sandboxed-api/sandboxed_api/sandbox2
Sandboxed API Team 41003aae83 Automated rollback of commit 1e26cd50dc.
PiperOrigin-RevId: 559102360
Change-Id: I5dd175d5f0b9ece602f5c26454ad1f1e2e3a60fc
2023-08-22 07:12:09 -07:00
..
examples
network_proxy Mostly internal change: Optimize OSS transforms 2023-06-07 02:23:18 -07:00
testcases
unwind
util
allow_all_syscalls.h
allow_unrestricted_networking.h
bpfdisassembler_test.cc
bpfdisassembler.cc
bpfdisassembler.h
buffer_test.cc
buffer.cc Remove Tag constructor, add standard comment for absl::WrapUnique(new T) 2022-10-25 06:20:51 -07:00
buffer.h
BUILD.bazel
client.cc Client::PrepareEnvironment simplify by supporting just a single preserved fd 2023-08-18 06:52:45 -07:00
client.h Client::PrepareEnvironment simplify by supporting just a single preserved fd 2023-08-18 06:52:45 -07:00
CMakeLists.txt
comms_test.cc
comms_test.proto
comms.cc
comms.h
executor.cc
executor.h Copy environ in sandbox2_test to get better coverage data 2023-03-22 05:47:00 -07:00
fork_client.cc
fork_client.h
forkingclient.cc
forkingclient.h
forkserver_bin.cc
forkserver_test.cc
forkserver.cc
forkserver.h
forkserver.proto
global_forkclient_lib_ctor.cc Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
global_forkclient.cc forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
global_forkclient.h
ipc_test.cc
ipc.cc
ipc.h
limits_test.cc
limits.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
logserver.cc
logserver.h
logserver.proto
logsink.cc
logsink.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
monitor_base.cc Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
monitor_base.h
monitor_ptrace.cc
monitor_ptrace.h
monitor_unotify.cc
monitor_unotify.h monitor_unotify: Use eventfd instead of pipe for notifications 2023-08-16 07:29:11 -07:00
mount_tree.proto
mounts_test.cc
mounts.cc
mounts.h Mark Mounts::RecursivelyListMounts() const 2023-08-03 07:40:16 -07:00
namespace_test.cc
namespace.cc
namespace.h
notify_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
notify.h
policy_test.cc
policy.cc
policy.h Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
policybuilder_test.cc Fix bypass for enabling ptrace/bpf 2023-08-11 01:34:27 -07:00
policybuilder.cc
policybuilder.h
README.md Update references to the new documentation 2021-12-14 09:03:29 -08:00
regs_test.cc
regs.cc
regs.h
result.cc
result.h
sandbox2_test.cc
sandbox2.cc
sandbox2.h
sanitizer_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
sanitizer.cc
sanitizer.h
stack_trace_test.cc
stack_trace.cc
stack_trace.h
syscall_defs.cc
syscall_defs.h
syscall_test.cc
syscall.cc
syscall.h
testing.h
util_test.cc
util.cc
util.h Dump coverage prior to execveat 2023-03-28 05:50:43 -07:00
violation.proto

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.