mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Christian Blichmann befdb09597 Link more complex test cases dynamically Linking glibc in fully static mode is mostly unsupported. While such binaries can easily be produced, conflicting symbols will often make them crash at runtime. This happens because glibc will always (try to) load some dynamically linked libraries, even when statically linked. This includes things like the resolver, unicode/locale handling and others. Internally at Google, this is not a concern due to the way glibc is being built there. But in order to make all of our tests run in the open-source version of this code, we need to change strategy a bit. As a rule of thumb, glibc can safely be linked statically if a program is resonably simple and does not use any networking of locale dependent facilities. Calling syscalls directly instead of the corresponding libc wrappers works as well, of course. This change adjusts linker flags and sandbox policies to be more compatible with regular Linux distributions. Tested: - `ctest -R '[A-Z].*'` (all SAPI/Sandbox2 tests) PiperOrigin-RevId: 429025901 Change-Id: I46b677d9eb61080a8fe868002a34a77de287bf2d		2022-02-16 05:59:13 -08:00
..
examples	Update zlib examples	2022-02-16 00:08:28 -08:00
network_proxy	Remove comment on `licenses()` rule as per Google guidance.	2022-02-03 07:10:12 -08:00
testcases	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
unwind	Apply page offset during stack unwinding/symbolization	2022-02-11 07:19:34 -08:00
util	Apply page offset during stack unwinding/symbolization	2022-02-11 07:19:34 -08:00
bpfdisassembler.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
bpfdisassembler.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
buffer_test.cc	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
buffer.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
buffer.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
BUILD.bazel	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
client.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
client.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
CMakeLists.txt	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
comms_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
comms_test.proto	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
comms.cc	Add a little more logging to failure cases.	2022-02-09 06:54:07 -08:00
comms.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
executor.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
executor.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
fork_client.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
fork_client.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
forkingclient.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
forkingclient.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
forkserver_bin.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
forkserver_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
forkserver.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
forkserver.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
forkserver.proto	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
global_forkclient_lib_ctor.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
global_forkclient.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
global_forkclient.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
ipc_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
ipc.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
ipc.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
limits_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
limits.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
logserver.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
logserver.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
logserver.proto	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
logsink.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
logsink.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
monitor.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
monitor.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
mounts_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
mounts.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
mounts.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
mounttree.proto	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
namespace_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
namespace.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
namespace.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
notify_test.cc	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
notify.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
policy_test.cc	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
policy.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
policy.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
policybuilder_test.cc	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
policybuilder.cc	Allow `mprotect(_, _, PROT_READ)` for all static binaries	2022-02-15 00:14:25 -08:00
policybuilder.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
README.md	Update references to the new documentation	2021-12-14 09:03:29 -08:00
regs_test.cc	Fix `-Wc++11-narrowing` error with Clang introduced in `2546d9e`	2022-01-14 03:40:01 -08:00
regs.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
regs.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
result.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
result.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
sandbox2_test.cc	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
sandbox2.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
sandbox2.h	Delete deprecated `::sandbox2::Sandbox2::GetPid` and its remaining call sites.	2022-02-02 09:57:11 -08:00
sanitizer_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
sanitizer.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
sanitizer.h	Delete deprecated `::sandbox2::Sandbox2::WaitForTsan` and its remaining call sites.	2022-02-03 11:23:56 -08:00
stack_trace_test.cc	Link more complex test cases dynamically	2022-02-16 05:59:13 -08:00
stack_trace.cc	Enable stack traces on AArch64	2022-02-08 06:23:52 -08:00
stack_trace.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
syscall_defs.cc	Add new x86-64 syscalls	2021-06-04 01:01:34 -07:00
syscall_defs.h	Move utility code into `sandboxed_api/util`	2021-01-13 09:25:52 -08:00
syscall_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
syscall.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
syscall.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
testing.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
util_test.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
util.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
util.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
violation.proto	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.