sandboxed-api/sandboxed_api/sandbox2
Chris Kennelly f5830c93cd Ensure that TCMalloc can execute NumCPUs.
PiperOrigin-RevId: 565683514
Change-Id: I391ab5f184f487ef3ffc553d10581cd6eaee54de
2023-09-15 08:21:13 -07:00
..
examples Ensure that TCMalloc can execute NumCPUs. 2023-09-15 08:21:13 -07:00
network_proxy Remove unused NetworkProxyClient::ConnectHandler 2023-09-08 07:51:13 -07:00
testcases Ensure that TCMalloc can execute NumCPUs. 2023-09-15 08:21:13 -07:00
unwind Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
util Increase limits in ElfParser 2023-08-31 05:01:51 -07:00
allow_all_syscalls.h Fix typo 2023-05-04 00:46:53 -07:00
allow_unrestricted_networking.h Sandbox2: Remove commented out include 2023-06-23 00:46:59 -07:00
bpfdisassembler_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
bpfdisassembler.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
bpfdisassembler.h Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
buffer_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
buffer.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
buffer.h Remove Tag constructor, add standard comment for absl::WrapUnique(new T) 2022-10-25 06:20:51 -07:00
BUILD.bazel Skip sanitizers for limits_test 2023-09-15 04:57:24 -07:00
client.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
client.h IWYU fixes 2023-08-23 09:04:00 -07:00
CMakeLists.txt PolicyBuilder: test error conditions for AddPolicyOnSyscalls 2023-09-05 07:13:56 -07:00
comms_test.cc Remove mutexes from Comms 2023-09-04 07:00:57 -07:00
comms_test.proto Migration of remaining protobufs from proto2 to proto3 2022-03-16 00:43:46 -07:00
comms.cc Remove mutexes from Comms 2023-09-04 07:00:57 -07:00
comms.h Remove mutexes from Comms 2023-09-04 07:00:57 -07:00
executor.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
executor.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
fork_client.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
fork_client.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
forkingclient.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
forkingclient.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
forkserver_bin.cc Gather more coverage data 2023-09-07 02:43:04 -07:00
forkserver_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
forkserver.cc Gather more coverage data 2023-09-07 02:43:04 -07:00
forkserver.h Always override forkservers comms_fd in sandboxee 2023-08-30 02:20:56 -07:00
forkserver.proto Treat libunwind sandbox as a ~regular sandboxee 2023-08-17 13:32:44 -07:00
global_forkclient_lib_ctor.cc Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
global_forkclient.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
global_forkclient.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
ipc_test.cc Run more tests with sanitizers and coverage 2023-09-05 07:14:49 -07:00
ipc.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
ipc.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
limits_test.cc Skip sanitizers for limits_test 2023-09-15 04:57:24 -07:00
limits.h Change license link to HTTPS URL 2022-01-28 01:39:09 -08:00
logserver.cc Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logserver.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
logserver.proto Migration of remaining protobufs from proto2 to proto3 2022-03-16 00:43:46 -07:00
logsink.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
logsink.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
monitor_base.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
monitor_base.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
monitor_ptrace.cc PtraceMonitor: Add a hard deadline for waiting for kill to take effect 2023-09-06 04:38:51 -07:00
monitor_ptrace.h PtraceMonitor: Add a hard deadline for waiting for kill to take effect 2023-09-06 04:38:51 -07:00
monitor_unotify.cc Reduce CHECK-failures in unotify monitor 2023-08-30 02:56:16 -07:00
monitor_unotify.h Reduce CHECK-failures in unotify monitor 2023-08-30 02:56:16 -07:00
mount_tree.proto Migrate to proto3, change is_ro to is_rw (default value is false), and rename mounttree.proto 2022-03-14 05:15:15 -07:00
mounts_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
mounts.cc Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
mounts.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
namespace_test.cc namespace_test: use lstat instead of stat, don't descent into procfs & sysfs 2023-09-14 02:09:12 -07:00
namespace.cc Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
namespace.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
network_proxy_test.cc NetworkProxyTest: test more error conditions 2023-09-05 02:17:25 -07:00
notify_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
notify.h Use Abseil's log/flags instead of glog/gflags 2022-10-20 06:48:51 -07:00
policy_test.cc Ensure that TCMalloc can execute NumCPUs. 2023-09-15 08:21:13 -07:00
policy.cc Disallow clone3, unsafe clone and unshare flags 2023-09-12 06:30:45 -07:00
policy.h Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
policybuilder_test.cc PolicyBuilder: test error conditions for AddPolicyOnSyscalls 2023-09-05 07:13:56 -07:00
policybuilder.cc Ensure that TCMalloc can execute NumCPUs. 2023-09-15 08:21:13 -07:00
policybuilder.h Run more tests with coverage enabled 2023-08-31 00:44:23 -07:00
README.md Update references to the new documentation 2021-12-14 09:03:29 -08:00
regs_test.cc Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
regs.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
regs.h Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
result.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
result.h Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
sandbox2_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
sandbox2.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
sandbox2.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
sanitizer_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
sanitizer.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
sanitizer.h Final round of IWYU fixes for Sandbox2 2023-08-25 06:50:29 -07:00
stack_trace_test.cc Reenable the stack_trace_test 2023-08-24 09:11:56 -07:00
stack_trace.cc Enable sandboxed stack traces for coverage 2023-08-31 04:05:49 -07:00
stack_trace.h Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
syscall_defs.cc Add missing Aarch64 syscall entries 2023-09-05 02:03:36 -07:00
syscall_defs.h Make code not have a -Warray-parameter warning. 2022-08-15 22:55:51 -07:00
syscall_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
syscall.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
syscall.h Seccomp_unotify based monitor 2023-03-08 08:09:34 -08:00
testing.h Add IWYU pragma 2023-08-23 07:14:21 -07:00
util_test.cc Bulk IWYU and build_cleaner fixes 2023-08-24 06:23:36 -07:00
util.cc Remove deprecated VecStringToCharPtrArr 2023-09-07 03:09:30 -07:00
util.h Remove deprecated VecStringToCharPtrArr 2023-09-07 03:09:30 -07:00
violation.proto Add field to track policy source location 2023-02-24 07:55:23 -08:00

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.