StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Christian Blichmann 9229b3fa82 Fix -Wc++11-narrowing error with Clang introduced in 2546d9e 
PiperOrigin-RevId: 421784429
Change-Id: Ia5d09a980db39bc8d88373dc769cb5889417502d
2022-01-14 03:40:01 -08:00
..
examples
Remove redundant glog dependency for sandbox2::sanitizer
2022-01-13 01:15:50 -08:00
network_proxy
Remove redundant glog dependency for sandbox2::sanitizer
2022-01-13 01:15:50 -08:00
testcases
Add CloseAllFDsExcept test.
2021-12-07 02:23:23 -08:00
unwind
Emulate PTRACE_GETREGSET in ptrace wrapper
2022-01-06 07:33:13 -08:00
util
Minielf: Use a template to load integers
2021-11-18 02:16:26 -08:00
bpfdisassembler.cc
Use absl::Span in BPF disassembler
2021-04-21 05:33:12 -07:00
bpfdisassembler.h
Use absl::Span in BPF disassembler
2021-04-21 05:33:12 -07:00
buffer_test.cc
Add more convenience functions to PolicyBuilder
2021-12-08 06:41:21 -08:00
buffer.cc
Introduce sapi::OsErrorMessage() for error handling
2021-07-27 04:10:04 -07:00
buffer.h
Change int64 to size_t in Buffer
2020-10-01 06:45:38 -07:00
BUILD.bazel
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
client.cc
Check and limit seccomp policy length.
2021-11-11 06:10:40 -08:00
client.h
Replace std::unique_ptr<uint8_t[]> with vector
2020-11-05 02:03:46 -08:00
CMakeLists.txt
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
comms_test.cc
Internal change
2021-12-03 05:21:01 -08:00
comms_test.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
comms.cc
Fix typo in log line that displayed decimals with 0x prefix
2022-01-13 06:20:47 -08:00
comms.h
Add workaround for active Tomoyo LSM
2021-05-10 07:04:04 -07:00
executor.cc
Introduce util::CharPtrArray with proper ownership semantics
2021-12-20 05:08:12 -08:00
executor.h
Use FDCloser in Executor extensively
2021-08-05 04:16:11 -07:00
fork_client.cc
Use regular logging in fork client
2021-09-29 00:46:12 -07:00
fork_client.h
Start global fork-server on demand
2020-11-05 08:48:03 -08:00
forkingclient.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
forkingclient.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
forkserver_bin.cc
Automated rollback of commit 2036f5b2f04171d4fe973ba069760963ee7cd557.
2021-09-10 03:34:44 -07:00
forkserver_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
forkserver.cc
Introduce util::CharPtrArray with proper ownership semantics
2021-12-20 05:08:12 -08:00
forkserver.h
Introduce util::CharPtrArray with proper ownership semantics
2021-12-20 05:08:12 -08:00
forkserver.proto
Internal change
2020-01-31 05:39:25 -08:00
global_forkclient_lib_ctor.cc
Do not fail if forkserver is disabled by env when lib_ctor is used
2020-12-10 02:49:54 -08:00
global_forkclient.cc
Log when global forkserver is started and its exit status
2021-09-22 07:16:43 -07:00
global_forkclient.h
Add IsStarted() method to GlobalForkClient.
2021-01-11 09:34:13 -08:00
ipc_test.cc
Internal change
2021-01-22 06:01:34 -08:00
ipc.cc
Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
2020-02-20 07:45:44 -08:00
ipc.h
Deprecate IPC::comms()
2021-02-19 04:43:14 -08:00
limits_test.cc
Internal change
2021-01-22 06:01:34 -08:00
limits.h
Internal change.
2021-07-29 05:52:19 -07:00
logserver.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logserver.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logserver.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logsink.cc
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
logsink.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
monitor.cc
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
monitor.h
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
mounts_test.cc
Internal change.
2021-09-01 01:28:19 -07:00
mounts.cc
Minor cleanup/formatting changes
2021-05-17 04:07:08 -07:00
mounts.h
Add workaround for active Tomoyo LSM
2021-05-10 07:04:04 -07:00
mounttree.proto
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
namespace_test.cc
Modernize namespace_test a little
2021-10-13 04:17:46 -07:00
namespace.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
namespace.h
Update license header with recommended best practices
2020-01-17 05:05:29 -08:00
notify_test.cc
Add more convenience functions to PolicyBuilder
2021-12-08 06:41:21 -08:00
notify.h
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
policy_test.cc
Add more convenience functions to PolicyBuilder
2021-12-08 06:41:21 -08:00
policy.cc
Take a vector in Policy::AllowUnsafeKeepCapabilities()
2021-07-12 05:43:21 -07:00
policy.h
Allow collecting stacktraces on normal process exit
2021-08-16 03:13:15 -07:00
policybuilder_test.cc
Replace deprecated AddTmpfs call
2021-12-03 04:56:40 -08:00
policybuilder.cc
#Cleanup PolicyBuilder API using absl::Span
2021-12-13 01:31:59 -08:00
policybuilder.h
Remove SyscallInitializer
2021-12-14 00:45:27 -08:00
README.md
Update references to the new documentation
2021-12-14 09:03:29 -08:00
regs_test.cc
Fix -Wc++11-narrowing error with Clang introduced in 2546d9e
2022-01-14 03:40:01 -08:00
regs.cc
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
regs.h
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
result.cc
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
result.h
Ability to inspect a syscall's return value.
2022-01-13 06:49:19 -08:00
sandbox2_test.cc
Allow collecting stacktraces on normal process exit
2021-08-16 03:13:15 -07:00
sandbox2.cc
Fix a race between NotifyMonitor/AwaitResult
2021-11-17 01:40:42 -08:00
sandbox2.h
Readd function comment removed by mistake
2021-12-06 04:43:32 -08:00
sanitizer_test.cc
Introduce util::CharPtrArray with proper ownership semantics
2021-12-20 05:08:12 -08:00
sanitizer.cc
Implement WaitForTsan on other sanitizers
2021-12-07 17:59:05 -08:00
sanitizer.h
Implement WaitForTsan on other sanitizers
2021-12-07 17:59:05 -08:00
stack_trace_test.cc
Fix order-dependent test.
2021-03-18 05:56:40 -07:00
stack_trace.cc
Relax the policy to allow stat (and possibly stat64).
2021-12-06 10:23:31 -08:00
stack_trace.h
Automated rollback of commit 4a38f59728f7f8849a42422faa9846c865918ac1.
2021-06-28 02:03:06 -07:00
syscall_defs.cc
Add new x86-64 syscalls
2021-06-04 01:01:34 -07:00
syscall_defs.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
syscall_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
syscall.cc
Add more compiler variants to GitHub Actions
2021-04-07 15:23:23 +02:00
syscall.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
testing.h
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
util_test.cc
Move utility code into sandboxed_api/util
2021-01-13 09:25:52 -08:00
util.cc
Introduce util::CharPtrArray with proper ownership semantics
2021-12-20 05:08:12 -08:00
util.h
Introduce util::CharPtrArray with proper ownership semantics
2021-12-20 05:08:12 -08:00
violation.proto
Add support for ARM32 (hard float target)
2020-12-16 09:18:25 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.