mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Wiktor Garbacz 36e4b80f9a Introduce and prefer AllowMmapWithoutExec

PiperOrigin-RevId: 593968486
Change-Id: I4f7d4d8a6f593d94c0a7e7672826074c4cefc230

2023-12-27 02:51:13 -08:00

examples

Introduce and prefer AllowMmapWithoutExec

2023-12-27 02:51:13 -08:00

network_proxy

Use empty instead of length

2023-09-18 00:46:50 -07:00

testcases

Add a test for custom forkserver

2023-12-12 06:53:33 -08:00

unwind

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

util

Internal change

2023-11-10 07:27:10 -08:00

allow_all_syscalls.h

Fix typo

2023-05-04 00:46:53 -07:00

allow_unrestricted_networking.h

Sandbox2: Remove commented out include

2023-06-23 00:46:59 -07:00

bpfdisassembler_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

bpfdisassembler.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

bpfdisassembler.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

buffer_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

buffer.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

buffer.h

Remove Tag constructor, add standard comment for absl::WrapUnique(new T)

2022-10-25 06:20:51 -07:00

BUILD.bazel

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

client.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

client.h

IWYU fixes

2023-08-23 09:04:00 -07:00

CMakeLists.txt

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

comms_test.cc

Remove deprecated comms functions

2023-09-26 05:45:27 -07:00

comms_test.proto

Migration of remaining protobufs from proto2 to proto3

2022-03-16 00:43:46 -07:00

comms.cc

Remove deprecated comms functions

2023-09-26 05:45:27 -07:00

comms.h

Remove deprecated comms functions

2023-09-26 05:45:27 -07:00

executor.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

executor.h

Do 1 level of recursion on libunwind crashes

2023-09-19 06:50:05 -07:00

fork_client.cc

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

fork_client.h

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

forkingclient.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

forkingclient.h

Change license link to HTTPS URL

2022-01-28 01:39:09 -08:00

forkserver_bin.cc

Gather more coverage data

2023-09-07 02:43:04 -07:00

forkserver_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

forkserver.cc

don't drop CAP_SYS_PTRACE as it is apparently needed by sandbox

2023-11-02 00:42:33 -07:00

forkserver.h

Always override forkservers comms_fd in sandboxee

2023-08-30 02:20:56 -07:00

forkserver.proto

Treat libunwind sandbox as a ~regular sandboxee

2023-08-17 13:32:44 -07:00

global_forkclient_lib_ctor.cc

Change license link to HTTPS URL

2022-01-28 01:39:09 -08:00

global_forkclient.cc

SAPI_RAW_CHECK expects NUL-terminated strings

2023-11-29 01:03:45 -08:00

global_forkclient.h

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

ipc_test.cc

Run more tests with sanitizers and coverage

2023-09-05 07:14:49 -07:00

ipc.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

ipc.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

limits_test.cc

Skip sanitizers for limits_test

2023-09-15 04:57:24 -07:00

limits.h

Change license link to HTTPS URL

2022-01-28 01:39:09 -08:00

logserver.cc

Use Abseil's log/flags instead of glog/gflags

2022-10-20 06:48:51 -07:00

logserver.h

Use Abseil's log/flags instead of glog/gflags

2022-10-20 06:48:51 -07:00

logserver.proto

Migration of remaining protobufs from proto2 to proto3

2022-03-16 00:43:46 -07:00

logsink.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

logsink.h

Use Abseil's log/flags instead of glog/gflags

2022-10-20 06:48:51 -07:00

monitor_base.cc

Add special handling for global forkserver

2023-12-13 03:34:22 -08:00

monitor_base.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

monitor_ptrace.cc

PtraceMonitor: Add a hard deadline for waiting for kill to take effect

2023-09-06 04:38:51 -07:00

monitor_ptrace.h

PtraceMonitor: Add a hard deadline for waiting for kill to take effect

2023-09-06 04:38:51 -07:00

monitor_unotify.cc

Reduce CHECK-failures in unotify monitor

2023-08-30 02:56:16 -07:00

monitor_unotify.h

Reduce CHECK-failures in unotify monitor

2023-08-30 02:56:16 -07:00

mount_tree.proto

Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto

2022-03-14 05:15:15 -07:00

mounts_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

mounts.cc

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

mounts.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

namespace_test.cc

namespace_test: use lstat instead of stat, don't descent into procfs & sysfs

2023-09-14 02:09:12 -07:00

namespace.cc

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

namespace.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

network_proxy_test.cc

NetworkProxyTest: test more error conditions

2023-09-05 02:17:25 -07:00

notify_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

notify.h

Use Abseil's log/flags instead of glog/gflags

2022-10-20 06:48:51 -07:00

policy_test.cc

Ensure that TCMalloc can execute NumCPUs.

2023-09-15 08:21:13 -07:00

policy.cc

Disallow clone3, unsafe clone and unshare flags

2023-09-12 06:30:45 -07:00

policy.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

policybuilder_test.cc

PolicyBuilder: test error conditions for AddPolicyOnSyscalls

2023-09-05 07:13:56 -07:00

policybuilder.cc

Introduce and prefer AllowMmapWithoutExec

2023-12-27 02:51:13 -08:00

policybuilder.h

Introduce and prefer AllowMmapWithoutExec

2023-12-27 02:51:13 -08:00

README.md

Update references to the new documentation

2021-12-14 09:03:29 -08:00

regs_test.cc

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

regs.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

regs.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

result.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

result.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

sandbox2_test.cc

Add a test for custom forkserver

2023-12-12 06:53:33 -08:00

sandbox2.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

sandbox2.h

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

sanitizer_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

sanitizer.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

sanitizer.h

Final round of IWYU fixes for Sandbox2

2023-08-25 06:50:29 -07:00

stack_trace_test.cc

Do 1 level of recursion on libunwind crashes

2023-09-19 06:50:05 -07:00

stack_trace.cc

Introduce and prefer AllowMmapWithoutExec

2023-12-27 02:51:13 -08:00

stack_trace.h

Do 1 level of recursion on libunwind crashes

2023-09-19 06:50:05 -07:00

syscall_defs.cc

Add clone3 to syscall defs

2023-12-07 00:46:35 -08:00

syscall_defs.h

Make code not have a -Warray-parameter warning.

2022-08-15 22:55:51 -07:00

syscall_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

syscall.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

syscall.h

Export config.h from syscall.h for sapi::cpu::Architecture

2023-09-29 02:32:49 -07:00

testing.h

Add IWYU pragma

2023-08-23 07:14:21 -07:00

util_test.cc

Bulk IWYU and build_cleaner fixes

2023-08-24 06:23:36 -07:00

util.cc

Remove deprecated VecStringToCharPtrArr

2023-09-07 03:09:30 -07:00

util.h

Remove deprecated VecStringToCharPtrArr

2023-09-07 03:09:30 -07:00

violation.proto

Add field to track policy source location

2023-02-24 07:55:23 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.