sandboxed-api/sandboxed_api/sandbox2
Wiktor Garbacz 1c2596785b Clearer logs on execveat failures
Drive-by: remove redundant log prefix (PLOG prepends filename and line)
PiperOrigin-RevId: 557367980
Change-Id: Id7cc945969e0ae06a451ca3dd0f3e288402b9136
2023-08-15 23:30:44 -07:00
..
examples
network_proxy Mostly internal change: Optimize OSS transforms 2023-06-07 02:23:18 -07:00
testcases
unwind
util
allow_all_syscalls.h
allow_unrestricted_networking.h
bpfdisassembler_test.cc
bpfdisassembler.cc
bpfdisassembler.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
buffer_test.cc
buffer.cc
buffer.h
BUILD.bazel
client.cc
client.h
CMakeLists.txt
comms_test.cc
comms_test.proto
comms.cc Comms constructor for non abstract sockets 2023-03-23 07:34:32 -07:00
comms.h
executor.cc Rename GetCloneFlags 2023-08-03 05:42:29 -07:00
executor.h
fork_client.cc
fork_client.h
forkingclient.cc
forkingclient.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
forkserver_bin.cc Remove WaitForSanitizers from ptrace monitor & add to global forkserver 2023-05-10 05:06:18 -07:00
forkserver_test.cc
forkserver.cc
forkserver.h
forkserver.proto
global_forkclient_lib_ctor.cc
global_forkclient.cc Error out if invalid custom forkserver path is specified 2023-06-15 03:17:02 -07:00
global_forkclient.h
ipc_test.cc
ipc.cc
ipc.h Split PtraceMonitor out of Monitor 2023-01-23 01:42:28 -08:00
limits_test.cc
limits.h
logserver.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logserver.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logserver.proto
logsink.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logsink.h
monitor_base.cc Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
monitor_base.h
monitor_ptrace.cc
monitor_ptrace.h
monitor_unotify.cc
monitor_unotify.h
mount_tree.proto Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto 2022-03-14 05:15:15 -07:00
mounts_test.cc
mounts.cc Mark Mounts::RecursivelyListMounts() const 2023-08-03 07:40:16 -07:00
mounts.h
namespace_test.cc
namespace.cc
namespace.h Mark GetNamespaceDescription const 2023-08-07 06:48:11 -07:00
notify_test.cc Run more tests with coverage and sanitizers contd 2023-03-03 06:51:06 -08:00
notify.h
policy_test.cc
policy.cc
policy.h Make Policy a simple copyable type 2023-08-09 06:44:22 -07:00
policybuilder_test.cc
policybuilder.cc
policybuilder.h
README.md
regs_test.cc
regs.cc
regs.h
result.cc
result.h
sandbox2_test.cc
sandbox2.cc
sandbox2.h Move log warning about non-namespaced stacktraces 2023-08-07 09:07:06 -07:00
sanitizer_test.cc
sanitizer.cc
sanitizer.h
stack_trace_test.cc Fix stack_trace_test for ARM64 2023-03-06 07:07:55 -08:00
stack_trace.cc
stack_trace.h Decouple sandboxed stack tracing 2023-02-16 06:07:15 -08:00
syscall_defs.cc
syscall_defs.h
syscall_test.cc
syscall.cc
syscall.h
testing.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
util_test.cc
util.cc
util.h
violation.proto

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.