sandboxed-api

StarMirror/sandboxed-api

Fork 0

mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

Commit Graph

Select branches

Hide Pull Requests

main

#1

#100

#101

#103

#105

#106

#107

#108

#11

#110

#111

#112

#113

#114

#115

#116

#117

#119

#12

#120

#121

#123

#124

#125

#127

#13

#130

#131

#133

#134

#135

#136

#137

#138

#139

#140

#141

#143

#144

#146

#147

#148

#149

#15

#150

#151

#156

#157

#160

#161

#162

#17

#171

#172

#2

#21

#22

#24

#26

#3

#30

#33

#34

#36

#37

#38

#39

#4

#40

#44

#45

#46

#48

#49

#5

#50

#51

#52

#53

#54

#55

#56

#57

#58

#59

#6

#60

#61

#62

#63

#64

#65

#66

#67

#68

#69

#75

#78

#8

#80

#81

#82

#83

#84

#85

#87

#91

#92

#93

#95

#96

#98

#99

latest

v20190318

v20190823

6986af58bb IWYU fixes Wiktor Garbacz 2023-08-23 09:03:05 -0700
696d0eed11 Add IWYU pragma Wiktor Garbacz 2023-08-23 07:13:39 -0700
9dcc9db919 Replace StrError with PLOG Wiktor Garbacz 2023-08-23 04:08:02 -0700
41003aae83 Automated rollback of commit 1e26cd50dc. Sandboxed API Team 2023-08-22 07:11:27 -0700
c4660f8a6e Provide sealing flags if not defined in the headers Wiktor Garbacz 2023-08-22 06:20:49 -0700
e75be07bb0 Automated rollback of commit 9c21744460. Wiktor Garbacz 2023-08-22 03:59:08 -0700
8a6b689c29 Cleanup includes Wiktor Garbacz 2023-08-22 03:04:00 -0700
632fdc639d Add missing includes Wiktor Garbacz 2023-08-22 02:55:35 -0700
1e26cd50dc Always override forkservers comms_fd in sandboxee Wiktor Garbacz 2023-08-21 02:15:12 -0700
56d11ae733 Client::PrepareEnvironment simplify by supporting just a single preserved fd Wiktor Garbacz 2023-08-18 06:52:10 -0700
1e9b686c4f Make Comms movable Wiktor Garbacz 2023-08-18 04:40:43 -0700
08b81b52e0 Internal change Wiktor Garbacz 2023-08-18 04:10:04 -0700
bf9fe79dbe Introduce a SAPI_RAW_VLOG_IS_ON just for raw_logging Wiktor Garbacz 2023-08-18 03:11:57 -0700
ff23e878d3 Prefer regular logging to raw_logging Wiktor Garbacz 2023-08-18 02:42:41 -0700
b258535161 Treat libunwind sandbox as a ~regular sandboxee Wiktor Garbacz 2023-08-17 13:32:10 -0700
6a64659fac Use default SAPI policy in the examples Wiktor Garbacz 2023-08-17 12:33:36 -0700
77fbfa7f5f forkserver: use eventfd instead pipe for initial namespace creation Wiktor Garbacz 2023-08-17 03:01:23 -0700
5d13550877 Allow set_robust_list for TSAN Wiktor Garbacz 2023-08-17 02:52:04 -0700
18c64ae10f Adjust sandboxed_api default policy Wiktor Garbacz 2023-08-17 02:51:24 -0700
f378d22405 Clang tool: Skip protobuf namespaces when emitting headers Christian Blichmann 2023-08-17 01:57:58 -0700
0a0bf05dc3 Readd VLOGs removed by mistake Wiktor Garbacz 2023-08-17 01:12:41 -0700
7d78b89777 Fix typo. Sandboxed API Team 2023-08-16 14:13:04 -0700
034f24001e In Sandbox2 IPC class, add a MapDupedFd() function to allow application to retain ownership of the local_fd. Sandboxed API Team 2023-08-16 10:57:58 -0700
abd3faf51b monitor_unotify: Use eventfd instead of pipe for notifications Wiktor Garbacz 2023-08-16 07:28:29 -0700
7a57d32711 forkserver: Remove waitpid flag Wiktor Garbacz 2023-08-16 01:32:33 -0700
c501379056 Clang tool: Prevent extra nesting of namespaces Christian Blichmann 2023-08-16 01:17:11 -0700
1c2596785b Clearer logs on execveat failures Wiktor Garbacz 2023-08-15 23:30:02 -0700
ae3d334cc2 generator2: Skip anonymous structs/unions Christian Blichmann 2023-08-15 05:20:14 -0700
352d1f8fb2 Clang tool: Emit aggregates with default initialized members Christian Blichmann 2023-08-14 06:13:51 -0700
8b70461db4 Automated rollback of commit a946cedc95. Wiktor Garbacz 2023-08-11 04:54:21 -0700
