mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Wiktor Garbacz 34f129dc51 Comms: Always use the inline buffer

PiperOrigin-RevId: 606974170
Change-Id: I5f384bfd1b0cd5fecf493162bc40f17860b5975b

2024-02-14 07:12:51 -08:00

examples

Introduce and prefer AllowMmapWithoutExec

2023-12-27 02:51:13 -08:00

network_proxy

Use empty instead of length

2023-09-18 00:46:50 -07:00

testcases

Fix UB caused by uninitialized value.

2024-01-03 01:48:45 -08:00

unwind

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

util

Internal change

2023-11-10 07:27:10 -08:00

allow_all_syscalls.h

Fix typo

2023-05-04 00:46:53 -07:00

allow_unrestricted_networking.h

Sandbox2: Remove commented out include

2023-06-23 00:46:59 -07:00

bpfdisassembler_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

bpfdisassembler.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

bpfdisassembler.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

buffer_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

buffer.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

buffer.h

Remove Tag constructor, add standard comment for absl::WrapUnique(new T)

2022-10-25 06:20:51 -07:00

BUILD.bazel

Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder

2024-02-02 13:01:37 -08:00

client.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

client.h

IWYU fixes

2023-08-23 09:04:00 -07:00

CMakeLists.txt

Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder

2024-02-02 13:01:37 -08:00

comms_test.cc

Remove deprecated comms functions

2023-09-26 05:45:27 -07:00

comms_test.proto

Migration of remaining protobufs from proto2 to proto3

2022-03-16 00:43:46 -07:00

comms.cc

Comms: Always use the inline buffer

2024-02-14 07:12:51 -08:00

comms.h

Remove deprecated comms functions

2023-09-26 05:45:27 -07:00

executor.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

executor.h

Do 1 level of recursion on libunwind crashes

2023-09-19 06:50:05 -07:00

fork_client.cc

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

fork_client.h

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

forkingclient.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

forkingclient.h

Change license link to HTTPS URL

2022-01-28 01:39:09 -08:00

forkserver_bin.cc

Gather more coverage data

2023-09-07 02:43:04 -07:00

forkserver_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

forkserver.cc

don't drop CAP_SYS_PTRACE as it is apparently needed by sandbox

2023-11-02 00:42:33 -07:00

forkserver.h

Always override forkservers comms_fd in sandboxee

2023-08-30 02:20:56 -07:00

forkserver.proto

Treat libunwind sandbox as a ~regular sandboxee

2023-08-17 13:32:44 -07:00

global_forkclient_lib_ctor.cc

Change license link to HTTPS URL

2022-01-28 01:39:09 -08:00

global_forkclient.cc

SAPI_RAW_CHECK expects NUL-terminated strings

2023-11-29 01:03:45 -08:00

global_forkclient.h

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

ipc_test.cc

Run more tests with sanitizers and coverage

2023-09-05 07:14:49 -07:00

ipc.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

ipc.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

limits_test.cc

Skip sanitizers for limits_test

2023-09-15 04:57:24 -07:00

limits.h

Change license link to HTTPS URL

2022-01-28 01:39:09 -08:00

logserver.cc

Use Abseil's log/flags instead of glog/gflags

2022-10-20 06:48:51 -07:00

logserver.h

Use Abseil's log/flags instead of glog/gflags

2022-10-20 06:48:51 -07:00

logserver.proto

logserver: Support non-UTF8 log messages

2023-12-28 06:35:09 -08:00

logsink.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

logsink.h

Use Abseil's log/flags instead of glog/gflags

2022-10-20 06:48:51 -07:00

monitor_base.cc

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

monitor_base.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

monitor_ptrace.cc

PtraceMonitor: Add a hard deadline for waiting for kill to take effect

2023-09-06 04:38:51 -07:00

monitor_ptrace.h

PtraceMonitor: Add a hard deadline for waiting for kill to take effect

2023-09-06 04:38:51 -07:00

monitor_unotify.cc

Reduce CHECK-failures in unotify monitor

2023-08-30 02:56:16 -07:00

monitor_unotify.h

Reduce CHECK-failures in unotify monitor

2023-08-30 02:56:16 -07:00

mount_tree.proto

Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto

2022-03-14 05:15:15 -07:00

mounts_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

mounts.cc

Minor cleanups, no functional change.

2023-12-27 13:39:58 -08:00

mounts.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

namespace_test.cc

namespace_test: use lstat instead of stat, don't descent into procfs & sysfs

2023-09-14 02:09:12 -07:00

namespace.cc

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

namespace.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

network_proxy_test.cc

NetworkProxyTest: test more error conditions

2023-09-05 02:17:25 -07:00

notify_test.cc

Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder

2024-02-02 13:01:37 -08:00

notify.h

Remove unneeded include

2023-12-29 01:30:29 -08:00

policy_test.cc

Ensure that TCMalloc can execute NumCPUs.

2023-09-15 08:21:13 -07:00

policy.cc

Return ENOSYS instead of hard denying clone3

2024-02-01 04:39:02 -08:00

policy.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

policybuilder_test.cc

PolicyBuilder: test error conditions for AddPolicyOnSyscalls

2023-09-05 07:13:56 -07:00

policybuilder.cc

Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder

2024-02-02 13:01:37 -08:00

policybuilder.h

Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder

2024-02-02 13:01:37 -08:00

README.md

Update references to the new documentation

2021-12-14 09:03:29 -08:00

regs_test.cc

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

regs.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

regs.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

result.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

result.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

sandbox2_test.cc

Add a test for custom forkserver

2023-12-12 06:53:33 -08:00

sandbox2.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

sandbox2.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

sanitizer_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

sanitizer.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

sanitizer.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

stack_trace_test.cc

Do 1 level of recursion on libunwind crashes

2023-09-19 06:50:05 -07:00

stack_trace.cc

Introduce and prefer AllowMmapWithoutExec

2023-12-27 02:51:13 -08:00

stack_trace.h

Do 1 level of recursion on libunwind crashes

2023-09-19 06:50:05 -07:00

syscall_defs.cc

Adding missing syscalls to the syscall tables.

2024-01-19 16:46:15 -08:00

syscall_defs.h

Use absl::string_view consistently

2024-01-21 23:42:32 -08:00

syscall_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

syscall.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

syscall.h

Export config.h from syscall.h for sapi::cpu::Architecture

2023-09-29 02:32:49 -07:00

testing.h

Add IWYU pragma

2023-08-23 07:14:21 -07:00

trace_all_syscalls.h

Add DefaultAction(TraceAllSyscalls) variant to PolicyBuilder

2024-02-02 13:01:37 -08:00

util_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

util.cc

Remove deprecated VecStringToCharPtrArr

2023-09-07 03:09:30 -07:00

util.h

Remove deprecated VecStringToCharPtrArr

2023-09-07 03:09:30 -07:00

violation.proto

Add field to track policy source location

2023-02-24 07:55:23 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.