StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Christian Blichmann 64ed644f73 Include-what-you-use fix 
PiperOrigin-RevId: 613568060
Change-Id: Ic81d933b7d16a2dc2ec06d3c2fd127713e608602
2024-03-07 06:49:05 -08:00
..
examples
Introduce and prefer AllowMmapWithoutExec
2023-12-27 02:51:13 -08:00
network_proxy
Use empty instead of length
2023-09-18 00:46:50 -07:00
testcases
Use sandboxed libunwind also with sanitizers
2024-02-27 04:36:56 -08:00
unwind
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
util
Internal change
2023-11-10 07:27:10 -08:00
allow_all_syscalls.h
Fix typo
2023-05-04 00:46:53 -07:00
allow_unrestricted_networking.h
Sandbox2: Remove commented out include
2023-06-23 00:46:59 -07:00
bpfdisassembler_test.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
bpfdisassembler.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
bpfdisassembler.h
Final round of IWYU fixes for Sandbox2
2023-08-25 06:50:29 -07:00
buffer_test.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
buffer.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
buffer.h
Remove Tag constructor, add standard comment for absl::WrapUnique(new T)
2022-10-25 06:20:51 -07:00
BUILD.bazel
Added more descriptive Syscall argument types, and an API for introspecting arguments.
2024-03-05 11:07:06 -08:00
client.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
client.h
IWYU fixes
2023-08-23 09:04:00 -07:00
CMakeLists.txt
Added more descriptive Syscall argument types, and an API for introspecting arguments.
2024-03-05 11:07:06 -08:00
comms_test.cc
Remove deprecated comms functions
2023-09-26 05:45:27 -07:00
comms_test.proto
Migration of remaining protobufs from proto2 to proto3
2022-03-16 00:43:46 -07:00
comms.cc
Comms: Always use the inline buffer
2024-02-14 07:12:51 -08:00
comms.h
Remove deprecated comms functions
2023-09-26 05:45:27 -07:00
executor.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
executor.h
Do 1 level of recursion on libunwind crashes
2023-09-19 06:50:05 -07:00
fork_client.cc
Add special handling for global forkserver
2023-12-13 03:34:22 -08:00
fork_client.h
Add special handling for global forkserver
2023-12-13 03:34:22 -08:00
forkingclient.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
forkingclient.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
forkserver_bin.cc
Gather more coverage data
2023-09-07 02:43:04 -07:00
forkserver_test.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
forkserver.cc
don't drop CAP_SYS_PTRACE as it is apparently needed by sandbox
2023-11-02 00:42:33 -07:00
forkserver.h
Always override forkservers comms_fd in sandboxee
2023-08-30 02:20:56 -07:00
forkserver.proto
Treat libunwind sandbox as a ~regular sandboxee
2023-08-17 13:32:44 -07:00
global_forkclient_lib_ctor.cc
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
global_forkclient.cc
SAPI_RAW_CHECK expects NUL-terminated strings
2023-11-29 01:03:45 -08:00
global_forkclient.h
Add special handling for global forkserver
2023-12-13 03:34:22 -08:00
ipc_test.cc
Run more tests with sanitizers and coverage
2023-09-05 07:14:49 -07:00
ipc.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
ipc.h
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
limits_test.cc
Skip sanitizers for limits_test
2023-09-15 04:57:24 -07:00
limits.h
Change license link to HTTPS URL
2022-01-28 01:39:09 -08:00
logserver.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logserver.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logserver.proto
logserver: Support non-UTF8 log messages
2023-12-28 06:35:09 -08:00
logsink.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
logsink.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
monitor_base.cc
Add special handling for global forkserver
2023-12-13 03:34:22 -08:00
monitor_base.h
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
monitor_ptrace.cc
PtraceMonitor: Add a hard deadline for waiting for kill to take effect
2023-09-06 04:38:51 -07:00
monitor_ptrace.h
PtraceMonitor: Add a hard deadline for waiting for kill to take effect
2023-09-06 04:38:51 -07:00
monitor_unotify.cc
Reduce CHECK-failures in unotify monitor
2023-08-30 02:56:16 -07:00
monitor_unotify.h
Reduce CHECK-failures in unotify monitor
2023-08-30 02:56:16 -07:00
mount_tree.proto
Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
2022-03-14 05:15:15 -07:00
mounts_test.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
mounts.cc
Minor cleanups, no functional change.
