Skip to content

Harden code execution with fail-closed confinement#41

Open
Mzack9999 wants to merge 4 commits into
mainfrom
sandbox-hardening
Open

Harden code execution with fail-closed confinement#41
Mzack9999 wants to merge 4 commits into
mainfrom
sandbox-hardening

Conversation

@Mzack9999

Copy link
Copy Markdown
Member

Replaces the old sandbox package with a new confine package. Confinement is deny-by-default and fails closed: if it is requested but no backend is available, execution is refused instead of running on the host.

Backends:

  • Linux: bubblewrap
  • macOS: Seatbelt (sandbox-exec)
  • Docker: hardened single-shot container (no network, cap-drop ALL, no-new-privileges, read-only rootfs, cpu/memory/pids limits)

Source is injected as bytes instead of a shell heredoc, and container logs are demuxed with stdcopy.

Eval and EvalWithVirtualEnv route through the confiner. Enable via Options.Sandbox or Options.Confinement.

Breaking changes:

  • removes the sandbox package and its examples
  • removes the VirtualEnvType enum
  • EvalWithVirtualEnv now takes a *confine.Policy instead of a VirtualEnvType + *sandbox.DockerConfiguration

nuclei's code protocol needs a matching update before bumping gozero.

Tests cover the argv/profile/container-config builders, env scrubbing, fail-closed selection, and live isolation (skipped when the native backend is absent).

Mzack9999 added 4 commits July 3, 2026 03:07
Add a fail-closed confine package (bubblewrap, Seatbelt, hardened Docker)
and route Eval/EvalWithVirtualEnv through it. Remove the superseded sandbox
package and its examples.
Normalize a nil policy in confine.New so Logger is set before the backend
probe runs; add a regression test.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant