Lines Matching full:sandbox
31 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
32 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
33 #include "sandbox/linux/services/linux_syscalls.h"
35 using sandbox::ErrorCode;
36 using sandbox::SandboxBPF;
37 using sandbox::SandboxBPFPolicy;
38 using sandbox::arch_seccomp_data;
42 // We don't expect our sandbox to do anything useful yet. So, we will fail
44 // following line should be removed as soon as the sandbox is starting to
219 // log the system call and then deny it. More elaborate sandbox policies
246 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
253 ErrorCode DemoPolicy::EvaluateSyscall(SandboxBPF* sandbox, int sysno) const {
342 return sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
345 sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
348 sandbox->Trap(DefaultHandler, NULL)));
353 // As is, this sandbox isn't exactly safe :-/
383 return sandbox->Trap(DefaultHandler, NULL);
431 perror("sandbox");
434 SandboxBPF sandbox;
435 sandbox.set_proc_fd(proc_fd);
436 sandbox.SetSandboxPolicy(new DemoPolicy());
437 if (!sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)) {
523 // Print a message so that the user can see the sandbox is activated.
525 printf("Sandbox has been started at %s", ctime(&tm));
