mrtoth/agent-sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use --ro-bind-try for system files in whitelist mode

Browse Source
This commit is contained in:
Kristóf Tóth
2026-03-20 19:29:53 +01:00
parent b4b94856ac
commit c8e0d4813a
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/sandbox.rs
View File

@@ -82,16 +82,16 @@ fn add_whitelist_mode(cmd: &mut Command) -> Result<(), SandboxError> {
cmd.args(["--ro-bind-try", path, path]); cmd.args(["--ro-bind-try", path, path]);
} }
cmd.args(["--ro-bind", "/etc/ssl", "/etc/ssl"]); cmd.args(["--ro-bind-try", "/etc/ssl", "/etc/ssl"]);
cmd.args([ cmd.args([
"--ro-bind-try", "--ro-bind-try",
"/etc/ca-certificates", "/etc/ca-certificates",
"/etc/ca-certificates", "/etc/ca-certificates",
]); ]);
cmd.args(["--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf"]); cmd.args(["--ro-bind-try", "/etc/resolv.conf", "/etc/resolv.conf"]);
cmd.args(["--ro-bind", "/etc/nsswitch.conf", "/etc/nsswitch.conf"]); cmd.args(["--ro-bind-try", "/etc/nsswitch.conf", "/etc/nsswitch.conf"]);
cmd.args(["--ro-bind", "/etc/passwd", "/etc/passwd"]); cmd.args(["--ro-bind-try", "/etc/passwd", "/etc/passwd"]);
cmd.args(["--ro-bind", "/etc/group", "/etc/group"]); cmd.args(["--ro-bind-try", "/etc/group", "/etc/group"]);
for path in [ for path in [
"/etc/hosts", "/etc/hosts",