2023-12-27 13:39:58 -08:00
mounts.h
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
namespace_test.cc
namespace_test: use lstat instead of stat, don't descent into procfs & sysfs
2023-09-14 02:09:12 -07:00
namespace.cc
Final round of IWYU fixes for Sandbox2
2023-08-25 06:50:29 -07:00
namespace.h
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
network_proxy_test.cc
NetworkProxyTest: test more error conditions
2023-09-05 02:17:25 -07:00
notify_test.cc
Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder
2024-02-02 13:01:37 -08:00
notify.h
Remove unneeded include
2023-12-29 01:30:29 -08:00
policy_test.cc
Ensure that TCMalloc can execute NumCPUs.
2023-09-15 08:21:13 -07:00
policy.cc
Return ENOSYS instead of hard denying clone3
2024-02-01 04:39:02 -08:00
policy.h
Final round of IWYU fixes for Sandbox2
2023-08-25 06:50:29 -07:00
policybuilder_test.cc
PolicyBuilder: ignore duplicate calls to more complex helpers
2024-02-19 06:14:02 -08:00
policybuilder.cc
Include-what-you-use fix
2024-03-07 06:49:05 -08:00
policybuilder.h
Include-what-you-use fix
2024-03-07 06:49:05 -08:00
README.md
Update references to the new documentation
2021-12-14 09:03:29 -08:00
regs_test.cc
Final round of IWYU fixes for Sandbox2
2023-08-25 06:50:29 -07:00
regs.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
regs.h
Final round of IWYU fixes for Sandbox2
2023-08-25 06:50:29 -07:00
result.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
result.h
Final round of IWYU fixes for Sandbox2
2023-08-25 06:50:29 -07:00
sandbox2_test.cc
Add a test for custom forkserver
2023-12-12 06:53:33 -08:00
sandbox2.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
sandbox2.h
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
sanitizer_test.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
sanitizer.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
sanitizer.h
Final round of IWYU fixes for Sandbox2
2023-08-25 06:50:29 -07:00
stack_trace_test.cc
Use sandboxed libunwind also with sanitizers
2024-02-27 04:36:56 -08:00
stack_trace.cc
Use sandboxed libunwind also with sanitizers
2024-02-27 04:36:56 -08:00
stack_trace.h
Do 1 level of recursion on libunwind crashes
2023-09-19 06:50:05 -07:00
syscall_defs.cc
Added more descriptive Syscall argument types, and an API for introspecting arguments.
2024-03-05 11:07:06 -08:00
syscall_defs.h
Added more descriptive Syscall argument types, and an API for introspecting arguments.
2024-03-05 11:07:06 -08:00
syscall_test.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
syscall.cc
Added more descriptive Syscall argument types, and an API for introspecting arguments.
2024-03-05 11:07:06 -08:00
syscall.h
Added more descriptive Syscall argument types, and an API for introspecting arguments.
2024-03-05 11:07:06 -08:00
testing.h
Add IWYU pragma
2023-08-23 07:14:21 -07:00
trace_all_syscalls.h
Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder
2024-02-02 13:01:37 -08:00
util_test.cc
Bulk IWYU and build_cleaner fixes
2023-08-24 06:23:36 -07:00
util.cc
Added more descriptive Syscall argument types, and an API for introspecting arguments.
2024-03-05 11:07:06 -08:00
util.h
Added more descriptive Syscall argument types, and an API for introspecting arguments.
2024-03-05 11:07:06 -08:00
violation.proto
Add field to track policy source location
2023-02-24 07:55:23 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.