StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Christian Blichmann 24c3e34344 Implement a GetDataDependencyFilepath() for CMake (non-Bazel really). 
This code assumes, like Bazel's runfiles that the data dependency to access
exists in the same sub-tree as the binary:

WORKSPACE
+- sandboxed_api/sandbox2/examples/crc4
                                   +- crc4bin
                                   +- crc4sandbox

The code requires the directory structure to exist, so that in the example
above, crc4sandbox can use
  GetDataDependencyFilepath("sandboxed_api/sandbox2/examples/crc4/crc4bin")

regardless of how it was called.

PiperOrigin-RevId: 251834480
Change-Id: I6470b62ce9b403297116481a0c17c070992f2e81
2019-06-06 05:44:32 -07:00
..
docs
Internal change
2019-04-23 10:42:14 -07:00
examples
Use newer gflags namespace for command-line flags
2019-06-05 07:39:38 -07:00
testcases
Add a resource starvation test
2019-05-15 08:04:58 -07:00
unwind
Disable compiler warnings for consistency with internal settings.
2019-05-09 05:21:34 -07:00
util
Implement a GetDataDependencyFilepath() for CMake (non-Bazel really).
2019-06-06 05:44:32 -07:00
bpfdisassembler.cc
Add support for new SECCOMP_RET_* in disassembler
2019-04-09 14:38:05 +02:00
bpfdisassembler.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
buffer_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
buffer.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
buffer.h
Clarify behavior of Buffer::CreateFromFd
2019-05-30 23:50:54 -07:00
BUILD.bazel
Internal change
2019-06-05 00:26:14 -07:00
client.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
client.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
CMakeLists.txt
Internal change
2019-06-05 00:26:14 -07:00
comms_test.cc
Internal change
2019-04-23 10:42:14 -07:00
comms_test.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
comms.cc
Remove stale comment
2019-05-17 07:21:31 -07:00
comms.h
Make StatusMatcher more flexible
2019-04-23 10:30:45 -07:00
executor.cc
Improve internal<->external code transforms
2019-03-19 05:51:53 -07:00
executor.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
forkingclient.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkingclient.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkserver_bin.cc
Move forkserver into a dedicated binary
2019-04-09 14:37:41 +02:00
forkserver_test.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkserver.cc
Move forkserver into a dedicated binary
2019-04-09 14:37:41 +02:00
forkserver.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
forkserver.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
global_forkclient.cc
Move forkserver into a dedicated binary
2019-04-09 14:37:41 +02:00
global_forkclient.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
ipc_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
ipc.cc
Formatting fixes.
2019-03-19 03:41:32 -07:00
ipc.h
Formatting fixes.
2019-03-19 03:41:32 -07:00
limits_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
limits.h
Formatting fixes.
2019-03-19 03:41:32 -07:00
logserver.cc
Fix unnecessary unique_ptr in LogServer.
2019-05-26 08:47:38 -07:00
logserver.h
Fix unnecessary unique_ptr in LogServer.
2019-05-26 08:47:38 -07:00
logserver.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
logsink.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
logsink.h
Internal change
2019-04-26 06:18:59 -07:00
monitor.cc
Internal change
2019-06-05 00:26:14 -07:00
monitor.h
Remove dead code
2019-05-17 02:02:03 -07:00
mounts_test.cc
Print final FS mounts in sandboxee's chroot
2019-05-07 18:30:13 -07:00
mounts.cc
Log the progress of dynamic libraries being resolved while creating a sandboxee's virtual FS chroot. This provides valuable insight while debugging problems with dynamically linked sandoxed binaries.
2019-05-10 09:41:07 -07:00
mounts.h
Print final FS mounts in sandboxee's chroot
2019-05-07 18:30:13 -07:00
mounttree.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
namespace_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
namespace.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
namespace.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
network_proxy_client.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
network_proxy_client.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
network_proxy_server.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
network_proxy_server.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
notify_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
notify.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
policy_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
policy.cc
Internal change
2019-06-05 00:26:14 -07:00
policy.h
Rename deathrattle_fatalmsg proto
2019-03-20 05:19:55 -07:00
policybuilder_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
policybuilder.cc
Add DisableNamespaces to PolicyBuilder
2019-05-22 06:54:12 -07:00
policybuilder.h
Add DisableNamespaces to PolicyBuilder
2019-05-22 06:54:12 -07:00
README.md
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
regs.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
regs.h
Rename deathrattle_fatalmsg proto
2019-03-20 05:19:55 -07:00
result.cc
Reintroduce monitor changes.
2019-05-15 07:46:49 -07:00
result.h
Reintroduce monitor changes.
2019-05-15 07:46:49 -07:00
sandbox2_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
sandbox2.cc
Replace custom synchronization with absl::Notification
2019-05-15 08:09:56 -07:00
sandbox2.h
Reintroduce monitor changes.
2019-05-15 07:46:49 -07:00
sanitizer_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
sanitizer.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
sanitizer.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
stack-trace_test.cc
Internal change
2019-06-05 00:26:14 -07:00
stack-trace.cc
Internal change
2019-06-05 00:26:14 -07:00
stack-trace.h
Internal change
2019-06-05 00:26:14 -07:00
syscall_defs.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
syscall_defs.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall_test.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
testing.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
testing.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
util_test.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
util.cc
Extract GetRlimitName into util
2019-05-17 01:55:35 -07:00
util.h
Extract GetRlimitName into util
2019-05-17 01:55:35 -07:00
violation.proto
Disable "mini" debug format support in libunwind to avoid additional library dependency
2019-03-20 08:03:08 -07:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Who is it for?

Sandbox2 is aimed to sandbox C/C++ code or whole binaries in production.

See the sandboxing options overview page to make sure this is the type of sandboxing you are looking for.

How does it work?

Read our How it works page to learn everything about this technology.