Lines Matching defs:Sandbox
19 #include "sandbox/linux/seccomp-bpf/die.h"
20 #include "sandbox/linux/seccomp-bpf/errorcode.h"
21 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
22 #include "sandbox/linux/seccomp-bpf/port.h"
23 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy_forward.h"
44 class Sandbox {
51 STATUS_ENABLED // The sandbox is now active
55 // ErrorCode (Sandbox *sb, int sysnum, void *aux);
57 // pointer in |aux|. This pointer will then be forwarded to the sandbox
69 // NOTE: Setting a policy and starting the sandbox is a one-way operation.
71 // sandbox. Strictly speaking, that means we should disallow calling
73 // this makes it needlessly complicated to operate on "Sandbox"
78 Sandbox();
79 ~Sandbox();
86 // There are a lot of reasons why the Seccomp sandbox might not be available.
88 // could be because another sandbox is already active.
93 // The sandbox needs to be able to access files in "/proc/self". If this
96 // The sandbox becomes the new owner of this file descriptor and will
127 // the sandbox. It should never be used in production, but it can be
128 // very useful to diagnose code that is incompatible with the sandbox.
130 // entire sandbox should be considered compromised.
150 // If it is outside this range, the sandbox treats the system call just
162 // need rewriting, sets up the resources needed by the sandbox, and
164 // It is possible to stack multiple sandboxes by creating separate "Sandbox"
176 // Typically, AssembleFilter() is only used by unit tests and by sandbox
231 // by the sandbox internals. It should not be used by production code.
266 DISALLOW_COPY_AND_ASSIGN(Sandbox);