a946cedc95 PtraceMonitor: Add a hard deadline for waiting for kill to take effect Wiktor Garbacz 2023-08-11 02:00:42 -0700
01e14e0bb7 Fix bypass for enabling ptrace/bpf Wiktor Garbacz 2023-08-11 01:33:46 -0700
3079d2b4e0 Make Policy a simple copyable type Wiktor Garbacz 2023-08-09 06:43:50 -0700
c14312c3a2 Kill on each iteration of graceful exit loop Wiktor Garbacz 2023-08-09 05:59:49 -0700
999336a27d Buildkite: Add specific version for 'clang' Python package Christian Blichmann 2023-08-08 04:48:14 -0700
48bbb06fe7 Move log warning about non-namespaced stacktraces Wiktor Garbacz 2023-08-07 09:06:31 -0700
4890c86cec Mark GetNamespaceDescription const Wiktor Garbacz 2023-08-07 06:46:50 -0700
dd664400d7 More verbose logging on graceful exit timeout Wiktor Garbacz 2023-08-07 00:27:17 -0700
0a0ac6a66b Automated rollback of commit 4d625e521b. Sandboxed API Team 2023-08-03 11:22:30 -0700
7722c07d0c Mark Mounts::RecursivelyListMounts() const Wiktor Garbacz 2023-08-03 07:39:37 -0700
4d625e521b Move log warning about non-namespaced stacktraces Wiktor Garbacz 2023-08-03 07:37:13 -0700
3f9e9a2b25 Make Namespace copyable, movable and copy/move assignable Wiktor Garbacz 2023-08-03 06:20:21 -0700
29b7b49325 Use return value directly instead of SAPI_ASSIGN_OR_RETURN dance Wiktor Garbacz 2023-08-03 05:45:16 -0700
fc8a2340c7 Rename GetCloneFlags Wiktor Garbacz 2023-08-03 05:41:58 -0700
8fbe21ce0e Really give priority to main_pid Wiktor Garbacz 2023-08-02 08:41:59 -0700
3bbb98c494 Better error when calling RunAsync on a Sandbox2 instance twice Wiktor Garbacz 2023-08-02 06:43:35 -0700
1c960e8389 EmbedFile: Reopen memfds as readonly to workaround problems with CRIU Wiktor Garbacz 2023-08-02 05:27:05 -0700
eaa175c8d2 Sandbox2: Remove file sealing for in-memory files. Oliver Kunz 2023-07-25 05:04:08 -0700
04ed89906b Adding AllowOpen to AllowLlvmSanitizers to avoid having to add AllowOpen in addition when it's only needed for running under the sanitizers. Oliver Kunz 2023-07-25 04:37:13 -0700
9d1d4b7fd3 Disallow AddPolicyForSyscalls with an empty list Wiktor Garbacz 2023-07-21 02:24:03 -0700
e86462db77 Remove redundant buffer test Wiktor Garbacz 2023-07-21 01:53:00 -0700
7683f6995b Do not use GIT in FetchContent_Declare Wiktor Garbacz 2023-07-19 05:19:41 -0700
25f27ef935 Allow replacing a read-only node with writable for same target Wiktor Garbacz 2023-07-18 02:44:18 -0700
4ba75ea0a2 Allow TCMalloc users access to the possible cpus list. Chris Kennelly 2023-07-17 09:30:34 -0700
f0e85cea13 Introduce AddFile(At)IfNamespaced/AddDirectory(At)IfNamespaced Wiktor Garbacz 2023-07-17 01:58:05 -0700
39026f7678 Internal Code Change Sandboxed API Team 2023-07-14 00:29:58 -0700
a3fa7d27d5 Internal Code Change Sandboxed API Team 2023-07-12 22:13:01 -0700
619030326c Internal Code Change Sandboxed API Team 2023-07-12 01:09:06 -0700
5dd7584e55 Propagate compatible_with through sapi_library. Oliver Kunz 2023-07-10 05:06:47 -0700
a94b17d821 Use Protobuf's AbslStringify to stringify protos. Sandboxed API Team 2023-06-26 00:32:40 -0700
64ac98bf4d Sandbox2: Remove commented out include Christian Blichmann 2023-06-23 00:46:16 -0700
0463298780 Sandbox2: Improve logging of syscall information. Oliver Kunz 2023-06-21 06:11:17 -0700
cf43c0f02c Allow prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, ...) with tcmalloc Sandboxed API Team 2023-06-16 09:33:25 -0700
93c1423b15 sandbox2: Provide sandboxee rusage when using unotify monitor Kevin Hamacher 2023-06-16 04:36:42 -0700
66aeb6e59d Error out if invalid custom forkserver path is specified Kevin Hamacher 2023-06-15 03:16:25 -0700
