sandboxed-api/sandboxed_api
Christian Blichmann ca6ec4337d Add workaround for active Tomoyo LSM
Recenly, Debian based distribution kernels started activating the Tomoyo Linux
Security Module by default. Even if it is not used, this changes the behavior
of `/dev/fd` (pointing to `/proc/self/fd` by default), which Sandbox2 needs during
`execveat()`.

As a result, Sandbox2 and Sandboxed API always fail without one of the following
conditions
- `/proc` mounted within the sandboxee
- `/dev` mounted
- `/dev/fd` symlinked to `/proc/self/fd` in the sandboxee's mount namespace

Some code pointers to upstream Linux 5.12.2:
- https://elixir.bootlin.com/linux/v5.12.2/source/fs/exec.c#L1775
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/tomoyo.c#L107
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/domain.c#L729

To find out whether your system has Tomoyo enabled, use this command, similar to
what this change does in code:

```
$ cat /sys/kernel/security/lsm | grep tomoyo && echo "Tomoyo active"
capability,yama,apparmor,tomoyo
Tomoyo active
```

The config setting `CONFIG_DEFAULT_SECURITY` controls which LSMs are built into
the kernel by default.

PiperOrigin-RevId: 372919524
Change-Id: I2181819c04f15f57d96c44ea9977d0def4a1b623
2021-05-10 07:04:04 -07:00
..
bazel Update third-party dependencies 2021-04-26 05:00:30 -07:00
docs Internal change. 2020-03-19 09:58:28 -07:00
examples Check for either violate() or ViolateIndirect() in stack trace 2021-05-06 07:36:13 -07:00
sandbox2 Add workaround for active Tomoyo LSM 2021-05-10 07:04:04 -07:00
tools Properly handle unsigned-by-default char types 2021-03-24 04:48:16 -07:00
util Be more strict about target_link_libraries() 2021-02-03 09:01:31 -08:00
BUILD.bazel Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
call.h Avoid complex designated initializer, initialize internal struct padding 2021-02-02 00:56:58 -08:00
client.cc Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
CMakeLists.txt Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
config.h Avoid sanitizer macros use Abseil's where necessary 2021-02-01 07:11:15 -08:00
embed_file.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
embed_file.h Replace deprecated thread annotations macros. 2020-01-30 05:06:55 -08:00
file_toc.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
lenval_core.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
proto_arg.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
proto_helper.h Internal BUILD refactoring 2020-09-03 07:40:33 -07:00
rpcchannel.cc Use size_t/uintptr_t instead of uintptr_t or uint64_t where appropriate 2020-09-18 07:45:03 -07:00
rpcchannel.h Use size_t/uintptr_t instead of uintptr_t or uint64_t where appropriate 2020-09-18 07:45:03 -07:00
sandbox.cc Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
sandbox.h Move GetInternalDataDependencyFilePath() into internal namespace 2021-01-14 05:11:22 -08:00
sapi_test.cc Check for either violate() or ViolateIndirect() in stack trace 2021-05-06 07:36:13 -07:00
testing.cc Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
testing.h Avoid sanitizer macros use Abseil's where necessary 2021-02-01 07:11:15 -08:00
transaction.cc Internal change 2021-01-22 06:01:34 -08:00
transaction.h Internal change 2021-01-22 06:01:34 -08:00
var_abstract.cc Internal change 2021-01-22 06:01:34 -08:00
var_abstract.h Modernize a few files 2020-07-20 03:07:54 -07:00
var_array.h Avoid buffer overflows when the sandboxee shrinks a shared buffer. 2021-02-02 23:59:12 -08:00
var_int.cc Internal change 2021-01-22 06:01:34 -08:00
var_int.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_lenval.cc Internal change 2021-01-22 06:01:34 -08:00
var_lenval.h Replace sapi::Status with absl::Status 2020-02-27 09:24:12 -08:00
var_pointable.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
var_pointable.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_proto.h Internal change 2021-01-22 06:01:34 -08:00
var_ptr.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
var_reg.h Fix Reg<long double> for MSAN 2021-04-13 01:44:01 -07:00
var_struct.h Modernize a few files 2020-07-20 03:07:54 -07:00
var_type.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
var_void.h Rename SYNC_* constants to conform to style guide 2020-07-20 07:05:44 -07:00
vars.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00