sandboxed-api/sandboxed_api
Sandboxed API Team 3323ddc129 Permit sandboxee's bpf() to fail
The default policy causes immediate termination of a sandboxee that
calls `bpf`(2).

This does not allow for try-call use of `bpf()` to test for optional
features.

To support such try-call use cases, sandboxes would like to say:

```
  sandbox2::PolicyBuilder builder;
  builder.BlockSyscallWithErrno(__NR_bpf, EPERM);
```

but this doesn't work because the default policy unconditionally treats
`bpf()` as a sandbox violation.

Remove the bpf violation check from the policy if `bpf()` is explicitly
blocked with an errno.

PiperOrigin-RevId: 345239389
Change-Id: I7fcfd3a938c610c8679edf8e1fa0238b32cc9db4
2020-12-02 08:38:32 -08:00
..
bazel Support AArch64 and PPC64 in third party dependencies 2020-10-26 01:22:23 -07:00
docs Internal change. 2020-03-19 09:58:28 -07:00
examples Use actual ptrace() arguments in example 2020-11-19 06:47:31 -08:00
sandbox2 Permit sandboxee's bpf() to fail 2020-12-02 08:38:32 -08:00
tools Emit non-type template args as part of forward decls 2020-10-28 16:48:04 +01:00
util Build fixes for recent Bazel versions 2020-09-25 07:25:31 -07:00
BUILD.bazel Enable log forwarding from sandboxee if enabled by the supervisor. 2020-11-04 09:24:50 -08:00
call.h Use size_t/uintptr_t instead of uintptr_t or uint64_t where appropriate 2020-09-18 07:45:03 -07:00
client.cc Enable log forwarding from sandboxee if enabled by the supervisor. 2020-11-04 09:24:50 -08:00
CMakeLists.txt Enable log forwarding from sandboxee if enabled by the supervisor. 2020-11-04 09:24:50 -08:00
embed_file.cc Replace sapi::Status with absl::Status 2020-02-27 09:24:12 -08:00
embed_file.h Replace deprecated thread annotations macros. 2020-01-30 05:06:55 -08:00
file_toc.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
lenval_core.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
proto_arg.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
proto_helper.h Internal BUILD refactoring 2020-09-03 07:40:33 -07:00
rpcchannel.cc Use size_t/uintptr_t instead of uintptr_t or uint64_t where appropriate 2020-09-18 07:45:03 -07:00
rpcchannel.h Use size_t/uintptr_t instead of uintptr_t or uint64_t where appropriate 2020-09-18 07:45:03 -07:00
sandbox.cc Cleans up statusor.h includes. 2020-10-26 09:08:41 -07:00
sandbox.h Cleans up statusor.h includes. 2020-10-26 09:08:41 -07:00
sapi_test.cc Modernize a few files 2020-07-20 03:07:54 -07:00
transaction.cc Rename accessors, move away from time_t API 2020-08-07 00:30:28 -07:00
transaction.h Rename accessors, move away from time_t API 2020-08-07 00:30:28 -07:00
var_abstract.cc Replace sapi::Status with absl::Status 2020-02-27 09:24:12 -08:00
var_abstract.h Modernize a few files 2020-07-20 03:07:54 -07:00
var_array.h Use string_view instead of char* in CStr ctor 2020-10-14 02:04:05 -07:00
var_int.cc Replace sapi::Status with absl::Status 2020-02-27 09:24:12 -08:00
var_int.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_lenval.cc Replace sapi::Status with absl::Status 2020-02-27 09:24:12 -08:00
var_lenval.h Replace sapi::Status with absl::Status 2020-02-27 09:24:12 -08:00
var_pointable.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
var_pointable.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_proto.h Cleans up statusor.h includes. 2020-10-26 09:08:41 -07:00
var_ptr.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_reg.h Use absl::StrFormat() in Reg<T>::ToString() 2020-07-22 01:21:02 -07:00
var_struct.h Modernize a few files 2020-07-20 03:07:54 -07:00
var_type.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
var_void.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
vars.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00