/// <nodoc /> public SandboxConfiguration() { m_unsafeSandboxConfig = new UnsafeSandboxConfiguration(); FailUnexpectedFileAccesses = true; DefaultTimeout = 10 * 60 * 1000; DefaultWarningTimeout = (int)(.85 * DefaultTimeout); TimeoutMultiplier = 1; WarningTimeoutMultiplier = 1; OutputReportingMode = OutputReportingMode.TruncatedOutputOnError; FileSystemMode = FileSystemMode.Unset; ForceReadOnlyForRequestedReadWrite = false; FlushPageCacheToFileSystemOnStoringOutputsToCache = true; NormalizeReadTimestamps = true; UseLargeNtClosePreallocatedList = false; UseExtraThreadToDrainNtClose = true; MaskUntrackedAccesses = true; LogProcessDetouringStatus = false; HardExitOnErrorInDetours = true; CheckDetoursMessageCount = true; AllowInternalDetoursErrorNotificationFile = true; EnforceAccessPoliciesOnDirectoryCreation = false; KextMeasureProcessCpuTimes = false; // measuring CPU times amounts to wrapping processes in /usr/bin/time, so let's not do that by default KextReportQueueSizeMb = 0; // let the sandbox kernel extension apply defaults KextEnableReportBatching = true; // use lock-free queue for batching access reports KextThrottleCpuUsageBlockThresholdPercent = 0; // no throttling by default KextThrottleCpuUsageWakeupThresholdPercent = 0; // no throttling by default KextThrottleMinAvailableRamMB = 0; // no throttling by default ContainerConfiguration = new SandboxContainerConfiguration(); }
/// <nodoc /> public SandboxConfiguration(ISandboxConfiguration template, PathRemapper pathRemapper) { Contract.Assume(template != null); m_unsafeSandboxConfig = new UnsafeSandboxConfiguration(template.UnsafeSandboxConfiguration); BreakOnUnexpectedFileAccess = template.BreakOnUnexpectedFileAccess; FileAccessIgnoreCodeCoverage = template.FileAccessIgnoreCodeCoverage; FailUnexpectedFileAccesses = template.FailUnexpectedFileAccesses; DefaultTimeout = template.DefaultTimeout; DefaultWarningTimeout = template.DefaultWarningTimeout; TimeoutMultiplier = template.TimeoutMultiplier; WarningTimeoutMultiplier = template.WarningTimeoutMultiplier; TimeoutDumpDirectory = pathRemapper.Remap(template.TimeoutDumpDirectory); SurvivingPipProcessChildrenDumpDirectory = pathRemapper.Remap(template.SurvivingPipProcessChildrenDumpDirectory); LogObservedFileAccesses = template.LogObservedFileAccesses; LogProcesses = template.LogProcesses; LogProcessData = template.LogProcessData; LogFileAccessTables = template.LogFileAccessTables; OutputReportingMode = template.OutputReportingMode; FileSystemMode = template.FileSystemMode; ForceReadOnlyForRequestedReadWrite = template.ForceReadOnlyForRequestedReadWrite; FlushPageCacheToFileSystemOnStoringOutputsToCache = template.FlushPageCacheToFileSystemOnStoringOutputsToCache; NormalizeReadTimestamps = template.NormalizeReadTimestamps; UseLargeNtClosePreallocatedList = template.UseLargeNtClosePreallocatedList; UseExtraThreadToDrainNtClose = template.UseExtraThreadToDrainNtClose; MaskUntrackedAccesses = template.MaskUntrackedAccesses; LogProcessDetouringStatus = template.LogProcessDetouringStatus; HardExitOnErrorInDetours = template.HardExitOnErrorInDetours; CheckDetoursMessageCount = template.CheckDetoursMessageCount; AllowInternalDetoursErrorNotificationFile = template.AllowInternalDetoursErrorNotificationFile; EnforceAccessPoliciesOnDirectoryCreation = template.EnforceAccessPoliciesOnDirectoryCreation; MeasureProcessCpuTimes = template.MeasureProcessCpuTimes; KextReportQueueSizeMb = template.KextReportQueueSizeMb; KextEnableReportBatching = template.KextEnableReportBatching; KextThrottleCpuUsageBlockThresholdPercent = template.KextThrottleCpuUsageBlockThresholdPercent; KextThrottleCpuUsageWakeupThresholdPercent = template.KextThrottleCpuUsageWakeupThresholdPercent; KextThrottleMinAvailableRamMB = template.KextThrottleMinAvailableRamMB; ContainerConfiguration = new SandboxContainerConfiguration(template.ContainerConfiguration); AdminRequiredProcessExecutionMode = template.AdminRequiredProcessExecutionMode; RedirectedTempFolderRootForVmExecution = pathRemapper.Remap(template.RedirectedTempFolderRootForVmExecution); RetryOnAzureWatsonExitCode = template.RetryOnAzureWatsonExitCode; EnsureTempDirectoriesExistenceBeforePipExecution = template.EnsureTempDirectoriesExistenceBeforePipExecution; GlobalUnsafeUntrackedScopes = pathRemapper.Remap(template.GlobalUnsafeUntrackedScopes); PreserveOutputsForIncrementalTool = template.PreserveOutputsForIncrementalTool; GlobalUnsafePassthroughEnvironmentVariables = new List <string>(template.GlobalUnsafePassthroughEnvironmentVariables); VmConcurrencyLimit = template.VmConcurrencyLimit; DirectoriesToEnableFullReparsePointParsing = pathRemapper.Remap(template.DirectoriesToEnableFullReparsePointParsing); ExplicitlyReportDirectoryProbes = template.ExplicitlyReportDirectoryProbes; }
