sandboxed-api/sandboxed_api/sandbox2
Wiktor Garbacz 96d9ce90e5 Properly set mount flags
PiperOrigin-RevId: 290052082
Change-Id: I35222d25a24c3d641a998b2734b90bd178759df6
2020-01-16 06:05:11 -08:00
..
examples This fixes broken _proto_cc_cc_proto build target suffixes. 2019-09-25 07:13:58 -07:00
testcases Remount chroot as read-only 2019-11-14 03:51:26 -08:00
unwind This fixes broken _proto_cc_cc_proto build target suffixes. 2019-09-25 07:13:58 -07:00
util Internal change. 2019-08-23 08:08:51 -07:00
bpfdisassembler.cc Add support for new SECCOMP_RET_* in disassembler 2019-04-09 14:38:05 +02:00
bpfdisassembler.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
buffer_test.cc Call DisableNamespaces where needed 2019-05-23 07:21:03 -07:00
buffer.cc Internal change. 2019-08-23 08:08:51 -07:00
buffer.h Internal change. 2019-08-23 08:08:51 -07:00
BUILD.bazel Explicitly export files needed by other packages 2019-12-05 03:33:32 -08:00
client.cc Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added 2019-07-23 04:41:08 -07:00
client.h Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added 2019-07-23 04:41:08 -07:00
CMakeLists.txt Use a nested userns&mntns to pre-pivot_root 2019-11-19 09:02:28 -08:00
comms_test.cc Internal change. 2019-08-23 08:08:51 -07:00
comms_test.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
comms.cc Remove stale comment 2019-05-17 07:21:31 -07:00
comms.h Make StatusMatcher more flexible 2019-04-23 10:30:45 -07:00
executor.cc Fix a file descriptor leak in sandbox2::Executor. 2019-10-23 09:52:07 -07:00
executor.h Fix a file descriptor leak in sandbox2::Executor. 2019-10-23 09:52:07 -07:00
forkingclient.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkingclient.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkserver_bin.cc Move forkserver into a dedicated binary 2019-04-09 14:37:41 +02:00
forkserver_test.cc forkserver: Remove order dependent tests 2019-12-13 06:59:01 -08:00
forkserver.cc Improve diagnostics when dynamically linked binary is sandboxed, but can't be exec'd. 2019-12-19 07:48:32 -08:00
forkserver.h Create initial namespaces on demand 2019-12-02 05:31:42 -08:00
forkserver.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
global_forkclient.cc Move forkserver into a dedicated binary 2019-04-09 14:37:41 +02:00
global_forkclient.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
ipc_test.cc Call DisableNamespaces where needed 2019-05-23 07:21:03 -07:00
ipc.cc Formatting fixes. 2019-03-19 03:41:32 -07:00
ipc.h Formatting fixes. 2019-03-19 03:41:32 -07:00
limits_test.cc Call DisableNamespaces where needed 2019-05-23 07:21:03 -07:00
limits.h Formatting fixes. 2019-03-19 03:41:32 -07:00
logserver.cc Follow-up to rev. 6edcf5f which introduced a build failure 2019-07-08 05:56:36 -07:00
logserver.h Fix unnecessary unique_ptr in LogServer. 2019-05-26 08:47:38 -07:00
logserver.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logsink.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logsink.h Internal change 2019-04-26 06:18:59 -07:00
monitor.cc Allow stack trace collection when namespaces are disabled, if sandbox_libunwind_crash_handler==false. 2020-01-06 02:34:03 -08:00
monitor.h Initialize std::atomic_flag members 2019-07-15 23:59:24 -07:00
mounts_test.cc Fix mount entries listing for tmpfs 2019-10-24 02:37:54 -07:00
mounts.cc Properly set mount flags 2020-01-16 06:05:11 -08:00
mounts.h Remount chroot as read-only 2019-11-14 03:51:26 -08:00
mounttree.proto Remount chroot as read-only 2019-11-14 03:51:26 -08:00
namespace_test.cc Remount chroot as read-only 2019-11-14 03:51:26 -08:00
namespace.cc Change mount propagation to private 2020-01-14 06:32:23 -08:00
namespace.h Use a nested userns&mntns to pre-pivot_root 2019-11-19 09:02:28 -08:00
network_proxy_client.cc Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added 2019-07-23 04:41:08 -07:00
network_proxy_client.h Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added 2019-07-23 04:41:08 -07:00
network_proxy_server.cc Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added 2019-07-23 04:41:08 -07:00
network_proxy_server.h Now the network proxy client can automatically redirect connect syscalls to a handler that will send the data (syscall arguments) to the proxy server automatically and will return the obtained socket from the proxy server, in the future rules like allowed IP, protocols, etc. will be added 2019-07-23 04:41:08 -07:00
notify_test.cc Call DisableNamespaces where needed 2019-05-23 07:21:03 -07:00
notify.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
policy_test.cc Enable namespaces by default 2019-09-11 02:39:49 -07:00
policy.cc Use full workspace name to access Bazel packages in generator 2019-07-01 02:53:41 -07:00
policy.h Rename deathrattle_fatalmsg proto 2019-03-20 05:19:55 -07:00
policybuilder_test.cc Make PolicyBuilder a value class. 2019-10-08 10:45:45 -07:00
policybuilder.cc Remount chroot as read-only 2019-11-14 03:51:26 -08:00
policybuilder.h Remount chroot as read-only 2019-11-14 03:51:26 -08:00
README.md Corrects typo in link 2019-10-07 02:36:35 -07:00
regs.cc Internal change. 2019-08-23 08:08:51 -07:00
regs.h Internal change. 2019-08-23 08:08:51 -07:00
result.cc Internal change. 2019-08-23 08:08:51 -07:00
result.h Internal change. 2019-08-23 08:08:51 -07:00
sandbox2_test.cc Internal change 2019-11-28 08:07:00 -08:00
sandbox2.cc Internal change 2019-11-28 08:07:00 -08:00
sandbox2.h Internal change 2019-11-28 08:07:00 -08:00
sanitizer_test.cc Fix unused warning for IsFdOpen() 2019-11-25 06:44:14 -08:00
sanitizer.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
sanitizer.h Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
stack_trace_test.cc Enable namespaces by default 2019-09-11 02:39:49 -07:00
stack_trace.cc Rework stacktrace mounttree logic 2019-10-22 09:05:33 -07:00
stack_trace.h Rename stack-trace{.h,.cc,._test.cc} to use underscores 2019-07-09 01:32:25 -07:00
syscall_defs.cc Refactor syscall definitions to rely less on macros 2020-01-07 05:27:21 -08:00
syscall_defs.h Refactor syscall definitions to rely less on macros 2020-01-07 05:27:21 -08:00
syscall_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall.cc Refactor syscall definitions to rely less on macros 2020-01-07 05:27:21 -08:00
syscall.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
testing.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
testing.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
util_test.cc Formatting fixes and include file hygiene. 2019-03-26 07:54:21 -07:00
util.cc Internal change. 2019-08-23 08:08:51 -07:00
util.h Internal change. 2019-08-23 08:08:51 -07:00
violation.proto Internal change 2019-09-24 04:50:18 -07:00

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.