mirror of
https://github.com/openai/codex.git
synced 2026-04-30 03:12:20 +03:00
feat(linux-sandbox): vendor bubblewrap and wire it with FFI (#10413)
## Summary Vendor Bubblewrap into the repo and add minimal build plumbing in `codex-linux-sandbox` to compile/link it. ## Why We want to move Linux sandboxing toward Bubblewrap, but in a safe two-step rollout: 1) vendoring/build setup (this PR), 2) runtime integration (follow-up PR). ## Included - Add `codex-rs/vendor/bubblewrap` sources. - Add build-time FFI path in `codex-rs/linux-sandbox`. - Update `build.rs` rerun tracking for vendored files. - Small vendored compile warning fix (`sockaddr_nl` full init). follow up in https://github.com/openai/codex/pull/9938
This commit is contained in:
viyatb-oai
GitHub
42
codex-rs/vendor/bubblewrap/SECURITY.md
vendored
Normal file
42
codex-rs/vendor/bubblewrap/SECURITY.md
vendored
Normal file
@@ -0,0 +1,42 @@
|
||||
## Security and Disclosure Information Policy for the bubblewrap Project
|
||||
|
||||
The bubblewrap Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/HEAD/SECURITY.md) for the Containers Projects.
|
||||
|
||||
### System security
|
||||
|
||||
If bubblewrap is setuid root, then the goal is that it does not allow
|
||||
a malicious local user to do anything that would not have been possible
|
||||
on a kernel that allows unprivileged users to create new user namespaces.
|
||||
For example, [CVE-2020-5291](https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj)
|
||||
was treated as a security vulnerability in bubblewrap.
|
||||
|
||||
If bubblewrap is not setuid root, then it is not a security boundary
|
||||
between the user and the OS, because anything bubblewrap could do, a
|
||||
malicious user could equally well do by writing their own tool equivalent
|
||||
to bubblewrap.
|
||||
|
||||
### Sandbox security
|
||||
|
||||
bubblewrap is a toolkit for constructing sandbox environments.
|
||||
bubblewrap is not a complete, ready-made sandbox with a specific security
|
||||
policy.
|
||||
|
||||
Some of bubblewrap's use-cases want a security boundary between the sandbox
|
||||
and the real system; other use-cases want the ability to change the layout of
|
||||
the filesystem for processes inside the sandbox, but do not aim to be a
|
||||
security boundary.
|
||||
As a result, the level of protection between the sandboxed processes and
|
||||
the host system is entirely determined by the arguments passed to
|
||||
bubblewrap.
|
||||
|
||||
Whatever program constructs the command-line arguments for bubblewrap
|
||||
(often a larger framework like Flatpak, libgnome-desktop, sandwine
|
||||
or an ad-hoc script) is responsible for defining its own security model,
|
||||
and choosing appropriate bubblewrap command-line arguments to implement
|
||||
that security model.
|
||||
|
||||
For example,
|
||||
[CVE-2017-5226](https://github.com/flatpak/flatpak/security/advisories/GHSA-7gfv-rvfx-h87x)
|
||||
(in which a Flatpak app could send input to a parent terminal using the
|
||||
`TIOCSTI` ioctl) is considered to be a Flatpak vulnerability, not a
|
||||
bubblewrap vulnerability.
|
||||
Reference in New Issue
Block a user