StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
sandboxed-api/sandboxed_api/sandbox2
History
Wiktor Garbacz fc8a2340c7 Rename GetCloneFlags 
PiperOrigin-RevId: 553448623
Change-Id: Ia49b16dd4b8795ba95bab8a8ea0c7ffc50bba628
2023-08-03 05:42:29 -07:00
..
examples
Mostly internal change: Optimize OSS transforms
2023-06-07 02:23:18 -07:00
network_proxy
Mostly internal change: Optimize OSS transforms
2023-06-07 02:23:18 -07:00
testcases
Remove redundant buffer test
2023-07-21 01:53:54 -07:00
unwind
Mostly internal change: Optimize OSS transforms
2023-06-07 02:23:18 -07:00
util
Mostly internal change: Optimize OSS transforms
2023-06-07 02:23:18 -07:00
allow_all_syscalls.h
Fix typo
2023-05-04 00:46:53 -07:00
allow_unrestricted_networking.h
Sandbox2: Remove commented out include
2023-06-23 00:46:59 -07:00
bpfdisassembler_test.cc
Add test for bpf disassembler
2023-03-07 05:04:09 -08:00
bpfdisassembler.cc
Add test for bpf disassembler
2023-03-07 05:04:09 -08:00
bpfdisassembler.h
buffer_test.cc
Remove redundant buffer test
2023-07-21 01:53:54 -07:00
buffer.cc
Remove Tag constructor, add standard comment for absl::WrapUnique(new T)
2022-10-25 06:20:51 -07:00
buffer.h
Remove Tag constructor, add standard comment for absl::WrapUnique(new T)
2022-10-25 06:20:51 -07:00
BUILD.bazel
Remove redundant buffer test
2023-07-21 01:53:54 -07:00
client.cc
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
client.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
CMakeLists.txt
Remove redundant buffer test
2023-07-21 01:53:54 -07:00
comms_test.cc
Comms constructor for non abstract sockets
2023-03-23 07:34:32 -07:00
comms_test.proto
comms.cc
Comms constructor for non abstract sockets
2023-03-23 07:34:32 -07:00
comms.h
Comms constructor for non abstract sockets
2023-03-23 07:34:32 -07:00
executor.cc
Rename GetCloneFlags
2023-08-03 05:42:29 -07:00
executor.h
Copy environ in sandbox2_test to get better coverage data
2023-03-22 05:47:00 -07:00
fork_client.cc
Automated rollback of commit f6fd27618b446c68520b5e611fab155bb621f83b.
2023-05-04 06:53:48 -07:00
fork_client.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
forkingclient.cc
Do not exit from within ForkServer to get more precise coverage data
2023-03-29 02:22:16 -07:00
forkingclient.h
forkserver_bin.cc
Remove WaitForSanitizers from ptrace monitor & add to global forkserver
2023-05-10 05:06:18 -07:00
forkserver_test.cc
Automated rollback of commit 8c53262539b8cb1f658270b385e2ce43eddc68b6.
2023-05-03 08:45:11 -07:00
forkserver.cc
sandbox2: Provide sandboxee rusage when using unotify monitor
2023-06-16 04:37:18 -07:00
forkserver.h
Do not exit from within ForkServer to get more precise coverage data
2023-03-29 02:22:16 -07:00
forkserver.proto
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
global_forkclient_lib_ctor.cc
global_forkclient.cc
Error out if invalid custom forkserver path is specified
2023-06-15 03:17:02 -07:00
global_forkclient.h
Extract SandboxeeProcess and move it down the call chain
2023-02-07 02:22:45 -08:00
ipc_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
ipc.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
ipc.h
Split PtraceMonitor out of Monitor
2023-01-23 01:42:28 -08:00
limits_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
limits.h
logserver.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logserver.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logserver.proto
logsink.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
logsink.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
monitor_base.cc
Rename GetCloneFlags
2023-08-03 05:42:29 -07:00
monitor_base.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
monitor_ptrace.cc
Really give priority to main_pid
2023-08-02 08:42:51 -07:00
monitor_ptrace.h
Decouple sandboxed stack tracing
2023-02-16 06:07:15 -08:00
monitor_unotify.cc
sandbox2: Provide sandboxee rusage when using unotify monitor
2023-06-16 04:37:18 -07:00
monitor_unotify.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
mount_tree.proto
mounts_test.cc
Allow replacing a read-only node with writable for same target
2023-07-18 02:45:13 -07:00
mounts.cc
Allow replacing a read-only node with writable for same target
2023-07-18 02:45:13 -07:00
mounts.h
Allow replacing a read-only node with writable for same target
2023-07-18 02:45:13 -07:00
namespace_test.cc
Migrate namespaces related tests out of policybuilder_test
2023-03-06 07:08:49 -08:00
namespace.cc
Rename GetCloneFlags
2023-08-03 05:42:29 -07:00
namespace.h
Rename GetCloneFlags
2023-08-03 05:42:29 -07:00
notify_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
notify.h
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
policy_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
policy.cc
Add missing LOAD_SYSCALL_NR
2023-03-15 03:29:56 -07:00
policy.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
policybuilder_test.cc
Disallow AddPolicyForSyscalls with an empty list
2023-07-21 02:24:44 -07:00
policybuilder.cc
Adding AllowOpen to AllowLlvmSanitizers to avoid having to add AllowOpen in addition when it's only needed for running under the sanitizers.
2023-07-25 04:38:43 -07:00
policybuilder.h
Introduce AddFile(At)IfNamespaced/AddDirectory(At)IfNamespaced
2023-07-17 01:58:46 -07:00
README.md
regs_test.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
regs.cc
regs.h
result.cc
sandbox2: Provide sandboxee rusage when using unotify monitor
2023-06-16 04:37:18 -07:00
result.h
sandbox2: Provide sandboxee rusage when using unotify monitor
2023-06-16 04:37:18 -07:00
sandbox2_test.cc
Copy environ in sandbox2_test to get better coverage data
2023-03-22 05:47:00 -07:00
sandbox2.cc
Better error when calling RunAsync on a Sandbox2 instance twice
2023-08-02 06:44:21 -07:00
sandbox2.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
sanitizer_test.cc
Run more tests with coverage and sanitizers contd
2023-03-03 06:51:06 -08:00
sanitizer.cc
sanitizer.h
stack_trace_test.cc
Fix stack_trace_test for ARM64
2023-03-06 07:07:55 -08:00
stack_trace.cc
stack_trace: avoid copying /proc/{pid}/exe if possible
2023-06-12 00:14:40 -07:00
stack_trace.h
Decouple sandboxed stack tracing
2023-02-16 06:07:15 -08:00
syscall_defs.cc
More precise sycall_defs
2022-12-22 05:00:48 -08:00
syscall_defs.h
Make code not have a -Warray-parameter warning.
2022-08-15 22:55:51 -07:00
syscall_test.cc
syscall.cc
Use Abseil's log/flags instead of glog/gflags
2022-10-20 06:48:51 -07:00
syscall.h
Seccomp_unotify based monitor
2023-03-08 08:09:34 -08:00
testing.h
util_test.cc
Add tests for util.cc
2023-03-14 00:04:14 -07:00
util.cc
Sandbox2: Remove file sealing for in-memory files.
2023-07-25 05:04:52 -07:00
util.h
Dump coverage prior to execveat
2023-03-28 05:50:43 -07:00
violation.proto
Add field to track policy source location
2023-02-24 07:55:23 -08:00

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Documentation

Detailed developer documentation is available on the Google Developers site for Sandboxed API under Sandbox2.

There is also a Getting Started guide for Sandbox2.