StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Christian Blichmann 719cd24933 Fix sandbox2 tests when run with CTest 
This test runs, but fails due to a different problem:
  StackTraceTest.ForkEnterNsLibunwindDoesNotLeakFDs

PiperOrigin-RevId: 251218516
Change-Id: If06cdbcb71fad84ebd9d934ff173d7ef1a1eebc0
2019-06-03 06:27:59 -07:00
..
docs
Internal change
2019-04-23 10:42:14 -07:00
examples
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
testcases
Add a resource starvation test
2019-05-15 08:04:58 -07:00
unwind
Disable compiler warnings for consistency with internal settings.
2019-05-09 05:21:34 -07:00
util
Fix sandbox2 tests when run with CTest
2019-06-03 06:27:59 -07:00
bpfdisassembler.cc
Add support for new SECCOMP_RET_* in disassembler
2019-04-09 14:38:05 +02:00
bpfdisassembler.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
buffer_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
buffer.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
buffer.h
Clarify behavior of Buffer::CreateFromFd
2019-05-30 23:50:54 -07:00
BUILD.bazel
Fix unnecessary unique_ptr in LogServer.
2019-05-26 08:47:38 -07:00
client.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
client.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
CMakeLists.txt
Fix sandbox2 tests when run with CTest
2019-06-03 06:27:59 -07:00
comms_test.cc
Internal change
2019-04-23 10:42:14 -07:00
comms_test.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
comms.cc
Remove stale comment
2019-05-17 07:21:31 -07:00
comms.h
Make StatusMatcher more flexible
2019-04-23 10:30:45 -07:00
executor.cc
Improve internal<->external code transforms
2019-03-19 05:51:53 -07:00
executor.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
forkingclient.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkingclient.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkserver_bin.cc
Move forkserver into a dedicated binary
2019-04-09 14:37:41 +02:00
forkserver_test.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
forkserver.cc
Move forkserver into a dedicated binary
2019-04-09 14:37:41 +02:00
forkserver.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
forkserver.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
global_forkclient.cc
Move forkserver into a dedicated binary
2019-04-09 14:37:41 +02:00
global_forkclient.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
ipc_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
ipc.cc
Formatting fixes.
2019-03-19 03:41:32 -07:00
ipc.h
Formatting fixes.
2019-03-19 03:41:32 -07:00
limits_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
limits.h
Formatting fixes.
2019-03-19 03:41:32 -07:00
logserver.cc
Fix unnecessary unique_ptr in LogServer.
2019-05-26 08:47:38 -07:00
logserver.h
Fix unnecessary unique_ptr in LogServer.
2019-05-26 08:47:38 -07:00
logserver.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
logsink.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
logsink.h
Internal change
2019-04-26 06:18:59 -07:00
monitor.cc
Do not emit an error on ESRCH in PTRACE_CONT
2019-05-21 07:30:56 -07:00
monitor.h
Remove dead code
2019-05-17 02:02:03 -07:00
mounts_test.cc
Print final FS mounts in sandboxee's chroot
2019-05-07 18:30:13 -07:00
mounts.cc
Log the progress of dynamic libraries being resolved while creating a sandboxee's virtual FS chroot. This provides valuable insight while debugging problems with dynamically linked sandoxed binaries.
2019-05-10 09:41:07 -07:00
mounts.h
Print final FS mounts in sandboxee's chroot
2019-05-07 18:30:13 -07:00
mounttree.proto
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
namespace_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
namespace.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
namespace.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
network_proxy_client.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
network_proxy_client.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
network_proxy_server.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
network_proxy_server.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
notify_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
notify.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
policy_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
policy.cc
Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44
2019-05-09 07:57:55 -07:00
policy.h
Rename deathrattle_fatalmsg proto
2019-03-20 05:19:55 -07:00
policybuilder_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
policybuilder.cc
Add DisableNamespaces to PolicyBuilder
2019-05-22 06:54:12 -07:00
policybuilder.h
Add DisableNamespaces to PolicyBuilder
2019-05-22 06:54:12 -07:00
README.md
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
regs.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
regs.h
Rename deathrattle_fatalmsg proto
2019-03-20 05:19:55 -07:00
result.cc
Reintroduce monitor changes.
2019-05-15 07:46:49 -07:00
result.h
Reintroduce monitor changes.
2019-05-15 07:46:49 -07:00
sandbox2_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
sandbox2.cc
Replace custom synchronization with absl::Notification
2019-05-15 08:09:56 -07:00
sandbox2.h
Reintroduce monitor changes.
2019-05-15 07:46:49 -07:00
sanitizer_test.cc
Call DisableNamespaces where needed
2019-05-23 07:21:03 -07:00
sanitizer.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
sanitizer.h
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
stack-trace_test.cc
Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44
2019-05-09 07:57:55 -07:00
stack-trace.cc
Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44
2019-05-09 07:57:55 -07:00
stack-trace.h
Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44
2019-05-09 07:57:55 -07:00
syscall_defs.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
syscall_defs.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall_test.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
syscall.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
testing.cc
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
testing.h
Sandboxed API OSS release.
2019-03-18 19:00:48 +01:00
util_test.cc
Formatting fixes and include file hygiene.
2019-03-26 07:54:21 -07:00
util.cc
Extract GetRlimitName into util
2019-05-17 01:55:35 -07:00
util.h
Extract GetRlimitName into util
2019-05-17 01:55:35 -07:00
violation.proto
Disable "mini" debug format support in libunwind to avoid additional library dependency
2019-03-20 08:03:08 -07:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Who is it for?

Sandbox2 is aimed to sandbox C/C++ code or whole binaries in production.

See the sandboxing options overview page to make sure this is the type of sandboxing you are looking for.

How does it work?

Read our How it works page to learn everything about this technology.