/// <nodoc />
public SandboxConfiguration()
{
m_unsafeSandboxConfig = new UnsafeSandboxConfiguration();
FailUnexpectedFileAccesses = true;
DefaultTimeout = 10 * 60 * 1000;
DefaultWarningTimeout = (int)(.85 * DefaultTimeout);
TimeoutMultiplier = 1;
WarningTimeoutMultiplier = 1;
OutputReportingMode = OutputReportingMode.TruncatedOutputOnError;
FileSystemMode = FileSystemMode.Unset;
ForceReadOnlyForRequestedReadWrite = false;
FlushPageCacheToFileSystemOnStoringOutputsToCache = true;
NormalizeReadTimestamps = true;
UseLargeNtClosePreallocatedList = false;
UseExtraThreadToDrainNtClose = true;
MaskUntrackedAccesses = true;
LogProcessDetouringStatus = false;
HardExitOnErrorInDetours = true;
CheckDetoursMessageCount = true;
AllowInternalDetoursErrorNotificationFile = true;
EnforceAccessPoliciesOnDirectoryCreation = false;
KextMeasureProcessCpuTimes = false; // measuring CPU times amounts to wrapping processes in /usr/bin/time, so let's not do that by default
KextReportQueueSizeMb = 0; // let the sandbox kernel extension apply defaults
KextEnableReportBatching = true; // use lock-free queue for batching access reports
KextThrottleCpuUsageBlockThresholdPercent = 0; // no throttling by default
KextThrottleCpuUsageWakeupThresholdPercent = 0; // no throttling by default
KextThrottleMinAvailableRamMB = 0; // no throttling by default
ContainerConfiguration = new SandboxContainerConfiguration();
}
/// <nodoc />
public SandboxConfiguration(ISandboxConfiguration template, PathRemapper pathRemapper)
{
Contract.Assume(template != null);
m_unsafeSandboxConfig = new UnsafeSandboxConfiguration(template.UnsafeSandboxConfiguration);
BreakOnUnexpectedFileAccess = template.BreakOnUnexpectedFileAccess;
FileAccessIgnoreCodeCoverage = template.FileAccessIgnoreCodeCoverage;
FailUnexpectedFileAccesses = template.FailUnexpectedFileAccesses;
DefaultTimeout = template.DefaultTimeout;
DefaultWarningTimeout = template.DefaultWarningTimeout;
TimeoutMultiplier = template.TimeoutMultiplier;
WarningTimeoutMultiplier = template.WarningTimeoutMultiplier;
TimeoutDumpDirectory = pathRemapper.Remap(template.TimeoutDumpDirectory);
SurvivingPipProcessChildrenDumpDirectory = pathRemapper.Remap(template.SurvivingPipProcessChildrenDumpDirectory);
LogObservedFileAccesses = template.LogObservedFileAccesses;
LogProcesses = template.LogProcesses;
LogProcessData = template.LogProcessData;
LogFileAccessTables = template.LogFileAccessTables;
OutputReportingMode = template.OutputReportingMode;
FileSystemMode = template.FileSystemMode;
ForceReadOnlyForRequestedReadWrite = template.ForceReadOnlyForRequestedReadWrite;
FlushPageCacheToFileSystemOnStoringOutputsToCache = template.FlushPageCacheToFileSystemOnStoringOutputsToCache;
NormalizeReadTimestamps = template.NormalizeReadTimestamps;
UseLargeNtClosePreallocatedList = template.UseLargeNtClosePreallocatedList;
UseExtraThreadToDrainNtClose = template.UseExtraThreadToDrainNtClose;
MaskUntrackedAccesses = template.MaskUntrackedAccesses;
LogProcessDetouringStatus = template.LogProcessDetouringStatus;
HardExitOnErrorInDetours = template.HardExitOnErrorInDetours;
CheckDetoursMessageCount = template.CheckDetoursMessageCount;
AllowInternalDetoursErrorNotificationFile = template.AllowInternalDetoursErrorNotificationFile;
EnforceAccessPoliciesOnDirectoryCreation = template.EnforceAccessPoliciesOnDirectoryCreation;
MeasureProcessCpuTimes = template.MeasureProcessCpuTimes;
KextReportQueueSizeMb = template.KextReportQueueSizeMb;
KextEnableReportBatching = template.KextEnableReportBatching;
KextThrottleCpuUsageBlockThresholdPercent = template.KextThrottleCpuUsageBlockThresholdPercent;
KextThrottleCpuUsageWakeupThresholdPercent = template.KextThrottleCpuUsageWakeupThresholdPercent;
KextThrottleMinAvailableRamMB = template.KextThrottleMinAvailableRamMB;
ContainerConfiguration = new SandboxContainerConfiguration(template.ContainerConfiguration);
AdminRequiredProcessExecutionMode = template.AdminRequiredProcessExecutionMode;
RedirectedTempFolderRootForVmExecution = pathRemapper.Remap(template.RedirectedTempFolderRootForVmExecution);
RetryOnAzureWatsonExitCode = template.RetryOnAzureWatsonExitCode;
EnsureTempDirectoriesExistenceBeforePipExecution = template.EnsureTempDirectoriesExistenceBeforePipExecution;
GlobalUnsafeUntrackedScopes = pathRemapper.Remap(template.GlobalUnsafeUntrackedScopes);
PreserveOutputsForIncrementalTool = template.PreserveOutputsForIncrementalTool;
GlobalUnsafePassthroughEnvironmentVariables = new List <string>(template.GlobalUnsafePassthroughEnvironmentVariables);
VmConcurrencyLimit = template.VmConcurrencyLimit;
