fix: Landlock probe environment and autofallback to BW#252
Draft
abhisek wants to merge 1 commit into
Draft
Conversation
SafeDep Report Summary
No dependency changes detected. Nothing to scan. This report is generated by SafeDep Github App |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #252 +/- ##
==========================================
- Coverage 46.18% 46.05% -0.13%
==========================================
Files 112 114 +2
Lines 8103 8155 +52
==========================================
+ Hits 3742 3756 +14
- Misses 4040 4076 +36
- Partials 321 323 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves Linux sandbox driver selection by adding an environment probe for Landlock’s “no-NNP seccomp shim” requirements and automatically falling back to Bubblewrap when that probe fails, plus adds unit tests and documentation updates to reflect the new behavior.
Changes:
- Add a self-reexec Landlock shim probe used during Landlock sandbox initialization to validate required user-namespace + seccomp-notify behavior.
- Refactor Linux sandbox selection to use injectable factories (enabling deterministic tests) and add coverage for fallback/forced-driver behavior.
- Document the updated Landlock requirements and fallback conditions; wire a hidden
__landlock_probecommand into the CLI.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| sandbox/platform/platform_linux.go | Adds factory indirection and safer Landlock logging in driver selection + fallback logic. |
| sandbox/platform/platform_linux_test.go | New tests validating default fallback, default Landlock selection, and forced-driver behavior. |
| sandbox/platform/landlock_probe_linux.go | Implements the Landlock shim probe (self-reexec + seccomp install) and probe entrypoint. |
| sandbox/platform/landlock_linux.go | Calls the probe as part of Landlock sandbox construction to gate driver availability. |
| main.go | Registers the hidden __landlock_probe command in the root CLI. |
| cmd/landlock/landlock_probe_linux.go | Adds the hidden Cobra command that runs the platform probe on Linux. |
| cmd/landlock/landlock_probe_other.go | Returns nil for the probe command on non-Linux platforms. |
| docs/sandbox.md | Updates Linux Landlock requirements and fallback explanation to include the shim probe. |
| docs/sandbox-landlock.md | Updates Landlock limitations to note probing and fallback behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
35
to
+45
| // newLandlockSandbox creates a new Landlock sandbox instance after verifying | ||
| // that both Landlock and seccomp user notification are available on the system. | ||
| // that Landlock and the no-NNP seccomp shim path are available on the system. | ||
| func newLandlockSandbox() (sandbox.Sandbox, error) { | ||
| abi, err := landlockDetectABI() | ||
| if err != nil { | ||
| return nil, fmt.Errorf("landlock not available: %w", err) | ||
| } | ||
|
|
||
| if err := landlockShimProbe(); err != nil { | ||
| return nil, fmt.Errorf("landlock shim not available: %w", err) | ||
| } |
Comment on lines
144
to
+148
| cmd.AddCommand(subcmd) | ||
| } | ||
| if subcmd := landlockCmd.NewLandlockProbeCommand(); subcmd != nil { | ||
| cmd.AddCommand(subcmd) | ||
| } |
Comment on lines
+17
to
+18
| PersistentPreRun: func(cmd *cobra.Command, args []string) { | ||
| }, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.