04cb14791e Clang tool: Enable incremental pre-processing Christian Blichmann 2023-06-13 01:03:52 -0700
f2048d028f Clang tool: Force-undefine feature preprocessor defines Christian Blichmann 2023-06-13 00:37:30 -0700
654668fc4e stack_trace: avoid copying /proc/{pid}/exe if possible Wiktor Garbacz 2023-06-12 00:14:06 -0700
045ace8dcb Update Google dependencies Christian Blichmann 2023-06-09 03:21:27 -0700
4034fd6240 GitHub Actions: Add workflow to auto-create a pre-release on push Christian Blichmann 2023-06-08 07:39:03 -0700
67d5f1b23f GitHub Actions: Upload artifact for header generator Christian Blichmann 2023-06-08 01:37:42 -0700
b0547f3506 GitHub workflows: Migrate to turtlesec-no/get-ninja Christian Blichmann 2023-06-07 20:59:53 -0700
72452e1582 Mostly internal change: Optimize OSS transforms Christian Blichmann 2023-06-07 02:22:31 -0700
6cd83d68de Fix deadlock in forkserver if setting ns fails Wiktor Garbacz 2023-05-30 05:48:55 -0700
1c7dfdac12 Bazel: Remove obsolete WORKSPACE dependencies Christian Blichmann 2023-05-30 05:33:42 -0700
7ba0a794d1 Fix check for init process Wiktor Garbacz 2023-05-16 08:50:32 -0700
340ca4f37a GitHub Worklows: Update OS/compiler matrix, deprecate GCC 6 and 7 Christian Blichmann 2023-05-16 04:22:57 -0700
cc8b5fb4fc GitHub Workflows: Prefix worklow names with OS name Christian Blichmann 2023-05-16 04:05:31 -0700
434de99233 GitHub Workflows: Update to actions/checkout@v3 Christian Blichmann 2023-05-16 04:03:17 -0700
1bf9437f95 Add GitHub workflow to build Clang tool based header generator Christian Blichmann 2023-05-15 23:45:20 -0700
70e3d9f560 ...remove deprecated SetWallTimeLimit variant. Sandboxed API Team 2023-05-12 05:22:11 -0700
b6cc0ce80d CMake: Make the path to the Clang tool configurable Christian Blichmann 2023-05-12 00:29:13 -0700
4925df5419 CMake: Add option to link the Clang libraries statically into the header generator Christian Blichmann 2023-05-11 08:35:29 -0700
9299156727 CMake: Use toolchain info for system includes Christian Blichmann 2023-05-11 08:19:37 -0700
a078043f8e CMake: Increase minimum required LLVM version to 11 Christian Blichmann 2023-05-11 08:04:13 -0700
bfa0186f72 CMake: Rename option to enable the Clang tool based header generator Christian Blichmann 2023-05-11 07:52:12 -0700
4ec1c6be64 CMake: Update policy settings to 3.26 Christian Blichmann 2023-05-11 07:50:03 -0700
9b307fc204 Remove leftover stack_trace sources from sandbox2 target Wiktor Garbacz 2023-05-11 04:58:45 -0700
5b12071ba0 Remove WaitForSanitizers from ptrace monitor & add to global forkserver Wiktor Garbacz 2023-05-10 05:05:31 -0700
fb1571c801 Automated rollback of commit f6fd27618b. Kevin Hamacher 2023-05-04 06:53:04 -0700
7e9f6c3df3 Fix typo Christian Blichmann 2023-05-04 00:46:12 -0700
9ab20c5411 Implements the ability to control who is allowed to enable unrestricted networking. Oliver Kunz 2023-05-03 23:29:00 -0700
f6fd27618b Automated rollback of commit 8c53262539. Sandboxed API Team 2023-05-03 08:43:42 -0700
8c53262539 Allow forkserver to use waitpid as alternative to sa_nochldwait Kevin Hamacher 2023-05-03 06:39:45 -0700
a5bad44fac Fix wrong pytype annotation Wiktor Garbacz 2023-03-31 11:29:35 -0700
0caa3e740c Do not expose forkserver.h Wiktor Garbacz 2023-03-30 00:48:35 -0700
5efae5cdf5 Do not exit from within ForkServer to get more precise coverage data Wiktor Garbacz 2023-03-29 02:21:31 -0700
a4d602298b Dump coverage prior to execveat Wiktor Garbacz 2023-03-28 05:50:06 -0700
1755ba08e1 Internal Code Change Wiktor Garbacz 2023-03-27 08:13:20 -0700
9f2ba9d6a1 Comms constructor for non abstract sockets Sandboxed API Team 2023-03-23 07:33:49 -0700