StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
1e26cd50dc
sandboxed-api/sandboxed_api/sandbox2
History
Wiktor Garbacz 1e26cd50dc Always override forkservers comms_fd in sandboxee 
PiperOrigin-RevId: 558721787
Change-Id: I331efd38b0571877b53cdc14190bae0ed639ce3f
2023-08-21 02:15:52 -07:00
..
examples
network_proxy
testcases Remove redundant buffer test 2023-07-21 01:53:54 -07:00
unwind
util Mostly internal change: Optimize OSS transforms 2023-06-07 02:23:18 -07:00
allow_all_syscalls.h Fix typo 2023-05-04 00:46:53 -07:00
allow_unrestricted_networking.h Sandbox2: Remove commented out include 2023-06-23 00:46:59 -07:00
bpfdisassembler_test.cc
bpfdisassembler.cc
bpfdisassembler.h
buffer_test.cc Remove redundant buffer test 2023-07-21 01:53:54 -07:00
buffer.cc
buffer.h
BUILD.bazel Treat libunwind sandbox as a ~regular sandboxee 2023-08-17 13:32:44 -07:00
client.cc Client::PrepareEnvironment simplify by supporting just a single preserved fd 2023-08-18 06:52:45 -07:00
client.h Client::PrepareEnvironment simplify by supporting just a single preserved fd 2023-08-18 06:52:45 -07:00
CMakeLists.txt Always override forkservers comms_fd in sandboxee 2023-08-21 02:15:52 -07:00
comms_test.cc
comms_test.proto
comms.cc
comms.h Make Comms movable 2023-08-18 04:41:30 -07:00
executor.cc Treat libunwind sandbox as a ~regular sandboxee 2023-08-17 13:32:44 -07:00
executor.h
fork_client.cc forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
fork_client.h
forkingclient.cc Prefer regular logging to raw_logging 2023-08-18 02:43:27 -07:00
forkingclient.h
forkserver_bin.cc Treat libunwind sandbox as a ~regular sandboxee 2023-08-17 13:32:44 -07:00
forkserver_test.cc
forkserver.cc Always override forkservers comms_fd in sandboxee 2023-08-21 02:15:52 -07:00
forkserver.h Always override forkservers comms_fd in sandboxee 2023-08-21 02:15:52 -07:00
forkserver.proto Treat libunwind sandbox as a ~regular sandboxee 2023-08-17 13:32:44 -07:00
global_forkclient_lib_ctor.cc
global_forkclient.cc forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
global_forkclient.h
ipc_test.cc
ipc.cc Readd VLOGs removed by mistake 2023-08-17 01:13:21 -07:00
ipc.h In Sandbox2 IPC class, add a MapDupedFd() function to allow application to retain ownership of the local_fd. 2023-08-16 10:58:55 -07:00
limits_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
limits.h
logserver.cc
logserver.h
logserver.proto
logsink.cc
logsink.h
monitor_base.cc Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
monitor_base.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
monitor_ptrace.cc Automated rollback of commit a946cedc95. 2023-08-11 04:54:59 -07:00
monitor_ptrace.h Automated rollback of commit a946cedc95. 2023-08-11 04:54:59 -07:00
monitor_unotify.cc Prefer regular logging to raw_logging 2023-08-18 02:43:27 -07:00
monitor_unotify.h monitor_unotify: Use eventfd instead of pipe for notifications 2023-08-16 07:29:11 -07:00
mount_tree.proto
mounts_test.cc Allow replacing a read-only node with writable for same target 2023-07-18 02:45:13 -07:00
mounts.cc Introduce a SAPI_RAW_VLOG_IS_ON just for raw_logging 2023-08-18 03:12:36 -07:00
mounts.h Mark Mounts::RecursivelyListMounts() const 2023-08-03 07:40:16 -07:00
namespace_test.cc Migrate namespaces related tests out of policybuilder_test 2023-03-06 07:08:49 -08:00
namespace.cc Introduce a SAPI_RAW_VLOG_IS_ON just for raw_logging 2023-08-18 03:12:36 -07:00
namespace.h Mark GetNamespaceDescription const 2023-08-07 06:48:11 -07:00
notify_test.cc
notify.h
policy_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
policy.cc Internal change 2023-08-18 04:10:42 -07:00
policy.h Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
policybuilder_test.cc Fix bypass for enabling ptrace/bpf 2023-08-11 01:34:27 -07:00
policybuilder.cc Allow set_robust_list for TSAN 2023-08-17 02:52:53 -07:00
policybuilder.h Introduce AddFile(At)IfNamespaced/AddDirectory(At)IfNamespaced 2023-07-17 01:58:46 -07:00
README.md
regs_test.cc
regs.cc
regs.h
result.cc sandbox2: Provide sandboxee rusage when using unotify monitor 2023-06-16 04:37:18 -07:00
result.h sandbox2: Provide sandboxee rusage when using unotify monitor 2023-06-16 04:37:18 -07:00
sandbox2_test.cc
sandbox2.cc Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
sandbox2.h Move log warning about non-namespaced stacktraces 2023-08-07 09:07:06 -07:00
sanitizer_test.cc
sanitizer.cc
sanitizer.h
stack_trace_test.cc
stack_trace.cc Use return value directly instead of SAPI_ASSIGN_OR_RETURN dance 2023-08-03 05:45:58 -07:00
stack_trace.h Decouple sandboxed stack tracing 2023-02-16 06:07:15 -08:00
syscall_defs.cc
syscall_defs.h
syscall_test.cc Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
syscall.cc
syscall.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
testing.h
util_test.cc
util.cc Sandbox2: Remove file sealing for in-memory files. 2023-07-25 05:04:52 -07:00
util.h
violation.proto

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.