sandboxed-api/sandboxed_api/sandbox2
Wiktor Garbacz 1cf45be7df Refactor Comms to split out listening/connecting part
Deprecated APIs slated for removal after migration of internal
clients.

PiperOrigin-RevId: 566598245
Change-Id: I5d7b920f3a788d4eccc6e78f239b660ba903adcc
2023-09-19 05:14:09 -07:00
..
examples Ensure that TCMalloc can execute NumCPUs. 2023-09-15 08:21:13 -07:00
network_proxy Use empty instead of length 2023-09-18 00:46:50 -07:00
testcases Ensure that TCMalloc can execute NumCPUs. 2023-09-15 08:21:13 -07:00
unwind Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
util
allow_all_syscalls.h
allow_unrestricted_networking.h Sandbox2: Remove commented out include 2023-06-23 00:46:59 -07:00
bpfdisassembler_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
bpfdisassembler.cc
bpfdisassembler.h
buffer_test.cc
buffer.cc
buffer.h
BUILD.bazel Refactor Comms to split out listening/connecting part 2023-09-19 05:14:09 -07:00
client.cc
client.h IWYU fixes 2023-08-23 09:04:00 -07:00
CMakeLists.txt Refactor Comms to split out listening/connecting part 2023-09-19 05:14:09 -07:00
comms_test.cc
comms_test.proto
comms.cc Refactor Comms to split out listening/connecting part 2023-09-19 05:14:09 -07:00
comms.h Refactor Comms to split out listening/connecting part 2023-09-19 05:14:09 -07:00
executor.cc
executor.h
fork_client.cc
fork_client.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
forkingclient.cc
forkingclient.h
forkserver_bin.cc
forkserver_test.cc
forkserver.cc
forkserver.h
forkserver.proto
global_forkclient_lib_ctor.cc
global_forkclient.cc
global_forkclient.h
ipc_test.cc
ipc.cc
ipc.h
limits_test.cc Skip sanitizers for limits_test 2023-09-15 04:57:24 -07:00
limits.h
logserver.cc
logserver.h
logserver.proto
logsink.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
logsink.h
monitor_base.cc
monitor_base.h
monitor_ptrace.cc
monitor_ptrace.h
monitor_unotify.cc
monitor_unotify.h Reduce CHECK-failures in unotify monitor 2023-08-30 02:56:16 -07:00
mount_tree.proto
mounts_test.cc
mounts.cc
mounts.h
namespace_test.cc namespace_test: use lstat instead of stat, don't descent into procfs & sysfs 2023-09-14 02:09:12 -07:00
namespace.cc
namespace.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
network_proxy_test.cc
notify_test.cc
notify.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
policy_test.cc Ensure that TCMalloc can execute NumCPUs. 2023-09-15 08:21:13 -07:00
policy.cc Disallow clone3, unsafe clone and unshare flags 2023-09-12 06:30:45 -07:00
policy.h
policybuilder_test.cc
policybuilder.cc Ensure that TCMalloc can execute NumCPUs. 2023-09-15 08:21:13 -07:00
policybuilder.h
README.md
regs_test.cc Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
regs.cc
regs.h
result.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
result.h
sandbox2_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
sandbox2.cc
sandbox2.h
sanitizer_test.cc
sanitizer.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
sanitizer.h Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
stack_trace_test.cc
stack_trace.cc
stack_trace.h
syscall_defs.cc Add missing Aarch64 syscall entries 2023-09-05 02:03:36 -07:00
syscall_defs.h
syscall_test.cc
syscall.cc
syscall.h
testing.h
util_test.cc
util.cc Remove deprecated VecStringToCharPtrArr 2023-09-07 03:09:30 -07:00
util.h Remove deprecated VecStringToCharPtrArr 2023-09-07 03:09:30 -07:00
violation.proto

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.