DirectoriesToEnableFullReparsePointParsing = pathRemapper.Remap(template.DirectoriesToEnableFullReparsePointParsing);
ExplicitlyReportDirectoryProbes = template.ExplicitlyReportDirectoryProbes;
}
/// <nodoc />
public SandboxConfiguration()
{
m_unsafeSandboxConfig = new UnsafeSandboxConfiguration();
FailUnexpectedFileAccesses = true;
DefaultTimeout = ((int)DefaultProcessTimeoutInMinutes) * 60 * 1000;
DefaultWarningTimeout = (int)(.85 * DefaultTimeout);
TimeoutMultiplier = 1;
WarningTimeoutMultiplier = 1;
OutputReportingMode = OutputReportingMode.TruncatedOutputOnError;
FileSystemMode = FileSystemMode.Unset;
ForceReadOnlyForRequestedReadWrite = false;
FlushPageCacheToFileSystemOnStoringOutputsToCache = true;
NormalizeReadTimestamps = true;
UseLargeNtClosePreallocatedList = false;
UseExtraThreadToDrainNtClose = true;
MaskUntrackedAccesses = true;
LogProcessDetouringStatus = false;
HardExitOnErrorInDetours = true;
CheckDetoursMessageCount = true;
AllowInternalDetoursErrorNotificationFile = true;
EnforceAccessPoliciesOnDirectoryCreation = false;
MeasureProcessCpuTimes = true; // always measure process times + ram consumption
KextReportQueueSizeMb = 0; // let the sandbox kernel extension apply defaults
KextEnableReportBatching = true; // use lock-free queue for batching access reports
KextThrottleCpuUsageBlockThresholdPercent = 0; // no throttling by default
KextThrottleCpuUsageWakeupThresholdPercent = 0; // no throttling by default
KextThrottleMinAvailableRamMB = 0; // no throttling by default
ContainerConfiguration = new SandboxContainerConfiguration();
AdminRequiredProcessExecutionMode = AdminRequiredProcessExecutionMode.Internal;
RedirectedTempFolderRootForVmExecution = AbsolutePath.Invalid;
RetryOnAzureWatsonExitCode = false;
EnsureTempDirectoriesExistenceBeforePipExecution = false;
GlobalUnsafeUntrackedScopes = new List <AbsolutePath>();
PreserveOutputsForIncrementalTool = false;
GlobalUnsafePassthroughEnvironmentVariables = new List <string>();
VmConcurrencyLimit = 0;
DirectoriesToEnableFullReparsePointParsing = new List <AbsolutePath>();
ExplicitlyReportDirectoryProbes = false;
}
/// <nodoc />
public SandboxConfiguration(ISandboxConfiguration template, PathRemapper pathRemapper)
{
Contract.Assume(template != null);
m_unsafeSandboxConfig = new UnsafeSandboxConfiguration(template.UnsafeSandboxConfiguration);
DebugInstantPipOutputs = template.DebugInstantPipOutputs;
BreakOnUnexpectedFileAccess = template.BreakOnUnexpectedFileAccess;
FileAccessIgnoreCodeCoverage = template.FileAccessIgnoreCodeCoverage;
FailUnexpectedFileAccesses = template.FailUnexpectedFileAccesses;
DefaultTimeout = template.DefaultTimeout;
DefaultWarningTimeout = template.DefaultWarningTimeout;
TimeoutMultiplier = template.TimeoutMultiplier;
WarningTimeoutMultiplier = template.WarningTimeoutMultiplier;
TimeoutDumpDirectory = pathRemapper.Remap(template.TimeoutDumpDirectory);
LogObservedFileAccesses = template.LogObservedFileAccesses;
LogProcesses = template.LogProcesses;
LogProcessData = template.LogProcessData;
LogFileAccessTables = template.LogFileAccessTables;
OutputReportingMode = template.OutputReportingMode;
FileSystemMode = template.FileSystemMode;
ForceReadOnlyForRequestedReadWrite = template.ForceReadOnlyForRequestedReadWrite;
FlushPageCacheToFileSystemOnStoringOutputsToCache = template.FlushPageCacheToFileSystemOnStoringOutputsToCache;
NormalizeReadTimestamps = template.NormalizeReadTimestamps;
UseLargeNtClosePreallocatedList = template.UseLargeNtClosePreallocatedList;
UseExtraThreadToDrainNtClose = template.UseExtraThreadToDrainNtClose;
MaskUntrackedAccesses = template.MaskUntrackedAccesses;
LogProcessDetouringStatus = template.LogProcessDetouringStatus;
HardExitOnErrorInDetours = template.HardExitOnErrorInDetours;
CheckDetoursMessageCount = template.CheckDetoursMessageCount;
AllowInternalDetoursErrorNotificationFile = template.AllowInternalDetoursErrorNotificationFile;
EnforceAccessPoliciesOnDirectoryCreation = template.EnforceAccessPoliciesOnDirectoryCreation;
KextMeasureProcessCpuTimes = template.KextMeasureProcessCpuTimes;
KextReportQueueSizeMb = template.KextReportQueueSizeMb;
KextEnableReportBatching = template.KextEnableReportBatching;
KextThrottleCpuUsageBlockThresholdPercent = template.KextThrottleCpuUsageBlockThresholdPercent;
KextThrottleCpuUsageWakeupThresholdPercent = template.KextThrottleCpuUsageWakeupThresholdPercent;
KextThrottleMinAvailableRamMB = template.KextThrottleMinAvailableRamMB;
ContainerConfiguration = new SandboxContainerConfiguration(template.ContainerConfiguration);
AdminRequiredProcessExecutionMode = template.AdminRequiredProcessExecutionMode;
}
