StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Wiktor Garbacz e031c11bdc Update naming and lambda capture for stack size 
PiperOrigin-RevId: 515254988
Change-Id: I394dc039bcfcbd2ccd7c705a91974f4183b28c39
2023-03-09 00:14:39 -08:00
..
examples
Consistently exclude examples from coverage runs
2023-03-06 10:03:12 -08:00
network_proxy
Use SyscallTrap in NetworkProxy
2022-11-30 05:47:44 -08:00
testcases
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
unwind
Remove unused UnwindResult.ip, reuse RunLibUnwindAndSymbolizer
2023-03-02 02:40:15 -08:00
util
Add explicit casts to avoid build failures
2023-03-07 05:02:45 -08:00
allow_all_syscalls.h
Change the default action instead of appending ALLOW
2023-03-01 05:36:24 -08:00
bpfdisassembler_test.cc
Add test for bpf disassembler
2023-03-07 05:04:09 -08:00
bpfdisassembler.cc
Add test for bpf disassembler
2023-03-07 05:04:09 -08:00
bpfdisassembler.h
buffer_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
buffer.cc
Remove Tag constructor, add standard comment for absl::WrapUnique(new T)
2022-10-25 06:20:51 -07:00
buffer.h
Remove Tag constructor, add standard comment for absl::WrapUnique(new T)
2022-10-25 06:20:51 -07:00
BUILD.bazel
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
client.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
client.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
CMakeLists.txt
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
comms_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
comms_test.proto
Migration of remaining protobufs from proto2 to proto3
2022-03-16 00:43:46 -07:00
comms.cc
contrib: Replace uses of CHECK_NOTNULL
2022-10-25 05:50:59 -07:00
comms.h
Sandbox2: Graciously handle mapping over Comms/Exec fds
2022-10-10 09:39:01 -07:00
executor.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
executor.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
fork_client.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
fork_client.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
forkingclient.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
forkingclient.h
forkserver_bin.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
forkserver_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
forkserver.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
forkserver.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
forkserver.proto
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
global_forkclient_lib_ctor.cc
global_forkclient.cc
Update naming and lambda capture for stack size
2023-03-09 00:14:39 -08:00
global_forkclient.h
Extract SandboxeeProcess and move it down the call chain
2023-02-07 02:22:45 -08:00
ipc_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
ipc.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
ipc.h
Split PtraceMonitor out of Monitor
2023-01-23 01:42:28 -08:00
limits_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
limits.h
logserver.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logserver.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logserver.proto
Migration of remaining protobufs from proto2 to proto3
2022-03-16 00:43:46 -07:00
logsink.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logsink.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
monitor_base.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
monitor_base.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
monitor_ptrace.cc
Decouple sandboxed stack tracing
2023-02-16 06:07:15 -08:00
monitor_ptrace.h
Decouple sandboxed stack tracing
2023-02-16 06:07:15 -08:00
monitor_unotify.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
monitor_unotify.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
mount_tree.proto
Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto
2022-03-14 05:15:15 -07:00
mounts_test.cc
Use namespaced policy in most tests
2023-02-16 07:12:46 -08:00
mounts.cc
Protobuf doesn't directly support heterogeneous lookup with absl::string_view
2023-01-19 07:32:03 -08:00
mounts.h
stack_trace: pass fd to sandboxee's memory instead of using process_vm_readv
2023-01-19 05:44:50 -08:00
namespace_test.cc
Migrate namespaces related tests out of policybuilder_test
2023-03-06 07:08:49 -08:00
namespace.cc
Rename and move CreateDirRecursive
2023-02-16 10:44:01 -08:00
namespace.h
Remove AllowUnsafeKeepCapabilities()
2023-02-02 04:47:02 -08:00
notify_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
notify.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
policy_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
policy.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
policy.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
policybuilder_test.cc
Migrate namespaces related tests out of policybuilder_test
2023-03-06 07:08:49 -08:00
policybuilder.cc
Allow sched_getaffinity with sanitizers
2023-03-08 06:51:19 -08:00
policybuilder.h
Implement DangerDefaultAllowAll using DefaultAction(AllowAllSyscalls())
2023-03-03 10:26:32 -08:00
README.md
regs_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
regs.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
regs.h
result.cc
Full syscall info in Result::ToString
2023-01-12 03:57:44 -08:00
result.h
#Cleanup: Consistently use std::make_unique
2022-10-12 05:23:42 -07:00
sandbox2_test.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
sandbox2.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
sandbox2.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
sanitizer_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
sanitizer.cc
Remove OsErrorMessage in favor of Abseil's new ErrnoToStatus
2022-04-21 06:15:38 -07:00
sanitizer.h
stack_trace_test.cc
Fix stack_trace_test for ARM64
2023-03-06 07:07:55 -08:00
stack_trace.cc
Remove superfluous set_rlimit_as(RLIM64_INFINITY)
2023-03-03 01:14:31 -08:00
stack_trace.h
Decouple sandboxed stack tracing
2023-02-16 06:07:15 -08:00
syscall_defs.cc
More precise sycall_defs
2022-12-22 05:00:48 -08:00
syscall_defs.h
Make code not have a -Warray-parameter warning.
2022-08-15 22:55:51 -07:00
syscall_test.cc
syscall.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
syscall.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
testing.h
util_test.cc
Rename and move CreateDirRecursive
2023-02-16 10:44:01 -08:00
util.cc
Rename and move CreateDirRecursive
2023-02-16 10:44:01 -08:00
util.h
Rename and move CreateDirRecursive
2023-02-16 10:44:01 -08:00
violation.proto
Add field to track policy source location
2023-02-24 07:55:23 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.