Stay organized with collections
Save and categorize content based on your preferences.
3. Adjust Limits
The Sandbox Policy prevents the Sandboxee from calling specific syscalls and
thus reduces the attack surface. However, an attacker might still be able to
cause undesired effects by running a process indefinitely or exhausting RAM and
other resources.
To address this threat, the Sandboxee runs under tight execution limits by
default. If these default limits cause issues for the legitimate execution of
your program, you can adjust them using the sandbox2::Limits
class by calling
limits()
on the executor object.
The code snippet below shows some example limit adjustments. All available
options are documented in the
limits.h
header file.
// Restrict the address space size of the sandboxee to 4 GiB.
executor->limits()->set_rlimit_as(4ULL << 30);
// Kill sandboxee with SIGXFSZ if it writes more than 1 GiB to the filesystem.
executor->limits()->set_rlimit_fsize(1ULL << 30);
// Number of file descriptors which can be used by the sandboxee.
executor->limits()->set_rlimit_nofile(1ULL << 10);
// The sandboxee is not allowed to create core files.
executor->limits()->set_rlimit_core(0);
// Maximum 300s of real CPU time.
executor->limits()->set_rlimit_cpu(300);
// Maximum 120s of wall time.
executor->limits()->set_walltime_limit(absl::Seconds(120));
For an example of the use of the sandbox2::Limits
class, see the example
tool.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-04-22 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-04-22 UTC."],[[["\u003cp\u003eSandboxee execution is restricted by default to minimize potential harm from malicious code.\u003c/p\u003e\n"],["\u003cp\u003eSandbox2 provides the \u003ccode\u003eLimits\u003c/code\u003e class to adjust resource limits like address space size, file size, and CPU time, allowing customization for specific program needs.\u003c/p\u003e\n"],["\u003cp\u003eDevelopers can fine-tune resource constraints using methods like \u003ccode\u003eset_rlimit_as\u003c/code\u003e or \u003ccode\u003eset_rlimit_cpu\u003c/code\u003e for more control over the Sandboxee's behavior.\u003c/p\u003e\n"],["\u003cp\u003eRefer to the \u003ccode\u003elimits.h\u003c/code\u003e header file for detailed documentation on all available limit options and their functionalities.\u003c/p\u003e\n"]]],[],null,["3. Adjust Limits\n----------------\n\nThe Sandbox Policy prevents the Sandboxee from calling specific syscalls and\nthus reduces the attack surface. However, an attacker might still be able to\ncause undesired effects by running a process indefinitely or exhausting RAM and\nother resources.\n\nTo address this threat, the Sandboxee runs under tight execution limits by\ndefault. If these default limits cause issues for the legitimate execution of\nyour program, you can adjust them using the `sandbox2::Limits` class by calling\n`limits()` on the executor object.\n\nThe code snippet below shows some example limit adjustments. All available\noptions are documented in the\n[limits.h](https://github.com/google/sandboxed-api/blob/master/sandboxed_api/sandbox2/limits.h)\nheader file. \n\n // Restrict the address space size of the sandboxee to 4 GiB.\n executor-\u003elimits()-\u003eset_rlimit_as(4ULL \u003c\u003c 30);\n // Kill sandboxee with SIGXFSZ if it writes more than 1 GiB to the filesystem.\n executor-\u003elimits()-\u003eset_rlimit_fsize(1ULL \u003c\u003c 30);\n // Number of file descriptors which can be used by the sandboxee.\n executor-\u003elimits()-\u003eset_rlimit_nofile(1ULL \u003c\u003c 10);\n // The sandboxee is not allowed to create core files.\n executor-\u003elimits()-\u003eset_rlimit_core(0);\n // Maximum 300s of real CPU time.\n executor-\u003elimits()-\u003eset_rlimit_cpu(300);\n // Maximum 120s of wall time.\n executor-\u003elimits()-\u003eset_walltime_limit(absl::Seconds(120));\n\nFor an example of the use of the `sandbox2::Limits` class, see the example\n[tool](/code-sandboxing/sandbox2/examples#tool)."]]