mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Wiktor Garbacz 1c2596785b Clearer logs on execveat failures Drive-by: remove redundant log prefix (PLOG prepends filename and line) PiperOrigin-RevId: 557367980 Change-Id: Id7cc945969e0ae06a451ca3dd0f3e288402b9136		2023-08-15 23:30:44 -07:00
..
examples
network_proxy	Mostly internal change: Optimize OSS transforms	2023-06-07 02:23:18 -07:00
testcases
unwind
util
allow_all_syscalls.h
allow_unrestricted_networking.h
bpfdisassembler_test.cc
bpfdisassembler.cc
bpfdisassembler.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
buffer_test.cc
buffer.cc
buffer.h
BUILD.bazel
client.cc
client.h
CMakeLists.txt
comms_test.cc
comms_test.proto
comms.cc	Comms constructor for non abstract sockets	2023-03-23 07:34:32 -07:00
comms.h
executor.cc	Rename GetCloneFlags	2023-08-03 05:42:29 -07:00
executor.h
fork_client.cc
fork_client.h
forkingclient.cc
forkingclient.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
forkserver_bin.cc	Remove WaitForSanitizers from ptrace monitor & add to global forkserver	2023-05-10 05:06:18 -07:00
forkserver_test.cc
forkserver.cc
forkserver.h
forkserver.proto
global_forkclient_lib_ctor.cc
global_forkclient.cc	Error out if invalid custom forkserver path is specified	2023-06-15 03:17:02 -07:00
global_forkclient.h
ipc_test.cc
ipc.cc
ipc.h	Split PtraceMonitor out of Monitor	2023-01-23 01:42:28 -08:00
limits_test.cc
limits.h
logserver.cc	Use Abseil's log/flags instead of glog/gflags	2022-10-20 06:48:51 -07:00
logserver.h	Use Abseil's log/flags instead of glog/gflags	2022-10-20 06:48:51 -07:00
logserver.proto
logsink.cc	Use Abseil's log/flags instead of glog/gflags	2022-10-20 06:48:51 -07:00
logsink.h
monitor_base.cc	Make Policy a simple copyable type	2023-08-09 06:44:22 -07:00
monitor_base.h
monitor_ptrace.cc
monitor_ptrace.h
monitor_unotify.cc
monitor_unotify.h
mount_tree.proto	Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto	2022-03-14 05:15:15 -07:00
mounts_test.cc
mounts.cc	Mark `Mounts::RecursivelyListMounts()` const	2023-08-03 07:40:16 -07:00
mounts.h
namespace_test.cc
namespace.cc
namespace.h	Mark GetNamespaceDescription const	2023-08-07 06:48:11 -07:00
notify_test.cc	Run more tests with coverage and sanitizers contd	2023-03-03 06:51:06 -08:00
notify.h
policy_test.cc
policy.cc
policy.h	Make Policy a simple copyable type	2023-08-09 06:44:22 -07:00
policybuilder_test.cc
policybuilder.cc
policybuilder.h
README.md
regs_test.cc
regs.cc
regs.h
result.cc
result.h
sandbox2_test.cc
sandbox2.cc
sandbox2.h	Move log warning about non-namespaced stacktraces	2023-08-07 09:07:06 -07:00
sanitizer_test.cc
sanitizer.cc
sanitizer.h
stack_trace_test.cc	Fix stack_trace_test for ARM64	2023-03-06 07:07:55 -08:00
stack_trace.cc
stack_trace.h	Decouple sandboxed stack tracing	2023-02-16 06:07:15 -08:00
syscall_defs.cc
syscall_defs.h
syscall_test.cc
syscall.cc
syscall.h
testing.h	Change license link to HTTPS URL	2022-01-28 01:39:09 -08:00
util_test.cc
util.cc
util.h
violation.proto

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.