/// <nodoc /> public SandboxConfiguration() { m_unsafeSandboxConfig = new UnsafeSandboxConfiguration(); FailUnexpectedFileAccesses = true; DefaultTimeout = ((int)DefaultProcessTimeoutInMinutes) * 60 * 1000; DefaultWarningTimeout = (int)(.85 * DefaultTimeout); TimeoutMultiplier = 1; WarningTimeoutMultiplier = 1; OutputReportingMode = OutputReportingMode.TruncatedOutputOnError; FileSystemMode = FileSystemMode.Unset; ForceReadOnlyForRequestedReadWrite = false; FlushPageCacheToFileSystemOnStoringOutputsToCache = true; NormalizeReadTimestamps = true; UseLargeNtClosePreallocatedList = false; UseExtraThreadToDrainNtClose = true; MaskUntrackedAccesses = true; LogProcessDetouringStatus = false; HardExitOnErrorInDetours = true; CheckDetoursMessageCount = true; AllowInternalDetoursErrorNotificationFile = true; EnforceAccessPoliciesOnDirectoryCreation = false; MeasureProcessCpuTimes = true; // always measure process times + ram consumption KextReportQueueSizeMb = 0; // let the sandbox kernel extension apply defaults KextEnableReportBatching = true; // use lock-free queue for batching access reports KextThrottleCpuUsageBlockThresholdPercent = 0; // no throttling by default KextThrottleCpuUsageWakeupThresholdPercent = 0; // no throttling by default KextThrottleMinAvailableRamMB = 0; // no throttling by default ContainerConfiguration = new SandboxContainerConfiguration(); AdminRequiredProcessExecutionMode = AdminRequiredProcessExecutionMode.Internal; RedirectedTempFolderRootForVmExecution = AbsolutePath.Invalid; RetryOnAzureWatsonExitCode = false; EnsureTempDirectoriesExistenceBeforePipExecution = false; GlobalUnsafeUntrackedScopes = new List <AbsolutePath>(); PreserveOutputsForIncrementalTool = false; GlobalUnsafePassthroughEnvironmentVariables = new List <string>(); VmConcurrencyLimit = 0; DirectoriesToEnableFullReparsePointParsing = new List <AbsolutePath>(); ExplicitlyReportDirectoryProbes = false; }
/// <nodoc /> public SandboxConfiguration(ISandboxConfiguration template, PathRemapper pathRemapper) { Contract.Assume(template != null); m_unsafeSandboxConfig = new UnsafeSandboxConfiguration(template.UnsafeSandboxConfiguration); DebugInstantPipOutputs = template.DebugInstantPipOutputs; BreakOnUnexpectedFileAccess = template.BreakOnUnexpectedFileAccess; FileAccessIgnoreCodeCoverage = template.FileAccessIgnoreCodeCoverage; FailUnexpectedFileAccesses = template.FailUnexpectedFileAccesses; DefaultTimeout = template.DefaultTimeout; DefaultWarningTimeout = template.DefaultWarningTimeout; TimeoutMultiplier = template.TimeoutMultiplier; WarningTimeoutMultiplier = template.WarningTimeoutMultiplier; TimeoutDumpDirectory = pathRemapper.Remap(template.TimeoutDumpDirectory); LogObservedFileAccesses = template.LogObservedFileAccesses; LogProcesses = template.LogProcesses; LogProcessData = template.LogProcessData; LogFileAccessTables = template.LogFileAccessTables; OutputReportingMode = template.OutputReportingMode; FileSystemMode = template.FileSystemMode; ForceReadOnlyForRequestedReadWrite = template.ForceReadOnlyForRequestedReadWrite; FlushPageCacheToFileSystemOnStoringOutputsToCache = template.FlushPageCacheToFileSystemOnStoringOutputsToCache; NormalizeReadTimestamps = template.NormalizeReadTimestamps; UseLargeNtClosePreallocatedList = template.UseLargeNtClosePreallocatedList; UseExtraThreadToDrainNtClose = template.UseExtraThreadToDrainNtClose; MaskUntrackedAccesses = template.MaskUntrackedAccesses; LogProcessDetouringStatus = template.LogProcessDetouringStatus; HardExitOnErrorInDetours = template.HardExitOnErrorInDetours; CheckDetoursMessageCount = template.CheckDetoursMessageCount; AllowInternalDetoursErrorNotificationFile = template.AllowInternalDetoursErrorNotificationFile; EnforceAccessPoliciesOnDirectoryCreation = template.EnforceAccessPoliciesOnDirectoryCreation; KextMeasureProcessCpuTimes = template.KextMeasureProcessCpuTimes; KextReportQueueSizeMb = template.KextReportQueueSizeMb; KextEnableReportBatching = template.KextEnableReportBatching; KextThrottleCpuUsageBlockThresholdPercent = template.KextThrottleCpuUsageBlockThresholdPercent; KextThrottleCpuUsageWakeupThresholdPercent = template.KextThrottleCpuUsageWakeupThresholdPercent; KextThrottleMinAvailableRamMB = template.KextThrottleMinAvailableRamMB; ContainerConfiguration = new SandboxContainerConfiguration(template.ContainerConfiguration); AdminRequiredProcessExecutionMode = template.AdminRequiredProcessExecutionMode; }