sandboxed-api

examples

This fixes broken _proto_cc_cc_proto build target suffixes.

2019-09-25 07:13:58 -07:00

testcases

Remount chroot as read-only

2019-11-14 03:51:26 -08:00

unwind

This fixes broken _proto_cc_cc_proto build target suffixes.

2019-09-25 07:13:58 -07:00

util

Internal change.

2019-08-23 08:08:51 -07:00

bpfdisassembler.cc

Add support for new SECCOMP_RET_* in disassembler

2019-04-09 14:38:05 +02:00

bpfdisassembler.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

buffer_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

buffer.cc

Internal change.

2019-08-23 08:08:51 -07:00

buffer.h

Internal change.

2019-08-23 08:08:51 -07:00

BUILD.bazel

Explicitly export files needed by other packages

2019-12-05 03:33:32 -08:00

client.cc

Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added

2019-07-23 04:41:08 -07:00

client.h

Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added

2019-07-23 04:41:08 -07:00

CMakeLists.txt

Use a nested userns&mntns to pre-pivot_root

2019-11-19 09:02:28 -08:00

comms_test.cc

Internal change.

2019-08-23 08:08:51 -07:00

comms_test.proto

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

comms.cc

Remove stale comment

2019-05-17 07:21:31 -07:00

comms.h

Make StatusMatcher more flexible

2019-04-23 10:30:45 -07:00

executor.cc

Fix a file descriptor leak in sandbox2::Executor.

2019-10-23 09:52:07 -07:00

executor.h

Fix a file descriptor leak in sandbox2::Executor.

2019-10-23 09:52:07 -07:00

forkingclient.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

forkingclient.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

forkserver_bin.cc

Move forkserver into a dedicated binary

2019-04-09 14:37:41 +02:00

forkserver_test.cc

forkserver: Remove order dependent tests

2019-12-13 06:59:01 -08:00

forkserver.cc

Improve diagnostics when dynamically linked binary is sandboxed, but can't be exec'd.

2019-12-19 07:48:32 -08:00

forkserver.h

Create initial namespaces on demand

2019-12-02 05:31:42 -08:00

forkserver.proto

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

global_forkclient.cc

Move forkserver into a dedicated binary

2019-04-09 14:37:41 +02:00

global_forkclient.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

ipc_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

ipc.cc

Formatting fixes.

2019-03-19 03:41:32 -07:00

ipc.h

Formatting fixes.

2019-03-19 03:41:32 -07:00

limits_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

limits.h

Formatting fixes.

2019-03-19 03:41:32 -07:00

logserver.cc

Follow-up to rev. 6edcf5f which introduced a build failure

2019-07-08 05:56:36 -07:00

logserver.h

Fix unnecessary unique_ptr in LogServer.

2019-05-26 08:47:38 -07:00

logserver.proto

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

logsink.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

logsink.h

Internal change

2019-04-26 06:18:59 -07:00

monitor.cc

Allow stack trace collection when namespaces are disabled, if sandbox_libunwind_crash_handler==false.

2020-01-06 02:34:03 -08:00

monitor.h

Initialize std::atomic_flag members

2019-07-15 23:59:24 -07:00

mounts_test.cc

Fix mount entries listing for tmpfs

2019-10-24 02:37:54 -07:00

mounts.cc

Properly set mount flags

2020-01-16 06:05:11 -08:00

mounts.h

Remount chroot as read-only

2019-11-14 03:51:26 -08:00

mounttree.proto

Remount chroot as read-only

2019-11-14 03:51:26 -08:00

namespace_test.cc

Remount chroot as read-only

2019-11-14 03:51:26 -08:00

namespace.cc

Change mount propagation to private

2020-01-14 06:32:23 -08:00

namespace.h

Use a nested userns&mntns to pre-pivot_root

2019-11-19 09:02:28 -08:00

network_proxy_client.cc

Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added

2019-07-23 04:41:08 -07:00

network_proxy_client.h

Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added

2019-07-23 04:41:08 -07:00

network_proxy_server.cc

Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added

2019-07-23 04:41:08 -07:00

network_proxy_server.h

Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added

2019-07-23 04:41:08 -07:00

notify_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

notify.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

policy_test.cc

Enable namespaces by default

2019-09-11 02:39:49 -07:00

policy.cc

Use full workspace name to access Bazel packages in generator

2019-07-01 02:53:41 -07:00

policy.h

Rename deathrattle_fatalmsg proto

2019-03-20 05:19:55 -07:00

policybuilder_test.cc

Make PolicyBuilder a value class.

2019-10-08 10:45:45 -07:00

policybuilder.cc

Remount chroot as read-only

2019-11-14 03:51:26 -08:00

policybuilder.h

Remount chroot as read-only

2019-11-14 03:51:26 -08:00

README.md

Corrects typo in link

2019-10-07 02:36:35 -07:00

regs.cc

Internal change.

2019-08-23 08:08:51 -07:00

regs.h

Internal change.

2019-08-23 08:08:51 -07:00

result.cc

Internal change.

2019-08-23 08:08:51 -07:00

result.h

Internal change.

2019-08-23 08:08:51 -07:00

sandbox2_test.cc

Internal change

2019-11-28 08:07:00 -08:00

sandbox2.cc

Internal change

2019-11-28 08:07:00 -08:00

sandbox2.h

Internal change

2019-11-28 08:07:00 -08:00

sanitizer_test.cc

Fix unused warning for IsFdOpen()

2019-11-25 06:44:14 -08:00

sanitizer.cc

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

sanitizer.h

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

stack_trace_test.cc

Enable namespaces by default

2019-09-11 02:39:49 -07:00

stack_trace.cc

Rework stacktrace mounttree logic

2019-10-22 09:05:33 -07:00

stack_trace.h

Rename stack-trace{.h,.cc,._test.cc} to use underscores

2019-07-09 01:32:25 -07:00

syscall_defs.cc

Refactor syscall definitions to rely less on macros

2020-01-07 05:27:21 -08:00

syscall_defs.h

Refactor syscall definitions to rely less on macros

2020-01-07 05:27:21 -08:00

syscall_test.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

syscall.cc

Refactor syscall definitions to rely less on macros

2020-01-07 05:27:21 -08:00

syscall.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

testing.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

testing.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

util_test.cc

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

util.cc

Internal change.

2019-08-23 08:08:51 -07:00

util.h

Internal change.

2019-08-23 08:08:51 -07:00

violation.proto

Internal change

2019-09-24 04:50:18 -07:00

README.md

Sandbox2

Documentation