@landstrip/landstrip 0.14.7 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +84 -12
- package/package.json +5 -5
package/README.md
CHANGED
|
@@ -123,11 +123,15 @@ kind name as the single top-level key.
|
|
|
123
123
|
|
|
124
124
|
The trap kinds are:
|
|
125
125
|
|
|
126
|
-
- `Filesystem`: a filesystem access denial
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
126
|
+
- `Filesystem`: a filesystem access denial object. The stable `code` is
|
|
127
|
+
`FS_READ_DENIED` or `FS_WRITE_DENIED`; `operation` is `read` or `write`;
|
|
128
|
+
`path` is the resolved path; `requested_path` is the original path supplied by
|
|
129
|
+
the tool when available; `syscall`, `errno`, `flags`, `reason`,
|
|
130
|
+
`suggested_grant`, and `process` provide machine-readable routing context.
|
|
131
|
+
- `Network`: a denied TCP connect or bind object. The stable `code` is
|
|
132
|
+
`NET_CONNECT_DENIED`, `NET_BIND_DENIED`, or `NET_DENIED`; `operation` is
|
|
133
|
+
`connect` or `bind`; `target` is `address:port`; `syscall`, `errno`, and
|
|
134
|
+
`process` provide routing context.
|
|
131
135
|
- `Launch`: the tool could not be started, as `[program, message]`.
|
|
132
136
|
- `Usage`: a command-line usage error, as a message string. Usage errors exit
|
|
133
137
|
with status 2.
|
|
@@ -135,10 +139,40 @@ The trap kinds are:
|
|
|
135
139
|
diagnostic key/value pairs (for example `source`, `file`, or platform API
|
|
136
140
|
details).
|
|
137
141
|
|
|
142
|
+
Example of a filesystem denial:
|
|
143
|
+
|
|
144
|
+
```json
|
|
145
|
+
{
|
|
146
|
+
"Filesystem": {
|
|
147
|
+
"code": "FS_WRITE_DENIED",
|
|
148
|
+
"operation": "write",
|
|
149
|
+
"path": "/repo/out",
|
|
150
|
+
"requested_path": "out",
|
|
151
|
+
"syscall": "openat",
|
|
152
|
+
"errno": "EACCES",
|
|
153
|
+
"flags": [
|
|
154
|
+
"O_WRONLY",
|
|
155
|
+
"O_CREAT",
|
|
156
|
+
"O_TRUNC"
|
|
157
|
+
],
|
|
158
|
+
"reason": "not_in_allow_write",
|
|
159
|
+
"suggested_grant": {
|
|
160
|
+
"allowWrite": "/repo/out"
|
|
161
|
+
},
|
|
162
|
+
"mechanism": "seccomp",
|
|
163
|
+
"process": {
|
|
164
|
+
"pid": 1234,
|
|
165
|
+
"exe": "/usr/bin/sh",
|
|
166
|
+
"cwd": "/repo"
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
```
|
|
171
|
+
|
|
138
172
|
Logs and sandboxed tool output are not part of the response. Normal successful
|
|
139
173
|
tool execution does not print a landstrip response unless a write denial was
|
|
140
|
-
observed
|
|
141
|
-
|
|
174
|
+
observed, because standard error belongs to landstrip; standard output belongs
|
|
175
|
+
to the sandboxed tool.
|
|
142
176
|
|
|
143
177
|
## Trap FD
|
|
144
178
|
|
|
@@ -151,15 +185,53 @@ landstrip --trap-fd 3 -p policy.json cargo test 3>landstrip-traps.txt
|
|
|
151
185
|
```
|
|
152
186
|
|
|
153
187
|
Linux filesystem and network denials observed by the seccomp broker are
|
|
154
|
-
emitted with the same shapes as standard error:
|
|
188
|
+
emitted with the same object shapes as standard error:
|
|
155
189
|
|
|
156
190
|
```json
|
|
157
|
-
{
|
|
158
|
-
|
|
191
|
+
{
|
|
192
|
+
"Filesystem": {
|
|
193
|
+
"code": "FS_WRITE_DENIED",
|
|
194
|
+
"operation": "write",
|
|
195
|
+
"path": "/repo/out",
|
|
196
|
+
"requested_path": "out",
|
|
197
|
+
"syscall": "openat",
|
|
198
|
+
"errno": "EACCES",
|
|
199
|
+
"flags": [
|
|
200
|
+
"O_WRONLY",
|
|
201
|
+
"O_CREAT",
|
|
202
|
+
"O_TRUNC"
|
|
203
|
+
],
|
|
204
|
+
"reason": "not_in_allow_write",
|
|
205
|
+
"suggested_grant": {
|
|
206
|
+
"allowWrite": "/repo/out"
|
|
207
|
+
},
|
|
208
|
+
"mechanism": "seccomp",
|
|
209
|
+
"process": {
|
|
210
|
+
"pid": 1234,
|
|
211
|
+
"exe": "/usr/bin/sh",
|
|
212
|
+
"cwd": "/repo"
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
{
|
|
217
|
+
"Network": {
|
|
218
|
+
"code": "NET_CONNECT_DENIED",
|
|
219
|
+
"operation": "connect",
|
|
220
|
+
"target": "127.0.0.1:9999",
|
|
221
|
+
"syscall": "connect",
|
|
222
|
+
"errno": "EACCES",
|
|
223
|
+
"mechanism": "seccomp",
|
|
224
|
+
"process": {
|
|
225
|
+
"pid": 1234,
|
|
226
|
+
"exe": "/usr/bin/nc",
|
|
227
|
+
"cwd": "/repo"
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
}
|
|
159
231
|
```
|
|
160
232
|
|
|
161
|
-
The mechanism
|
|
162
|
-
|
|
233
|
+
The `mechanism` field records the kernel enforcement layer that detected the
|
|
234
|
+
denial (e.g. `seccomp` or `landlock`).
|
|
163
235
|
|
|
164
236
|
This stream is separate from the sandboxed tool's output. If the option is
|
|
165
237
|
omitted, landstrip is quiet unless it has to report a policy, launch, or
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@landstrip/landstrip",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.15.0",
|
|
4
4
|
"description": "Sandbox runner using Landlock, Seatbelt, and AppContainer",
|
|
5
5
|
"license": "Apache-2.0 AND LGPL-2.1-or-later",
|
|
6
6
|
"homepage": "https://github.com/landstrip/landstrip#readme",
|
|
@@ -24,10 +24,10 @@
|
|
|
24
24
|
"LICENSE-LGPL-2.1"
|
|
25
25
|
],
|
|
26
26
|
"optionalDependencies": {
|
|
27
|
-
"@landstrip/landstrip-darwin-arm64": "0.
|
|
28
|
-
"@landstrip/landstrip-darwin-x64": "0.
|
|
29
|
-
"@landstrip/landstrip-linux-x64": "0.
|
|
30
|
-
"@landstrip/landstrip-win32-x64": "0.
|
|
27
|
+
"@landstrip/landstrip-darwin-arm64": "0.15.0",
|
|
28
|
+
"@landstrip/landstrip-darwin-x64": "0.15.0",
|
|
29
|
+
"@landstrip/landstrip-linux-x64": "0.15.0",
|
|
30
|
+
"@landstrip/landstrip-win32-x64": "0.15.0"
|
|
31
31
|
},
|
|
32
32
|
"publishConfig": {
|
|
33
33
|
"access": "public"
|