StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Kevin Hamacher 4b018757c3 Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API 
PiperOrigin-RevId: 395061068
Change-Id: I31548eb6fc9f27f55acf25bd6d3d0b941a529e63
2021-09-06 03:15:39 -07:00
..
examples
Introduce sapi::OsErrorMessage() for error handling
2021-07-27 04:10:04 -07:00
network_proxy
Introduce sapi::OsErrorMessage() for error handling
2021-07-27 04:10:04 -07:00
testcases
Fix Symbolize* tests.
2021-08-12 08:03:52 -07:00
unwind
'Map' symbols: add pgoff to disambiguate multiple mappings on same object.
2021-08-18 07:14:31 -07:00
util
Introduce sapi::OsErrorMessage() for error handling
2021-07-27 04:10:04 -07:00
bpfdisassembler.cc
Use absl::Span in BPF disassembler
2021-04-21 05:33:12 -07:00
bpfdisassembler.h
Use absl::Span in BPF disassembler
2021-04-21 05:33:12 -07:00
buffer_test.cc
Deprecate IPC::comms()
2021-02-19 04:43:14 -08:00
buffer.cc
Introduce sapi::OsErrorMessage() for error handling
2021-07-27 04:10:04 -07:00
buffer.h
Change int64 to size_t in Buffer
2020-10-01 06:45:38 -07:00
BUILD.bazel
Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API
2021-09-06 03:15:39 -07:00
client.cc
Log more info for seccomp setup failure
2021-04-15 05:09:38 -07:00
client.h
Replace std::unique_ptr<uint8_t[]> with vector
2020-11-05 02:03:46 -08:00
CMakeLists.txt
Rework GetListOfFDs API
2021-09-06 01:01:19 -07:00
comms_test.cc
Change int64 to size_t in Buffer
2020-10-01 06:45:38 -07:00
comms_test.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
comms.cc
Reorder error logging before Terminate()
2021-07-29 07:12:02 -07:00
comms.h
Add workaround for active Tomoyo LSM
2021-05-10 07:04:04 -07:00
executor.cc
Use FDCloser in Executor extensively
2021-08-05 04:16:11 -07:00
executor.h
Use FDCloser in Executor extensively
2021-08-05 04:16:11 -07:00
fork_client.cc
Minor ForkClient improvements
2020-10-05 05:10:16 -07:00
fork_client.h
Start global fork-server on demand
2020-11-05 08:48:03 -08:00
forkingclient.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
forkingclient.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
forkserver_bin.cc
Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API
2021-09-06 03:15:39 -07:00
forkserver_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
forkserver.cc
Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API
2021-09-06 03:15:39 -07:00
forkserver.h
Another round of file descriptor handling fixes
2021-07-14 01:33:34 -07:00
forkserver.proto
Internal change
2020-01-31 05:39:25 -08:00
global_forkclient_lib_ctor.cc
Do not fail if forkserver is disabled by env when lib_ctor is used
2020-12-10 02:49:54 -08:00
global_forkclient.cc
Do not fail-hard in global forkserver startup
2021-08-10 00:33:29 -07:00
global_forkclient.h
Add IsStarted() method to GlobalForkClient.
2021-01-11 09:34:13 -08:00
ipc_test.cc
Internal change
2021-01-22 06:01:34 -08:00
ipc.cc
Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
2020-02-20 07:45:44 -08:00
ipc.h
Deprecate IPC::comms()
2021-02-19 04:43:14 -08:00
limits_test.cc
Internal change
2021-01-22 06:01:34 -08:00
limits.h
Internal change.
2021-07-29 05:52:19 -07:00
logserver.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logserver.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logserver.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logsink.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logsink.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
monitor.cc
Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API
2021-09-06 03:15:39 -07:00
monitor.h
Internal change
2021-05-20 08:17:10 -07:00
mounts_test.cc
Internal change.
2021-09-01 01:28:19 -07:00
mounts.cc
Minor cleanup/formatting changes
2021-05-17 04:07:08 -07:00
mounts.h
Add workaround for active Tomoyo LSM
2021-05-10 07:04:04 -07:00
mounttree.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
namespace_test.cc
Internal change
2021-01-22 06:01:34 -08:00
namespace.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
namespace.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
notify_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
notify.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
policy_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
policy.cc
Take a vector in Policy::AllowUnsafeKeepCapabilities()
2021-07-12 05:43:21 -07:00
policy.h
Allow collecting stacktraces on normal process exit
2021-08-16 03:13:15 -07:00
policybuilder_test.cc
Avoid sanitizer macros use Abseil's where necessary
2021-02-01 07:11:15 -08:00
policybuilder.cc
Internal change.
2021-09-01 01:28:19 -07:00
policybuilder.h
Internal change.
2021-09-01 01:28:19 -07:00
README.md
Corrects typo in link
2019-10-07 02:36:35 -07:00
regs.cc
Introduce sapi::OsErrorMessage() for error handling
2021-07-27 04:10:04 -07:00
regs.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
result.cc
Avoid sanitizer macros use Abseil's where necessary
2021-02-01 07:11:15 -08:00
result.h
Adds IsRetryable() method to Result class, currently just returns false.
2021-02-11 09:34:23 -08:00
sandbox2_test.cc
Allow collecting stacktraces on normal process exit
2021-08-16 03:13:15 -07:00
sandbox2.cc
Internal BUILD refactoring
2020-09-03 07:40:33 -07:00
sandbox2.h
Internal change.
2021-07-29 05:52:19 -07:00
sanitizer_test.cc
Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API
2021-09-06 03:15:39 -07:00
sanitizer.cc
Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API
2021-09-06 03:15:39 -07:00
sanitizer.h
Use absl::flat_hash_set + Status in favor of std::set in the sanitizer API
2021-09-06 03:15:39 -07:00
stack_trace_test.cc
Fix order-dependent test.
2021-03-18 05:56:40 -07:00
stack_trace.cc
Take a vector in Policy::AllowUnsafeKeepCapabilities()
2021-07-12 05:43:21 -07:00
stack_trace.h
Automated rollback of commit 4a38f59728f7f8849a42422faa9846c865918ac1.
2021-06-28 02:03:06 -07:00
syscall_defs.cc
Add new x86-64 syscalls
2021-06-04 01:01:34 -07:00
syscall_defs.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
syscall_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
syscall.cc
Add more compiler variants to GitHub Actions
2021-04-07 15:23:23 +02:00
syscall.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
testing.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
util_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
util.cc
Introduce sapi::OsErrorMessage() for error handling
2021-07-27 04:10:04 -07:00
util.h
Add optional VLOG(1) for additional process info on Syscall Violation.
2021-04-16 12:43:08 -07:00
violation.proto
Add support for ARM32 (hard float target)
2020-12-16 09:18:25 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.