Update the linux sandbox architecture to actually be able to pass its own tests#142
Open
ebendler wants to merge 3 commits intoanthropic-experimental:mainfrom
Open
Update the linux sandbox architecture to actually be able to pass its own tests#142ebendler wants to merge 3 commits intoanthropic-experimental:mainfrom
ebendler wants to merge 3 commits intoanthropic-experimental:mainfrom
Conversation
ebendler
changed the title
Author
|
This should be seen as a companion to #140 for the Linux side. |
…pdated to new major versions as they require some API changes
Replace the apply-seccomp binary approach with a nested bwrap for applying seccomp filters when network restrictions are active. This fixes a critical bug where socat's fork() children inherited the seccomp filter, causing socket(AF_UNIX, ...) calls to fail and silently dropping all proxy responses. The new architecture: - Outer bwrap/bash: starts socat bridges (no seccomp) that relay traffic between Unix socket bridges and TCP proxy listeners - Inner bwrap: launched with --share-net + --seccomp so only the user command's process tree has Unix socket creation blocked - Writable bind mounts from the outer bwrap are replicated into the inner bwrap to avoid EROFS errors Additionally: - Detach socat bridge processes via double-fork (execSync + shell backgrounding) so they are reparented to PID 1 and invisible to the bun test runner, which previously killed them between test cases - Store raw PIDs instead of ChildProcess objects in LinuxNetworkBridgeContext - Simplify bridge cleanup in sandbox-manager using a polling loop - Convert integration tests from synchronous spawnSync to async execCommand helper to keep the event loop alive for in-process proxy servicing - Export and deduplicate isProcessAlive across modules - Use shellquote.quote() in spawnDetachedSocat for safe shell escaping - Fix indentation in test cleanup blocks - Update wrapCommandWithSandboxLinux docstring to reflect new architecture
ebendler
force-pushed
the
update_deps
branch
from
b8306ad to
130402d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR (mostly by Opus 4.6) changes the architecture of the Linux sandbox to where the integration tests actually pass with bun/latest with three major changes:
apply-seccompis replaced for the network restriction case with a double-bwrapso that the seccomp restrictions are only applied to the agent's session commands and not the sandbox itself. This lets CC actually talk to its proxy.socatcalls are double-forked to prevent bun from nuking them. This is mostly to fix the integration tests, but probably does not hurt anything in normal use.asyncspawns, so that the sandbox can actually give responses to the test runner.The other commit updates the devDepends to their latest versions, but this did not result in any changes.
zodwas bumped to the last 3.x version, as 4.x requires significant API changes.