Lines Matching full:sandbox
13 #include "sandbox/linux/bpf_dsl/codegen.h"
14 #include "sandbox/sandbox_export.h"
16 namespace sandbox {
33 // Ownership of |policy| is transfered here to the sandbox object.
36 // NOTE: Setting a policy and starting the sandbox is a one-way operation.
37 // The kernel does not provide any option for unloading a loaded sandbox. The
38 // sandbox remains engaged even when the object is destructed.
46 // the sandbox, and enters Seccomp mode.
47 // The calling process must provide a |level| to tell the sandbox which type
49 // SINGLE_THREADED will only sandbox the calling thread. Since it would be a
50 // security risk, the sandbox will also check that the current process is
52 // MULTI_THREADED requires more recent kernel support and allows to sandbox
55 // the sandbox is engaged.
57 // It is possible to stack multiple sandboxes by creating separate "Sandbox"
67 // The sandbox needs to be able to access files in "/proc/self/". If
71 // The sandbox becomes the new owner of this file descriptor and will
72 // close it when "StartSandbox()" executes or when the sandbox object
112 } // namespace sandbox
