StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
002cb9ae01
sandboxed-api/sandboxed_api/sandbox2
History
Christian Blichmann 002cb9ae01 More efficient fork request handling and #Cleanup 
- Assign to `*mutable_XXX()` instead of looping
- Use a const ref for capabilities

PiperOrigin-RevId: 384192675
Change-Id: I4db3d0c8ce0d7f6acc9fd486a2409962516b5fe7
2021-07-12 02:37:42 -07:00
..
examples Enable AArch64 syscalls in examples 2021-05-26 05:47:37 -07:00
network_proxy Update third-party dependencies 2021-04-26 05:00:30 -07:00
testcases Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
unwind Automated rollback of commit 4a38f59728. 2021-06-28 02:03:06 -07:00
util Use sapi::file::GetContents() and light Mini-ELF refactoring 2021-04-28 07:49:17 -07:00
bpfdisassembler.cc Use absl::Span in BPF disassembler 2021-04-21 05:33:12 -07:00
bpfdisassembler.h Use absl::Span in BPF disassembler 2021-04-21 05:33:12 -07:00
buffer_test.cc Deprecate IPC::comms() 2021-02-19 04:43:14 -08:00
buffer.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
buffer.h Change int64 to size_t in Buffer 2020-10-01 06:45:38 -07:00
BUILD.bazel Automated rollback of commit 4a38f59728. 2021-06-28 02:03:06 -07:00
client.cc Log more info for seccomp setup failure 2021-04-15 05:09:38 -07:00
client.h Replace std::unique_ptr<uint8_t[]> with vector 2020-11-05 02:03:46 -08:00
CMakeLists.txt Fix rare failure while starting the global forkserver 2021-06-22 07:48:58 -07:00
comms_test.cc Change int64 to size_t in Buffer 2020-10-01 06:45:38 -07:00
comms_test.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
comms.cc Fix a data race in Comms 2021-05-18 05:48:54 -07:00
comms.h Add workaround for active Tomoyo LSM 2021-05-10 07:04:04 -07:00
executor.cc More efficient fork request handling and #Cleanup 2021-07-12 02:37:42 -07:00
executor.h More efficient fork request handling and #Cleanup 2021-07-12 02:37:42 -07:00
fork_client.cc Minor ForkClient improvements 2020-10-05 05:10:16 -07:00
fork_client.h Start global fork-server on demand 2020-11-05 08:48:03 -08:00
forkingclient.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkingclient.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkserver_bin.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
forkserver_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
forkserver.cc Minor cleanup/formatting changes 2021-05-17 04:07:08 -07:00
forkserver.h Extract ForkClient to a separate target 2020-07-17 04:54:54 -07:00
forkserver.proto Internal change 2020-01-31 05:39:25 -08:00
global_forkclient_lib_ctor.cc Do not fail if forkserver is disabled by env when lib_ctor is used 2020-12-10 02:49:54 -08:00
global_forkclient.cc Simplify the dup fix and add better error handling 2021-06-23 08:14:01 -07:00
global_forkclient.h Add IsStarted() method to GlobalForkClient. 2021-01-11 09:34:13 -08:00
ipc_test.cc Internal change 2021-01-22 06:01:34 -08:00
ipc.cc Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional. 2020-02-20 07:45:44 -08:00
ipc.h Deprecate IPC::comms() 2021-02-19 04:43:14 -08:00
limits_test.cc Internal change 2021-01-22 06:01:34 -08:00
limits.h Improvements to limits.h header 2021-01-27 08:05:25 -08:00
logserver.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logserver.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logserver.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logsink.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logsink.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
monitor.cc More efficient fork request handling and #Cleanup 2021-07-12 02:37:42 -07:00
monitor.h Internal change 2021-05-20 08:17:10 -07:00
mounts_test.cc Fix Mounts::ResolvePath for dir nodes. 2021-04-14 02:45:41 -07:00
mounts.cc Minor cleanup/formatting changes 2021-05-17 04:07:08 -07:00
mounts.h Add workaround for active Tomoyo LSM 2021-05-10 07:04:04 -07:00
mounttree.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
namespace_test.cc Internal change 2021-01-22 06:01:34 -08:00
namespace.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
namespace.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
notify_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
notify.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
policy_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
policy.cc More efficient fork request handling and #Cleanup 2021-07-12 02:37:42 -07:00
policy.h More efficient fork request handling and #Cleanup 2021-07-12 02:37:42 -07:00
policybuilder_test.cc Avoid sanitizer macros use Abseil's where necessary 2021-02-01 07:11:15 -08:00
policybuilder.cc Add rt_sigprocmask to AllowLogForwarding 2021-05-27 04:40:28 -07:00
policybuilder.h Internal change 2021-05-20 08:17:10 -07:00
README.md Corrects typo in link 2019-10-07 02:36:35 -07:00
regs.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
regs.h Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
result.cc Avoid sanitizer macros use Abseil's where necessary 2021-02-01 07:11:15 -08:00
result.h Adds IsRetryable() method to Result class, currently just returns false. 2021-02-11 09:34:23 -08:00
sandbox2_test.cc Internal change 2021-01-22 06:01:34 -08:00
sandbox2.cc Internal BUILD refactoring 2020-09-03 07:40:33 -07:00
sandbox2.h Internal BUILD refactoring 2020-09-03 07:40:33 -07:00
sanitizer_test.cc Internal change 2021-01-22 06:01:34 -08:00
sanitizer.cc Add optional VLOG(1) for additional process info on Syscall Violation. 2021-04-16 12:43:08 -07:00
sanitizer.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
stack_trace_test.cc Fix order-dependent test. 2021-03-18 05:56:40 -07:00
stack_trace.cc Automated rollback of commit 4a38f59728. 2021-06-28 02:03:06 -07:00
stack_trace.h Automated rollback of commit 4a38f59728. 2021-06-28 02:03:06 -07:00
syscall_defs.cc Add new x86-64 syscalls 2021-06-04 01:01:34 -07:00
syscall_defs.h Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
syscall_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
syscall.cc Add more compiler variants to GitHub Actions 2021-04-07 15:23:23 +02:00
syscall.h Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
testing.h Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
util_test.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
util.cc Seal memfd in embed_file.cc 2021-07-07 00:58:57 -07:00
util.h Add optional VLOG(1) for additional process info on Syscall Violation. 2021-04-16 12:43:08 -07:00
violation.proto Add support for ARM32 (hard float target) 2020-12-16 09:18:25 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.