mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Sandboxed API Team 41003aae83 Automated rollback of commit `1e26cd50dc`. PiperOrigin-RevId: 559102360 Change-Id: I5dd175d5f0b9ece602f5c26454ad1f1e2e3a60fc		2023-08-22 07:12:09 -07:00
..
examples
network_proxy	Mostly internal change: Optimize OSS transforms	2023-06-07 02:23:18 -07:00
testcases
unwind
util
allow_all_syscalls.h
allow_unrestricted_networking.h
bpfdisassembler_test.cc
bpfdisassembler.cc
bpfdisassembler.h
buffer_test.cc
buffer.cc	Remove `Tag` constructor, add standard comment for `absl::WrapUnique(new T)`	2022-10-25 06:20:51 -07:00
buffer.h
BUILD.bazel
client.cc	Client::PrepareEnvironment simplify by supporting just a single preserved fd	2023-08-18 06:52:45 -07:00
client.h	Client::PrepareEnvironment simplify by supporting just a single preserved fd	2023-08-18 06:52:45 -07:00
CMakeLists.txt
comms_test.cc
comms_test.proto
comms.cc
comms.h
executor.cc
executor.h	Copy environ in sandbox2_test to get better coverage data	2023-03-22 05:47:00 -07:00
fork_client.cc
fork_client.h
forkingclient.cc
forkingclient.h
forkserver_bin.cc
forkserver_test.cc
forkserver.cc
forkserver.h
forkserver.proto
global_forkclient_lib_ctor.cc	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
global_forkclient.cc	forkserver: Remove waitpid flag	2023-08-16 01:33:12 -07:00
global_forkclient.h
ipc_test.cc
ipc.cc
ipc.h
limits_test.cc
limits.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
logserver.cc
logserver.h
logserver.proto
logsink.cc
logsink.h	Use Abseil's log/flags instead of glog/gflags	2022-10-20 06:48:51 -07:00
monitor_base.cc	Make Policy a simple copyable type	2023-08-09 06:44:22 -07:00
monitor_base.h
monitor_ptrace.cc
monitor_ptrace.h
monitor_unotify.cc
monitor_unotify.h	monitor_unotify: Use eventfd instead of pipe for notifications	2023-08-16 07:29:11 -07:00
mount_tree.proto
mounts_test.cc
mounts.cc
mounts.h	Mark `Mounts::RecursivelyListMounts()` const	2023-08-03 07:40:16 -07:00
namespace_test.cc
namespace.cc
namespace.h
notify_test.cc	Run more tests with coverage and sanitizers contd	2023-03-03 06:51:06 -08:00
notify.h
policy_test.cc
policy.cc
policy.h	Make Policy a simple copyable type	2023-08-09 06:44:22 -07:00
policybuilder_test.cc	Fix bypass for enabling `ptrace`/`bpf`	2023-08-11 01:34:27 -07:00
policybuilder.cc
policybuilder.h
README.md	Update references to the new documentation	2021-12-14 09:03:29 -08:00
regs_test.cc
regs.cc
regs.h
result.cc
result.h
sandbox2_test.cc
sandbox2.cc
sandbox2.h
sanitizer_test.cc	Run more tests with coverage and sanitizers contd	2023-03-03 06:51:06 -08:00
sanitizer.cc
sanitizer.h
stack_trace_test.cc
stack_trace.cc
stack_trace.h
syscall_defs.cc
syscall_defs.h
syscall_test.cc
syscall.cc
syscall.h
testing.h
util_test.cc
util.cc
util.h	Dump coverage prior to execveat	2023-03-28 05:50:43 -07:00
violation.proto

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.