mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00

History

Wiktor Garbacz f6ec787902 PtraceMonitor: Add a hard deadline for waiting for kill to take effect PiperOrigin-RevId: 563064233 Change-Id: Id340ba3793b82737f1976638a57df513c3d4136c		2023-09-06 04:38:51 -07:00
..
examples
network_proxy	Better network proxy tests	2023-09-05 00:57:27 -07:00
testcases
unwind
util
allow_all_syscalls.h
allow_unrestricted_networking.h
bpfdisassembler_test.cc
bpfdisassembler.cc
bpfdisassembler.h
buffer_test.cc
buffer.cc
buffer.h
BUILD.bazel	PolicyBuilder: test error conditions for AddPolicyOnSyscalls	2023-09-05 07:13:56 -07:00
client.cc	Bulk IWYU and build_cleaner fixes	2023-08-24 06:23:36 -07:00
client.h
CMakeLists.txt	PolicyBuilder: test error conditions for AddPolicyOnSyscalls	2023-09-05 07:13:56 -07:00
comms_test.cc
comms_test.proto
comms.cc	Remove mutexes from Comms	2023-09-04 07:00:57 -07:00
comms.h
executor.cc
executor.h
fork_client.cc
fork_client.h	Seccomp_unotify based monitor	2023-03-08 08:09:34 -08:00
forkingclient.cc
forkingclient.h
forkserver_bin.cc
forkserver_test.cc
forkserver.cc
forkserver.h
forkserver.proto	Treat libunwind sandbox as a ~regular sandboxee	2023-08-17 13:32:44 -07:00
global_forkclient_lib_ctor.cc
global_forkclient.cc
global_forkclient.h
ipc_test.cc	Run more tests with sanitizers and coverage	2023-09-05 07:14:49 -07:00
ipc.cc
ipc.h	Bulk IWYU and build_cleaner fixes	2023-08-24 06:23:36 -07:00
limits_test.cc
limits.h
logserver.cc	Use Abseil's log/flags instead of glog/gflags	2022-10-20 06:48:51 -07:00
logserver.h
logserver.proto
logsink.cc
logsink.h
monitor_base.cc
monitor_base.h
monitor_ptrace.cc	PtraceMonitor: Add a hard deadline for waiting for kill to take effect	2023-09-06 04:38:51 -07:00
monitor_ptrace.h	PtraceMonitor: Add a hard deadline for waiting for kill to take effect	2023-09-06 04:38:51 -07:00
monitor_unotify.cc
monitor_unotify.h
mount_tree.proto
mounts_test.cc
mounts.cc	Final round of IWYU fixes for Sandbox2	2023-08-25 06:50:29 -07:00
mounts.h
namespace_test.cc
namespace.cc
namespace.h	Bulk IWYU and build_cleaner fixes	2023-08-24 06:23:36 -07:00
network_proxy_test.cc	NetworkProxyTest: test more error conditions	2023-09-05 02:17:25 -07:00
notify_test.cc
notify.h
policy_test.cc
policy.cc
policy.h
policybuilder_test.cc	PolicyBuilder: test error conditions for AddPolicyOnSyscalls	2023-09-05 07:13:56 -07:00
policybuilder.cc
policybuilder.h
README.md
regs_test.cc
regs.cc
regs.h
result.cc
result.h
sandbox2_test.cc
sandbox2.cc	Bulk IWYU and build_cleaner fixes	2023-08-24 06:23:36 -07:00
sandbox2.h
sanitizer_test.cc
sanitizer.cc
sanitizer.h
stack_trace_test.cc
stack_trace.cc
stack_trace.h	Bulk IWYU and build_cleaner fixes	2023-08-24 06:23:36 -07:00
syscall_defs.cc	Add missing Aarch64 syscall entries	2023-09-05 02:03:36 -07:00
syscall_defs.h
syscall_test.cc	Bulk IWYU and build_cleaner fixes	2023-08-24 06:23:36 -07:00
syscall.cc
syscall.h
testing.h
util_test.cc
util.cc	Bulk IWYU and build_cleaner fixes	2023-08-24 06:23:36 -07:00
util.h
violation.proto	Add field to track policy source location	2023-02-24 07:55:23 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.