mrtoth/agent-sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure root filesystem is always read-only inside sandbox

Browse Source 
Whitelist mode's implicit bwrap root was a writable tmpfs, letting the
sandboxed process create files and directories anywhere not covered by
an explicit ro mount. This was not an issue in blacklist mode due to
--ro-bind / / covering that case.

This patch adds --remount-ro / before any other mount to make the base
layer read-only in both modes.
This commit is contained in:
Kristóf Tóth
2026-03-29 16:50:59 +02:00
parent 389e38a800
commit f1d7a14b8d
2 changed files with 102 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/sandbox.rs
View File

@@ -34,6 +34,7 @@ pub fn build_command(config: &SandboxConfig) -> Result<Command, SandboxError> {
add_ro_bind(&mut cmd, path)?;
}
cmd.args(["--remount-ro", "/"]);
cmd.arg("--new-session");
cmd.arg("--die-with-parent");
cmd.arg("--chdir").arg(&config.chdir);