search

google / sandboxed-api

Generate sandboxes for C/C++ libraries automatically
https://developers.google.com/sandboxed-api/
Apache License 2.0
1.65k stars 189 forks source link

sandbox2tool CLI is broken #164

Closed RPGillespie6 closed 1 year ago

RPGillespie6 commented 1 year ago

Sandbox2 Tool (sandbox2tool.cc) is broken in the sense that you cannot pass any flags to it via CLI. Example error:

$ ./sandboxed_api/sandbox2/examples/tool/sandbox2tool --sandbox2tool_resolve_and_add_libraries -- /bin/ls -l
E1024 12:00:46.791592   14051 policybuilder.cc:1294] INTERNAL: Could not add libraries for --sandbox2tool_resolve_and_add_libraries: cannot open file: --sandbox2tool_resolve_and_add_libraries: No such file or directory
terminate called after throwing an instance of 'absl::BadStatusOrAccess'
  what():  Bad StatusOr access: INTERNAL: Could not add libraries for --sandbox2tool_resolve_and_add_libraries: cannot open file: --sandbox2tool_resolve_and_add_libraries: No such file or directory
Aborted (core dumped)

After peeking at the source, it appears the reason for this is that argv[1] is hardcoded as the sandboxee program path with all subsquent args as sandboxee args which makes it impossible to pass sandbox2tool flags:

  auto executor = std::make_unique<sandbox2::Executor>(argv[1], args, envp);

Unless I'm missing something, it does not seem currently possible to pass any sandbox2tool flags via CLI.

I did a git checkout HEAD~30 and it appears to be working there, so something must have broken between then and now.

cblichmann commented 1 year ago

Thanks for the report. This was broken by our switch to Abseil flags (from gflags). A fix is underway.