:01 -0800
  • 4f93af65e6 Improve documentation of TransferToSandboxee() and TransferFromSandboxee(). Oliver Kunz 2024-02-12 04:20:52 -0800
  • 597b4430ba GitHub workflows: Combine SAPI generator build and "prerelease" Christian Blichmann 2024-02-06 07:47:29 -0800
  • 229651db0f Test Generator Workflow Christian Blichmann 2024-02-06 14:03:57 +0100
  • 49a0e5be04 Test Generator workflow Christian Blichmann 2024-02-06 11:06:03 +0100
  • f708270f35 Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder latest A. Cody Schuffelen 2024-02-02 13:00:50 -0800
  • 044ba1cb90 Return ENOSYS instead of hard denying clone3 Wiktor Garbacz 2024-02-01 04:38:24 -0800
  • 29a3b8cd39 Add AllowAccess to SAPI's default policy Wiktor Garbacz 2024-02-01 02:51:09 -0800
  • b9c84a1f75 Allow restartable sequences access to poll. Chris Kennelly 2024-01-30 23:47:46 -0800
  • 0e98cceb32 Permit TCMalloc to use MAP_FIXED_NOREPLACE. Chris Kennelly 2024-01-29 23:13:24 -0800
  • f2840b37a3 NullPtr: Change SAPI to accept regular nullptr for sandboxed API calls. Oliver Kunz 2024-01-29 03:22:32 -0800
  • fa5360351b Use absl::string_view consistently Wiktor Garbacz 2024-01-21 23:42:05 -0800
  • 25cfb5ef03 Adding missing syscalls to the syscall tables. Sandboxed API Team 2024-01-19 16:45:34 -0800
  • 824d894822 Make sandbox2::SyscallTable::GetEntry public and add new helper GetEntries. Sandboxed API Team 2024-01-19 16:27:34 -0800
  • 28b45670c2 Allow sched_getaffinity in AllowLlvmSanitizers Wiktor Garbacz 2024-01-16 05:18:20 -0800
  • fbfc2b9eac Handle prlimit64 in Allow*RLimit Wiktor Garbacz 2024-01-16 03:59:28 -0800
  • 9a06f3ac0c Change the order of including system include paths. Sandboxed API Team 2024-01-08 11:38:26 -0800
  • a56660f542 Allow restartable sequences' mmaps to name their VMAs. Chris Kennelly 2024-01-08 07:56:48 -0800
  • fc610b7c7a Fix UB caused by uninitialized value. Sandboxed API Team 2024-01-03 01:48:04 -0800
  • 1339d0b7f2 Remove unneeded include Wiktor Garbacz 2023-12-29 01:29:46 -0800
  • 52babc15d4 logserver: Support non-UTF8 log messages Wiktor Garbacz 2023-12-28 06:34:29 -0800
  • e5370e93ca Minor cleanups, no functional change. Sandboxed API Team 2023-12-27 13:39:18 -0800
  • 36e4b80f9a Introduce and prefer AllowMmapWithoutExec Wiktor Garbacz 2023-12-27 02:50:16 -0800
  • 1255f57108 Provide an option to use the unotify monitor instead of the ptrace monitor. Oliver Kunz 2023-12-14 00:47:34 -0800
  • 0a992b683f Add special handling for global forkserver Wiktor Garbacz 2023-12-13 03:33:36 -0800
  • d95df64ebb Add a test for custom forkserver Wiktor Garbacz 2023-12-12 06:52:38 -0800
  • 39e49549e6 The current implementation of Sandbox::Terminate results in timeout's being reported to coroner in cases where a Restart or Terminate with graceful exit is requested. Oliver Kunz 2023-12-08 07:47:19 -0800
  • 19d8f4729a Add clone3 to syscall defs Wiktor Garbacz 2023-12-07 00:45:41 -0800
