mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
ca6ec4337d
Recenly, Debian based distribution kernels started activating the Tomoyo Linux Security Module by default. Even if it is not used, this changes the behavior of `/dev/fd` (pointing to `/proc/self/fd` by default), which Sandbox2 needs during `execveat()`. As a result, Sandbox2 and Sandboxed API always fail without one of the following conditions - `/proc` mounted within the sandboxee - `/dev` mounted - `/dev/fd` symlinked to `/proc/self/fd` in the sandboxee's mount namespace Some code pointers to upstream Linux 5.12.2: - https://elixir.bootlin.com/linux/v5.12.2/source/fs/exec.c#L1775 - https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/tomoyo.c#L107 - https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/domain.c#L729 To find out whether your system has Tomoyo enabled, use this command, similar to what this change does in code: ``` $ cat /sys/kernel/security/lsm | grep tomoyo && echo "Tomoyo active" capability,yama,apparmor,tomoyo Tomoyo active ``` The config setting `CONFIG_DEFAULT_SECURITY` controls which LSMs are built into the kernel by default. PiperOrigin-RevId: 372919524 Change-Id: I2181819c04f15f57d96c44ea9977d0def4a1b623 |
||
---|---|---|
.. | ||
bazel | ||
docs | ||
examples | ||
sandbox2 | ||
tools | ||
util | ||
BUILD.bazel | ||
call.h | ||
client.cc | ||
CMakeLists.txt | ||
config.h | ||
embed_file.cc | ||
embed_file.h | ||
file_toc.h | ||
lenval_core.h | ||
proto_arg.proto | ||
proto_helper.h | ||
rpcchannel.cc | ||
rpcchannel.h | ||
sandbox.cc | ||
sandbox.h | ||
sapi_test.cc | ||
testing.cc | ||
testing.h | ||
transaction.cc | ||
transaction.h | ||
var_abstract.cc | ||
var_abstract.h | ||
var_array.h | ||
var_int.cc | ||
var_int.h | ||
var_lenval.cc | ||
var_lenval.h | ||
var_pointable.cc | ||
var_pointable.h | ||
var_proto.h | ||
var_ptr.h | ||
var_reg.h | ||
var_struct.h | ||
var_type.h | ||
var_void.h | ||
vars.h |