Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
docs
examples
testcases
unwind
util
BUILD.bazel
README.md
bpfdisassembler.cc
bpfdisassembler.h
buffer.cc
buffer.h
buffer_test.cc
client.cc
client.h
comms.cc
comms.h
comms_test.cc
comms_test.proto
executor.cc
executor.h
forkingclient.cc
forkingclient.h
forkserver.cc
forkserver.h
forkserver.proto
forkserver_bin.cc
forkserver_test.cc
global_forkclient.cc
global_forkclient.h
ipc.cc
ipc.h
ipc_test.cc
limits.h
limits_test.cc
logserver.cc
logserver.h
logserver.proto
logsink.cc
logsink.h
monitor.cc
monitor.h
mounts.cc
mounts.h
mounts_test.cc
mounttree.proto
namespace.cc
namespace.h
namespace_test.cc
network_proxy_client.cc
network_proxy_client.h
network_proxy_server.cc
network_proxy_server.h
notify.h
notify_test.cc
policy.cc
policy.h
policy_test.cc
policybuilder.cc
policybuilder.h
policybuilder_test.cc
regs.cc
regs.h
result.cc
result.h
sandbox2.cc
sandbox2.h
sandbox2_test.cc
sanitizer.cc
sanitizer.h
sanitizer_test.cc
stack-trace.cc
stack-trace.h
stack-trace_test.cc
syscall.cc
syscall.h
syscall_defs.cc
syscall_defs.h
syscall_test.cc
testing.cc
testing.h
util.cc
util.h
util_test.cc
violation.proto

README.md

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Who is it for?

Sandbox2 is aimed to sandbox C/C++ code or whole binaries in production.

See the sandboxing options overview page to make sure this is the type of sandboxing you are looking for.

How does it work?

Read our How it works page to learn everything about this technology.

You can’t perform that action at this time.