mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Christian Blichmann dfbfb5cc43 Add CMake builds for the examples

PiperOrigin-RevId: 252045309
Change-Id: I57ffc3debbe64010b1f20b2e6df900b9916fa37f

2019-06-07 07:27:33 -07:00

docs

Internal change

2019-04-23 10:42:14 -07:00

examples

Add CMake builds for the examples

2019-06-07 07:27:33 -07:00

testcases

Add a resource starvation test

2019-05-15 08:04:58 -07:00

unwind

Disable compiler warnings for consistency with internal settings.

2019-05-09 05:21:34 -07:00

util

Implement a GetDataDependencyFilepath() for CMake (non-Bazel really).

2019-06-06 05:44:32 -07:00

bpfdisassembler.cc

Add support for new SECCOMP_RET_* in disassembler

2019-04-09 14:38:05 +02:00

bpfdisassembler.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

buffer_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

buffer.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

buffer.h

Clarify behavior of Buffer::CreateFromFd

2019-05-30 23:50:54 -07:00

BUILD.bazel

Internal change

2019-06-05 00:26:14 -07:00

client.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

client.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

CMakeLists.txt

Add CMake builds for the examples

2019-06-07 07:27:33 -07:00

comms_test.cc

Internal change

2019-04-23 10:42:14 -07:00

comms_test.proto

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

comms.cc

Remove stale comment

2019-05-17 07:21:31 -07:00

comms.h

Make StatusMatcher more flexible

2019-04-23 10:30:45 -07:00

executor.cc

Improve internal<->external code transforms

2019-03-19 05:51:53 -07:00

executor.h

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

forkingclient.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

forkingclient.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

forkserver_bin.cc

Move forkserver into a dedicated binary

2019-04-09 14:37:41 +02:00

forkserver_test.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

forkserver.cc

Move forkserver into a dedicated binary

2019-04-09 14:37:41 +02:00

forkserver.h

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

forkserver.proto

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

global_forkclient.cc

Move forkserver into a dedicated binary

2019-04-09 14:37:41 +02:00

global_forkclient.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

ipc_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

ipc.cc

Formatting fixes.

2019-03-19 03:41:32 -07:00

ipc.h

Formatting fixes.

2019-03-19 03:41:32 -07:00

limits_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

limits.h

Formatting fixes.

2019-03-19 03:41:32 -07:00

logserver.cc

Fix unnecessary unique_ptr in LogServer.

2019-05-26 08:47:38 -07:00

logserver.h

Fix unnecessary unique_ptr in LogServer.

2019-05-26 08:47:38 -07:00

logserver.proto

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

logsink.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

logsink.h

Internal change

2019-04-26 06:18:59 -07:00

monitor.cc

Internal change

2019-06-05 00:26:14 -07:00

monitor.h

Remove dead code

2019-05-17 02:02:03 -07:00

mounts_test.cc

Print final FS mounts in sandboxee's chroot

2019-05-07 18:30:13 -07:00

mounts.cc

Log the progress of dynamic libraries being resolved while creating a sandboxee's virtual FS chroot. This provides valuable insight while debugging problems with dynamically linked sandoxed binaries.

2019-05-10 09:41:07 -07:00

mounts.h

Print final FS mounts in sandboxee's chroot

2019-05-07 18:30:13 -07:00

mounttree.proto

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

namespace_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

namespace.cc

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

namespace.h

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

network_proxy_client.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

network_proxy_client.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

network_proxy_server.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

network_proxy_server.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

notify_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

notify.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

policy_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

policy.cc

Internal change

2019-06-05 00:26:14 -07:00

policy.h

Rename deathrattle_fatalmsg proto

2019-03-20 05:19:55 -07:00

policybuilder_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

policybuilder.cc

Add DisableNamespaces to PolicyBuilder

2019-05-22 06:54:12 -07:00

policybuilder.h

Add DisableNamespaces to PolicyBuilder

2019-05-22 06:54:12 -07:00

README.md

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

regs.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

regs.h

Rename deathrattle_fatalmsg proto

2019-03-20 05:19:55 -07:00

result.cc

Reintroduce monitor changes.

2019-05-15 07:46:49 -07:00

result.h

Reintroduce monitor changes.

2019-05-15 07:46:49 -07:00

sandbox2_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

sandbox2.cc

Replace custom synchronization with absl::Notification

2019-05-15 08:09:56 -07:00

sandbox2.h

Reintroduce monitor changes.

2019-05-15 07:46:49 -07:00

sanitizer_test.cc

Call DisableNamespaces where needed

2019-05-23 07:21:03 -07:00

sanitizer.cc

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

sanitizer.h

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

stack-trace_test.cc

Internal change

2019-06-05 00:26:14 -07:00

stack-trace.cc

Internal change

2019-06-05 00:26:14 -07:00

stack-trace.h

Internal change

2019-06-05 00:26:14 -07:00

syscall_defs.cc

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

syscall_defs.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

syscall_test.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

syscall.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

syscall.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

testing.cc

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

testing.h

Sandboxed API OSS release.

2019-03-18 19:00:48 +01:00

util_test.cc

Formatting fixes and include file hygiene.

2019-03-26 07:54:21 -07:00

util.cc

Extract GetRlimitName into util

2019-05-17 01:55:35 -07:00

util.h

Extract GetRlimitName into util

2019-05-17 01:55:35 -07:00

violation.proto

Disable "mini" debug format support in libunwind to avoid additional library dependency

2019-03-20 08:03:08 -07:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Who is it for?

Sandbox2 is aimed to sandbox C/C++ code or whole binaries in production.

See the sandboxing options overview page to make sure this is the type of sandboxing you are looking for.

How does it work?

Read our How it works page to learn everything about this technology.