sandboxed-api/sandboxed_api/sandbox2
Wiktor Garbacz 85059ef40d Add DisableNamespaces to PolicyBuilder
Currently mostly no-op, but this is the first step to turn namespaces on
by default.

PiperOrigin-RevId: 249439158
Change-Id: I5eeb1216dc868c660f62ad50c34f626afbf7db61
2019-05-22 06:54:12 -07:00
..
docs Internal change 2019-04-23 10:42:14 -07:00
examples Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44 2019-05-09 07:57:55 -07:00
testcases Add a resource starvation test 2019-05-15 08:04:58 -07:00
unwind Disable compiler warnings for consistency with internal settings. 2019-05-09 05:21:34 -07:00
util Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44 2019-05-09 07:57:55 -07:00
bpfdisassembler.cc Add support for new SECCOMP_RET_* in disassembler 2019-04-09 14:38:05 +02:00
bpfdisassembler.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
buffer_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
buffer.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
buffer.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
BUILD.bazel Add a resource starvation test 2019-05-15 08:04:58 -07:00
client.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
client.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
CMakeLists.txt Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44 2019-05-09 07:57:55 -07:00
comms_test.cc Internal change 2019-04-23 10:42:14 -07:00
comms_test.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
comms.cc Remove stale comment 2019-05-17 07:21:31 -07:00
comms.h Make StatusMatcher more flexible 2019-04-23 10:30:45 -07:00
executor.cc Improve internal<->external code transforms 2019-03-19 05:51:53 -07:00
executor.h Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
forkingclient.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkingclient.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkserver_bin.cc Move forkserver into a dedicated binary 2019-04-09 14:37:41 +02:00
forkserver_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkserver.cc Move forkserver into a dedicated binary 2019-04-09 14:37:41 +02:00
forkserver.h Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
forkserver.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
global_forkclient.cc Move forkserver into a dedicated binary 2019-04-09 14:37:41 +02:00
global_forkclient.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
ipc_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
ipc.cc Formatting fixes. 2019-03-19 03:41:32 -07:00
ipc.h Formatting fixes. 2019-03-19 03:41:32 -07:00
limits_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
limits.h Formatting fixes. 2019-03-19 03:41:32 -07:00
logserver.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logserver.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logserver.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logsink.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logsink.h Internal change 2019-04-26 06:18:59 -07:00
monitor.cc Do not emit an error on ESRCH in PTRACE_CONT 2019-05-21 07:30:56 -07:00
monitor.h Remove dead code 2019-05-17 02:02:03 -07:00
mounts_test.cc Print final FS mounts in sandboxee's chroot 2019-05-07 18:30:13 -07:00
mounts.cc Log the progress of dynamic libraries being resolved while creating a sandboxee's virtual FS chroot. This provides valuable insight while debugging problems with dynamically linked sandoxed binaries. 2019-05-10 09:41:07 -07:00
mounts.h Print final FS mounts in sandboxee's chroot 2019-05-07 18:30:13 -07:00
mounttree.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
namespace_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
namespace.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
namespace.h Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
network_proxy_client.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
network_proxy_client.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
network_proxy_server.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
network_proxy_server.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
notify_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
notify.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
policy_test.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
policy.cc Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44 2019-05-09 07:57:55 -07:00
policy.h Rename deathrattle_fatalmsg proto 2019-03-20 05:19:55 -07:00
policybuilder_test.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
policybuilder.cc Add DisableNamespaces to PolicyBuilder 2019-05-22 06:54:12 -07:00
policybuilder.h Add DisableNamespaces to PolicyBuilder 2019-05-22 06:54:12 -07:00
README.md Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
regs.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
regs.h Rename deathrattle_fatalmsg proto 2019-03-20 05:19:55 -07:00
result.cc Reintroduce monitor changes. 2019-05-15 07:46:49 -07:00
result.h Reintroduce monitor changes. 2019-05-15 07:46:49 -07:00
sandbox2_test.cc Add a resource starvation test 2019-05-15 08:04:58 -07:00
sandbox2.cc Replace custom synchronization with absl::Notification 2019-05-15 08:09:56 -07:00
sandbox2.h Reintroduce monitor changes. 2019-05-15 07:46:49 -07:00
sanitizer_test.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
sanitizer.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
sanitizer.h Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
stack-trace_test.cc Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44 2019-05-09 07:57:55 -07:00
stack-trace.cc Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44 2019-05-09 07:57:55 -07:00
stack-trace.h Use Abseil's flag library released in aa468ad75539619b47979911297efbb629c52e44 2019-05-09 07:57:55 -07:00
syscall_defs.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
syscall_defs.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
testing.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
testing.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
util_test.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
util.cc Extract GetRlimitName into util 2019-05-17 01:55:35 -07:00
util.h Extract GetRlimitName into util 2019-05-17 01:55:35 -07:00
violation.proto Disable "mini" debug format support in libunwind to avoid additional library dependency 2019-03-20 08:03:08 -07:00

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Who is it for?

Sandbox2 is aimed to sandbox C/C++ code or whole binaries in production.

See the sandboxing options overview page to make sure this is the type of sandboxing you are looking for.

How does it work?

Read our How it works page to learn everything about this technology.