  • 4d34bdb145 Integrate LLVM at llvm/llvm-project@3287ae8f65 Dmitri Gribenko 2023-11-29 10:13:12 -0800
  • 5ed720eeb1 SAPI_RAW_CHECK expects NUL-terminated strings Wiktor Garbacz 2023-11-29 01:02:56 -0800
  • a0ba1c520f Enable the ability to change the sandboxee's malloc implementation. The default is set to "@bazel_tools//tools/cpp:malloc", which is also the default for Bazel's cc_binary [1]. Oliver Kunz 2023-11-16 10:00:29 -0800
  • 9a171c7e5f Fix quoting for fedora build action Wiktor Garbacz 2023-11-14 07:20:32 -0800
  • dc8bcc9d48 Update github actions OS and dependencies versions Wiktor Garbacz 2023-11-14 05:27:42 -0800
  • 15fb5b9608 Allow sigaltstack Wiktor Garbacz 2023-11-13 04:21:53 -0800
  • bc3c0ec17a Internal change Wiktor Garbacz 2023-11-10 07:26:28 -0800
  • 1bad376e42 Block sigaltstack with ENOSYS by default Wiktor Garbacz 2023-11-09 06:31:38 -0800
  • 6f90a6ef2a don't drop CAP_SYS_PTRACE as it is apparently needed by sandbox running as root when combined with apparmor (or possibly yama) LSM Sandboxed API Team 2023-11-02 00:41:55 -0700
  • 79ab44c981 drop almost all capabilities during sandbox creation Sandboxed API Team 2023-10-31 01:31:00 -0700
  • 4630346fd1 Fix unaligned load Wiktor Garbacz 2023-10-27 00:34:21 -0700
  • 0940a9ee4a Export config.h from syscall.h for sapi::cpu::Architecture Wiktor Garbacz 2023-09-29 02:32:09 -0700
  • 37a7432178 Remove deprecated comms functions Wiktor Garbacz 2023-09-26 05:44:21 -0700
  • fadfa79d7a Add missing return Wiktor Garbacz 2023-09-24 23:46:23 -0700
  • ee7b76f592 Automated rollback of commit 4ae281b6a2. Sandboxed API Team 2023-09-21 06:17:00 -0700
  • 4ae281b6a2 Remove deprecated comms functions Wiktor Garbacz 2023-09-21 02:30:34 -0700
  • 9a985f91a7 Replace use of deprecated sandbox2::Comms functions Wiktor Garbacz 2023-09-19 23:54:18 -0700
  • 227daf4a42 Do 1 level of recursion on libunwind crashes Wiktor Garbacz 2023-09-19 06:49:17 -0700
  • 1cf45be7df Refactor Comms to split out listening/connecting part Wiktor Garbacz 2023-09-19 05:13:40 -0700
  • d26262d82e Remove stale comment Wiktor Garbacz 2023-09-19 02:04:07 -0700
  • 37b3a51ca6 Use empty instead of length Sandboxed API Team 2023-09-18 00:46:15 -0700
  • f5830c93cd Ensure that TCMalloc can execute NumCPUs. Chris Kennelly 2023-09-15 08:20:33 -0700
  • 700f8fa547 Skip sanitizers for limits_test Wiktor Garbacz 2023-09-15 04:56:38 -0700
  • 1475458939 namespace_test: use lstat instead of stat, don't descent into procfs & sysfs Wiktor Garbacz 2023-09-14 02:08:31 -0700
  • b47a5ead07 Add TCMalloc related files to test policy Wiktor Garbacz 2023-09-13 09:05:53 -0700
  • 4289b64aa7 Disallow clone3, unsafe clone and unshare flags Wiktor Garbacz 2023-09-12 06:29:54 -0700
  • 77f62ccb1f Remove unused NetworkProxyClient::ConnectHandler Wiktor Garbacz 2023-09-08 07:50:09 -0700
  • f614862e07 Remove deprecated VecStringToCharPtrArr Wiktor Garbacz 2023-09-07 03:08:44 -0700
  • b350a41a10 Gather more coverage data Wiktor Garbacz 2023-09-07 02:42:26 -0700
