sandboxed-api/sandboxed_api/sandbox2
Sandboxed API Team 7d78b89777 Fix typo.
PiperOrigin-RevId: 557598808
Change-Id: I02ac71ca025be9a5e45011b1bbeb07a144b2e632
2023-08-16 14:13:42 -07:00
..
examples Mostly internal change: Optimize OSS transforms 2023-06-07 02:23:18 -07:00
network_proxy Mostly internal change: Optimize OSS transforms 2023-06-07 02:23:18 -07:00
testcases Remove redundant buffer test 2023-07-21 01:53:54 -07:00
unwind Mostly internal change: Optimize OSS transforms 2023-06-07 02:23:18 -07:00
util Mostly internal change: Optimize OSS transforms 2023-06-07 02:23:18 -07:00
allow_all_syscalls.h Fix typo 2023-05-04 00:46:53 -07:00
allow_unrestricted_networking.h Sandbox2: Remove commented out include 2023-06-23 00:46:59 -07:00
bpfdisassembler_test.cc Add test for bpf disassembler 2023-03-07 05:04:09 -08:00
bpfdisassembler.cc Add test for bpf disassembler 2023-03-07 05:04:09 -08:00
bpfdisassembler.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
buffer_test.cc Remove redundant buffer test 2023-07-21 01:53:54 -07:00
buffer.cc Remove Tag constructor, add standard comment for absl::WrapUnique(new T) 2022-10-25 06:20:51 -07:00
buffer.h Remove Tag constructor, add standard comment for absl::WrapUnique(new T) 2022-10-25 06:20:51 -07:00
BUILD.bazel forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
client.cc Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
client.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
CMakeLists.txt forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
comms_test.cc Comms constructor for non abstract sockets 2023-03-23 07:34:32 -07:00
comms_test.proto
comms.cc Comms constructor for non abstract sockets 2023-03-23 07:34:32 -07:00
comms.h Comms constructor for non abstract sockets 2023-03-23 07:34:32 -07:00
executor.cc Rename GetCloneFlags 2023-08-03 05:42:29 -07:00
executor.h Copy environ in sandbox2_test to get better coverage data 2023-03-22 05:47:00 -07:00
fork_client.cc forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
fork_client.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
forkingclient.cc Do not exit from within ForkServer to get more precise coverage data 2023-03-29 02:22:16 -07:00
forkingclient.h
forkserver_bin.cc forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
forkserver_test.cc Automated rollback of commit 8c53262539. 2023-05-03 08:45:11 -07:00
forkserver.cc forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
forkserver.h Do not exit from within ForkServer to get more precise coverage data 2023-03-29 02:22:16 -07:00
forkserver.proto Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
global_forkclient_lib_ctor.cc Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
global_forkclient.cc forkserver: Remove waitpid flag 2023-08-16 01:33:12 -07:00
global_forkclient.h Extract SandboxeeProcess and move it down the call chain 2023-02-07 02:22:45 -08:00
ipc_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
ipc.cc Fix typo. 2023-08-16 14:13:42 -07:00
ipc.h In Sandbox2 IPC class, add a MapDupedFd() function to allow application to retain ownership of the local_fd. 2023-08-16 10:58:55 -07:00
limits_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
limits.h
logserver.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logserver.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logserver.proto Migration of remaining protobufs from proto2 to proto3 2022-03-16 00:43:46 -07:00
logsink.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logsink.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
monitor_base.cc Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
monitor_base.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
monitor_ptrace.cc Automated rollback of commit a946cedc95. 2023-08-11 04:54:59 -07:00
monitor_ptrace.h Automated rollback of commit a946cedc95. 2023-08-11 04:54:59 -07:00
monitor_unotify.cc monitor_unotify: Use eventfd instead of pipe for notifications 2023-08-16 07:29:11 -07:00
monitor_unotify.h monitor_unotify: Use eventfd instead of pipe for notifications 2023-08-16 07:29:11 -07:00
mount_tree.proto
mounts_test.cc Allow replacing a read-only node with writable for same target 2023-07-18 02:45:13 -07:00
mounts.cc Mark Mounts::RecursivelyListMounts() const 2023-08-03 07:40:16 -07:00
mounts.h Mark Mounts::RecursivelyListMounts() const 2023-08-03 07:40:16 -07:00
namespace_test.cc Migrate namespaces related tests out of policybuilder_test 2023-03-06 07:08:49 -08:00
namespace.cc Mark GetNamespaceDescription const 2023-08-07 06:48:11 -07:00
namespace.h Mark GetNamespaceDescription const 2023-08-07 06:48:11 -07:00
notify_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
notify.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
policy_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
policy.cc Add missing LOAD_SYSCALL_NR 2023-03-15 03:29:56 -07:00
policy.h Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
policybuilder_test.cc Fix bypass for enabling ptrace/bpf 2023-08-11 01:34:27 -07:00
policybuilder.cc Fix bypass for enabling ptrace/bpf 2023-08-11 01:34:27 -07:00
policybuilder.h Introduce AddFile(At)IfNamespaced/AddDirectory(At)IfNamespaced 2023-07-17 01:58:46 -07:00
README.md
regs_test.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
regs.cc Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus 2022-04-21 06:15:38 -07:00
regs.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
result.cc sandbox2: Provide sandboxee rusage when using unotify monitor 2023-06-16 04:37:18 -07:00
result.h sandbox2: Provide sandboxee rusage when using unotify monitor 2023-06-16 04:37:18 -07:00
sandbox2_test.cc Copy environ in sandbox2_test to get better coverage data 2023-03-22 05:47:00 -07:00
sandbox2.cc Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
sandbox2.h Move log warning about non-namespaced stacktraces 2023-08-07 09:07:06 -07:00
sanitizer_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
sanitizer.cc Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus 2022-04-21 06:15:38 -07:00
sanitizer.h
stack_trace_test.cc Fix stack_trace_test for ARM64 2023-03-06 07:07:55 -08:00
stack_trace.cc Use return value directly instead of SAPI_ASSIGN_OR_RETURN dance 2023-08-03 05:45:58 -07:00
stack_trace.h Decouple sandboxed stack tracing 2023-02-16 06:07:15 -08:00
syscall_defs.cc More precise sycall_defs 2022-12-22 05:00:48 -08:00
syscall_defs.h Make code not have a -Warray-parameter warning. 2022-08-15 22:55:51 -07:00
syscall_test.cc
syscall.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
syscall.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
testing.h
util_test.cc Add tests for util.cc 2023-03-14 00:04:14 -07:00
util.cc Sandbox2: Remove file sealing for in-memory files. 2023-07-25 05:04:52 -07:00
util.h Dump coverage prior to execveat 2023-03-28 05:50:43 -07:00
violation.proto Add field to track policy source location 2023-02-24 07:55:23 -08:00

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.