StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Christian Blichmann 276b7efc92 Internal change. 
PiperOrigin-RevId: 265057217
Change-Id: Id00c867b373dbe8c9112c23ef4b0300ed3ca9e5b
2019-08-23 08:08:51 -07:00
..
docs
Internal change
2019-04-23 10:42:14 -07:00
examples
Enable CMake projects to consume Sandboxed API via add_subdirectory()
2019-07-26 05:51:08 -07:00
testcases
Follow-up to 3c51348 fixing linker issues with gflags and glog
2019-07-30 06:48:38 -07:00
unwind
Use full workspace name to access Bazel packages in generator
2019-07-01 02:53:41 -07:00
util
Internal change.
2019-08-23 08:08:51 -07:00
bpfdisassembler.cc
Add support for new SECCOMP_RET_* in disassembler
2019-04-09 14:38:05 +02:00
bpfdisassembler.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
buffer_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
buffer.cc
Internal change.
2019-08-23 08:08:51 -07:00
buffer.h
Internal change.
2019-08-23 08:08:51 -07:00
BUILD.bazel
Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
2019-07-23 04:41:08 -07:00
client.cc
Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
2019-07-23 04:41:08 -07:00
client.h
Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
2019-07-23 04:41:08 -07:00
CMakeLists.txt
Follow-up to 3c51348 fixing linker issues with gflags and glog
2019-07-30 06:48:38 -07:00
comms_test.cc
Internal change.
2019-08-23 08:08:51 -07:00
comms_test.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
comms.cc
Remove stale comment
2019-05-17 07:21:31 -07:00
comms.h
Make StatusMatcher more flexible
2019-04-23 10:30:45 -07:00
executor.cc
Use full workspace name to access Bazel packages in generator
2019-07-01 02:53:41 -07:00
executor.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
forkingclient.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkingclient.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkserver_bin.cc
Move forkserver into a dedicated binary
2019-04-09 14:37:41 +02:00
forkserver_test.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkserver.cc
Internal change.
2019-08-23 08:08:51 -07:00
forkserver.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
forkserver.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
global_forkclient.cc
Move forkserver into a dedicated binary
2019-04-09 14:37:41 +02:00
global_forkclient.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
ipc_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
ipc.cc
Formatting fixes.
2019-03-19 03:41:32 -07:00
ipc.h
Formatting fixes.
2019-03-19 03:41:32 -07:00
limits_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
limits.h
Formatting fixes.
2019-03-19 03:41:32 -07:00
logserver.cc
Follow-up to rev. 6edcf5f which introduced a build failure
2019-07-08 05:56:36 -07:00
logserver.h
Fix unnecessary unique_ptr in LogServer.
2019-05-26 08:47:38 -07:00
logserver.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
logsink.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
logsink.h
Internal change
2019-04-26 06:18:59 -07:00
monitor.cc
Rename stack-trace{.h,.cc,._test.cc} to use underscores
2019-07-09 01:32:25 -07:00
monitor.h
Initialize std::atomic_flag members
2019-07-15 23:59:24 -07:00
mounts_test.cc
Print final FS mounts in sandboxee's chroot
2019-05-07 18:30:13 -07:00
mounts.cc
Internal change.
2019-08-23 08:08:51 -07:00
mounts.h
Internal change.
2019-08-23 08:08:51 -07:00
mounttree.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
namespace_test.cc
Fix double EnableNamespaces
2019-07-15 05:34:31 -07:00
namespace.cc
Move root chdir to namespace setup
2019-07-16 07:13:17 -07:00
namespace.h
Use new function naming
2019-06-14 02:09:07 -07:00
network_proxy_client.cc
Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
2019-07-23 04:41:08 -07:00
network_proxy_client.h
Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
2019-07-23 04:41:08 -07:00
network_proxy_server.cc
Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
2019-07-23 04:41:08 -07:00
network_proxy_server.h
Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added
2019-07-23 04:41:08 -07:00
notify_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
notify.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
policy_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
policy.cc
Use full workspace name to access Bazel packages in generator
2019-07-01 02:53:41 -07:00
policy.h
Rename deathrattle_fatalmsg proto
2019-03-20 05:19:55 -07:00
policybuilder_test.cc
Internal change.
2019-08-23 08:08:51 -07:00
policybuilder.cc
Internal change.
2019-08-23 08:08:51 -07:00
policybuilder.h
Internal change.
2019-08-23 08:08:51 -07:00
README.md
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
regs.cc
Internal change.
2019-08-23 08:08:51 -07:00
regs.h
Internal change.
2019-08-23 08:08:51 -07:00
result.cc
Internal change.
2019-08-23 08:08:51 -07:00
result.h
Internal change.
2019-08-23 08:08:51 -07:00
sandbox2_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
sandbox2.cc
Internal change.
2019-08-23 08:08:51 -07:00
sandbox2.h
Internal change.
2019-08-23 08:08:51 -07:00
sanitizer_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
sanitizer.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
sanitizer.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
stack_trace_test.cc
Rename stack-trace{.h,.cc,._test.cc} to use underscores
2019-07-09 01:32:25 -07:00
stack_trace.cc
Rename stack-trace{.h,.cc,._test.cc} to use underscores
2019-07-09 01:32:25 -07:00
stack_trace.h
Rename stack-trace{.h,.cc,._test.cc} to use underscores
2019-07-09 01:32:25 -07:00
syscall_defs.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
syscall_defs.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall_test.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
testing.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
testing.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
util_test.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
util.cc
Internal change.
2019-08-23 08:08:51 -07:00
util.h
Internal change.
2019-08-23 08:08:51 -07:00
violation.proto
Disable "mini" debug format support in libunwind to avoid additional library dependency
2019-03-20 08:03:08 -07:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Who is it for?

Sandbox2 is aimed to sandbox C/C++ code or whole binaries in production.

See the sandboxing options overview page to make sure this is the type of sandboxing you are looking for.

How does it work?

Read our How it works page to learn everything about this technology.