  • f6ec787902 PtraceMonitor: Add a hard deadline for waiting for kill to take effect Wiktor Garbacz 2023-09-06 04:28:43 -0700
  • 98d7f91b4d Run more tests with sanitizers and coverage Wiktor Garbacz 2023-09-05 07:13:08 -0700
  • 92aeadddee PolicyBuilder: test error conditions for AddPolicyOnSyscalls Wiktor Garbacz 2023-09-05 07:13:06 -0700
  • 02d770adcc NetworkProxyTest: test more error conditions Wiktor Garbacz 2023-09-05 02:16:47 -0700
  • b088c01ab2 Add missing Aarch64 syscall entries Wiktor Garbacz 2023-09-05 02:02:46 -0700
  • 5f9698612e Better network proxy tests Wiktor Garbacz 2023-09-05 00:56:21 -0700
  • 3ea315858d Remove mutexes from Comms Wiktor Garbacz 2023-09-04 07:00:19 -0700
  • 197f03aa5b Adjust code so that variable name is correct Wiktor Garbacz 2023-09-04 03:12:46 -0700
  • e23acfd7e7 Made slight optimizations in Sandbox2's comms. Jaeden Quintana 2023-08-31 13:49:41 -0700
  • 2c9ac02b68 Rework network_proxy related tests/examples Wiktor Garbacz 2023-08-31 06:05:17 -0700
  • a0eb8d4445 Increase limits in ElfParser Sandboxed API Team 2023-08-31 05:00:56 -0700
  • dc25251af9 Enable sandboxed stack traces for coverage Wiktor Garbacz 2023-08-31 04:05:12 -0700
  • f715bd8ba9 Run more tests with coverage enabled Wiktor Garbacz 2023-08-31 00:43:30 -0700
  • 47c868e6b1 Merge block bpf/ptrace tests Wiktor Garbacz 2023-08-30 07:46:35 -0700
  • 5802d5b681 Refactor Forkserver::LaunchChild Wiktor Garbacz 2023-08-30 07:11:49 -0700
  • 09a48bac06 Reduce CHECK-failures in unotify monitor Wiktor Garbacz 2023-08-30 02:55:35 -0700
  • 4a6b0d4633 Always override forkservers comms_fd in sandboxee Wiktor Garbacz 2023-08-30 02:20:25 -0700
  • 0150026d38 Make PolicyBuilder helpers more self-contained Wiktor Garbacz 2023-08-29 08:11:31 -0700
  • 37f00991b9 Final round of IWYU fixes for Sandbox2 Wiktor Garbacz 2023-08-25 06:49:42 -0700
  • c04ef4572c CMake: Re-add missing library deps due to bad merge Christian Blichmann 2023-08-25 01:48:53 -0700
  • 7de1c4d8d0 More IWYU annotations Wiktor Garbacz 2023-08-25 00:34:12 -0700
  • c175ac2c20 Fix missing dep for users of SANDBOX2_TRACE Wiktor Garbacz 2023-08-25 00:33:34 -0700
  • edde724ab9 Internal change Wiktor Garbacz 2023-08-24 23:54:54 -0700
  • 8254d13faf Reenable the stack_trace_test Wiktor Garbacz 2023-08-24 09:11:12 -0700
  • d5ff466c59 Support passing stderrthreshold to sandboxee Christian Blichmann 2023-08-24 08:57:49 -0700
  • 3adc232a07 Add missing dependencies bazel/BUILD Wiktor Garbacz 2023-08-24 07:08:37 -0700
  • 127176d72f Bulk IWYU and build_cleaner fixes Wiktor Garbacz 2023-08-24 06:23:03 -0700
  • 38e5be910e Temporarily disable a non-sandboxed crash stack_trace_test Wiktor Garbacz 2023-08-24 05:59:17 -0700
  • eaf8ef88c4 Sandboxed API: Env vars: Set GOOGLE_STDERRTHRESHOLD used by OSS Abseil Christian Blichmann 2023-08-24 04:49:40 -0700
  • 0036d9d09f Update Abseil Wiktor Garbacz 2023-08-24 01:58:26 -0700