mrtoth/agent-sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand default path coverage for common tools

Browse Source
This commit is contained in:
Kristóf Tóth
2026-05-15 10:08:22 +02:00
parent 3fb0da0577
commit 4babf33439
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/sandbox.rs
+11
View File
@@ -164,9 +164,12 @@ fn add_blacklist_mode(cmd: &mut Command) -> Result<(), SandboxError> {
"/run/udev", "/run/udev",
"/run/NetworkManager/resolv.conf", "/run/NetworkManager/resolv.conf",
"/run/media", "/run/media",
"/run/utmp",
], ],
); );
cmd.arg("--tmpfs").arg("/run/systemd/system");
ensure_parent_dirs(cmd, "/run", &ctx.run_user); ensure_parent_dirs(cmd, "/run", &ctx.run_user);
cmd.arg("--tmpfs").arg(&ctx.run_user); cmd.arg("--tmpfs").arg(&ctx.run_user);
let run_user_bus = format!("{}/bus", ctx.run_user); let run_user_bus = format!("{}/bus", ctx.run_user);
@@ -204,6 +207,14 @@ fn add_whitelist_mode(
"/etc/hostname", "/etc/hostname",
"/etc/localtime", "/etc/localtime",
"/etc/machine-id", "/etc/machine-id",
"/etc/os-release",
"/etc/lsb-release",
"/etc/locale.conf",
"/etc/inputrc",
"/etc/shells",
"/etc/man_db.conf",
"/etc/pki",
"/etc/timezone",
] { ] {
cmd.args(["--ro-bind-try", path, path]); cmd.args(["--ro-bind-try", path, path]);
} }