sandboxed-api/sandboxed_api/sandbox2
Sandboxed API Team daa1c7a64e Allow sandboxee to read from /proc when sanitizers are allowed.
Sanitizers read from /proc. For example:
69445f095c/lib/sanitizer_common/sanitizer_linux.cpp (L1101)

PiperOrigin-RevId: 292363903
Change-Id: Icc383ededcad363b4e96f5551f140f012b07b495
2020-01-30 09:30:42 -08:00
..
examples Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
testcases Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
unwind Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
util Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
bpfdisassembler.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
bpfdisassembler.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
buffer_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
buffer.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
buffer.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
BUILD.bazel Properly test read-only mounts 2020-01-24 02:38:11 -08:00
client.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
client.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
CMakeLists.txt Properly test read-only mounts 2020-01-24 02:38:11 -08:00
comms_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
comms_test.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
comms.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
comms.h Replace deprecated thread annotations macros. 2020-01-30 05:07:40 -08:00
executor.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
executor.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkingclient.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkingclient.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkserver_bin.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkserver_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkserver.cc Replace if (!cond) { LOG(FATAL, msg) } with CHECK(cond, msg) 2020-01-28 05:59:33 -08:00
forkserver.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
forkserver.proto Internal change 2020-01-20 08:35:24 -08:00
global_forkclient.cc Replace if (!cond) { LOG(FATAL, msg) } with CHECK(cond, msg) 2020-01-28 05:59:33 -08:00
global_forkclient.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
ipc_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
ipc.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
ipc.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
limits_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
limits.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logserver.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logserver.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logserver.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logsink.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
logsink.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
monitor.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
monitor.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
mounts_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
mounts.cc Log mount flags in human readable format 2020-01-27 03:19:56 -08:00
mounts.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
mounttree.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
namespace_test.cc Properly test read-only mounts 2020-01-24 02:38:11 -08:00
namespace.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
namespace.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
network_proxy_client.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
network_proxy_client.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
network_proxy_server.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
network_proxy_server.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
notify_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
notify.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
policy_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
policy.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
policy.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
policybuilder_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
policybuilder.cc Allow sandboxee to read from /proc when sanitizers are allowed. 2020-01-30 09:30:42 -08:00
policybuilder.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
README.md Corrects typo in link 2019-10-07 02:36:35 -07:00
regs.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
regs.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
result.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
result.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
sandbox2_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
sandbox2.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
sandbox2.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
sanitizer_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
sanitizer.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
sanitizer.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
stack_trace_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
stack_trace.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
stack_trace.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
syscall_defs.cc Refactor syscall definitions to rely less on macros 2020-01-07 05:27:21 -08:00
syscall_defs.h Refactor syscall definitions to rely less on macros 2020-01-07 05:27:21 -08:00
syscall_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
syscall.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
syscall.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
testing.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
testing.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
util_test.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
util.cc Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
util.h Update license header with recommended best practices 2020-01-17 05:05:29 -08:00
violation.proto Update license header with recommended best practices 2020-01-17 05:05:29 -08:00

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.