sandboxed-api/sandboxed_api/sandbox2
Kevin Hamacher 8c53262539 Allow forkserver to use waitpid as alternative to sa_nochldwait
PiperOrigin-RevId: 529074278
Change-Id: If63015586673610e111ee589995e5264523be7a7
2023-05-03 06:41:07 -07:00
..
examples Internal Code Change 2023-03-27 08:14:10 -07:00
network_proxy Use SyscallTrap in NetworkProxy 2022-11-30 05:47:44 -08:00
testcases Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
unwind Remove unused UnwindResult.ip, reuse RunLibUnwindAndSymbolizer 2023-03-02 02:40:15 -08:00
util Add explicit casts to avoid build failures 2023-03-07 05:02:45 -08:00
allow_all_syscalls.h Change the default action instead of appending ALLOW 2023-03-01 05:36:24 -08:00
bpfdisassembler_test.cc Add test for bpf disassembler 2023-03-07 05:04:09 -08:00
bpfdisassembler.cc Add test for bpf disassembler 2023-03-07 05:04:09 -08:00
bpfdisassembler.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
buffer_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
buffer.cc Remove Tag constructor, add standard comment for absl::WrapUnique(new T) 2022-10-25 06:20:51 -07:00
buffer.h Remove Tag constructor, add standard comment for absl::WrapUnique(new T) 2022-10-25 06:20:51 -07:00
BUILD.bazel Allow forkserver to use waitpid as alternative to sa_nochldwait 2023-05-03 06:41:07 -07:00
client.cc Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
client.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
CMakeLists.txt Allow forkserver to use waitpid as alternative to sa_nochldwait 2023-05-03 06:41:07 -07:00
comms_test.cc Comms constructor for non abstract sockets 2023-03-23 07:34:32 -07:00
comms_test.proto Migration of remaining protobufs from proto2 to proto3 2022-03-16 00:43:46 -07:00
comms.cc Comms constructor for non abstract sockets 2023-03-23 07:34:32 -07:00
comms.h Comms constructor for non abstract sockets 2023-03-23 07:34:32 -07:00
executor.cc Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
executor.h Copy environ in sandbox2_test to get better coverage data 2023-03-22 05:47:00 -07:00
fork_client.cc Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
fork_client.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
forkingclient.cc Do not exit from within ForkServer to get more precise coverage data 2023-03-29 02:22:16 -07:00
forkingclient.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
forkserver_bin.cc Allow forkserver to use waitpid as alternative to sa_nochldwait 2023-05-03 06:41:07 -07:00
forkserver_test.cc Allow forkserver to use waitpid as alternative to sa_nochldwait 2023-05-03 06:41:07 -07:00
forkserver.cc Allow forkserver to use waitpid as alternative to sa_nochldwait 2023-05-03 06:41:07 -07:00
forkserver.h Do not exit from within ForkServer to get more precise coverage data 2023-03-29 02:22:16 -07:00
forkserver.proto Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
global_forkclient_lib_ctor.cc Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
global_forkclient.cc Allow forkserver to use waitpid as alternative to sa_nochldwait 2023-05-03 06:41:07 -07:00
global_forkclient.h Extract SandboxeeProcess and move it down the call chain 2023-02-07 02:22:45 -08:00
ipc_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
ipc.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
ipc.h Split PtraceMonitor out of Monitor 2023-01-23 01:42:28 -08:00
limits_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
limits.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
logserver.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logserver.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logserver.proto Migration of remaining protobufs from proto2 to proto3 2022-03-16 00:43:46 -07:00
logsink.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logsink.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
monitor_base.cc Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
monitor_base.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
monitor_ptrace.cc Decouple sandboxed stack tracing 2023-02-16 06:07:15 -08:00
monitor_ptrace.h Decouple sandboxed stack tracing 2023-02-16 06:07:15 -08:00
monitor_unotify.cc Fix the poll in wait_for_sandboxee branch 2023-03-14 09:19:30 -07:00
monitor_unotify.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
mount_tree.proto Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto 2022-03-14 05:15:15 -07:00
mounts_test.cc Use namespaced policy in most tests 2023-02-16 07:12:46 -08:00
mounts.cc Make SAPI_RAW_LOG(FATAL, ...) noreturn 2023-03-20 05:43:28 -07:00
mounts.h stack_trace: pass fd to sandboxee's memory instead of using process_vm_readv 2023-01-19 05:44:50 -08:00
namespace_test.cc Migrate namespaces related tests out of policybuilder_test 2023-03-06 07:08:49 -08:00
namespace.cc Remove no longer needed friend declaration 2023-03-22 06:27:21 -07:00
namespace.h Remove no longer needed friend declaration 2023-03-22 06:27:21 -07:00
notify_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
notify.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
policy_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
policy.cc Add missing LOAD_SYSCALL_NR 2023-03-15 03:29:56 -07:00
policy.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
policybuilder_test.cc Migrate namespaces related tests out of policybuilder_test 2023-03-06 07:08:49 -08:00
policybuilder.cc Add a helper method to allow the eventfd* family of syscalls. 2023-03-22 07:46:56 -07:00
policybuilder.h Add a helper method to allow the eventfd* family of syscalls. 2023-03-22 07:46:56 -07:00
README.md Update references to the new documentation 2021-12-14 09:03:29 -08:00
regs_test.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
regs.cc Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus 2022-04-21 06:15:38 -07:00
regs.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
result.cc Full syscall info in Result::ToString 2023-01-12 03:57:44 -08:00
result.h #Cleanup: Consistently use std::make_unique 2022-10-12 05:23:42 -07:00
sandbox2_test.cc Copy environ in sandbox2_test to get better coverage data 2023-03-22 05:47:00 -07:00
sandbox2.cc Partial support for sandbox2::Notify in UnotifyMonitor 2023-03-10 00:59:37 -08:00
sandbox2.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
sanitizer_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
sanitizer.cc Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus 2022-04-21 06:15:38 -07:00
sanitizer.h Delete deprecated ::sandbox2::Sandbox2::WaitForTsan and its remaining call sites. 2022-02-03 11:23:56 -08:00
stack_trace_test.cc Fix stack_trace_test for ARM64 2023-03-06 07:07:55 -08:00
stack_trace.cc Remove superfluous set_rlimit_as(RLIM64_INFINITY) 2023-03-03 01:14:31 -08:00
stack_trace.h Decouple sandboxed stack tracing 2023-02-16 06:07:15 -08:00
syscall_defs.cc More precise sycall_defs 2022-12-22 05:00:48 -08:00
syscall_defs.h Make code not have a -Warray-parameter warning. 2022-08-15 22:55:51 -07:00
syscall_test.cc Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
syscall.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
syscall.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
testing.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
util_test.cc Add tests for util.cc 2023-03-14 00:04:14 -07:00
util.cc Dump coverage prior to execveat 2023-03-28 05:50:43 -07:00
util.h Dump coverage prior to execveat 2023-03-28 05:50:43 -07:00
violation.proto Add field to track policy source location 2023-02-24 07:55:23 -08:00

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.