cloison-runtime 0.1.0

package/dist/sandbox/proxy-tools.js

@@ -0,0 +1,63 @@
+export function createProxyTools(peer) {
+    return [
+        {
+            name: "memory_search",
+            label: "Memory Search",
+            description: "Search your memory for relevant information. Returns matching memories ranked by relevance.",
+            parameters: {
+                type: "object",
+                properties: {
+                    query: { type: "string" },
+                    maxResults: { type: "number" },
+                },
+                required: ["query"],
+            },
+            async execute(_toolCallId, params, _signal, _onUpdate, _ctx) {
+                const results = await peer.call("memory.search", {
+                    query: params.query,
+                    maxResults: params.maxResults ?? 5,
+                });
+                return { resultForAssistant: JSON.stringify(results, null, 2) };
+            },
+        },
+        {
+            name: "memory_store",
+            label: "Memory Store",
+            description: "Store information in your memory for future reference. Use this to remember important facts.",
+            parameters: {
+                type: "object",
+                properties: {
+                    content: { type: "string" },
+                },
+                required: ["content"],
+            },
+            async execute(_toolCallId, params, _signal, _onUpdate, _ctx) {
+                const result = await peer.call("memory.store", {
+                    content: params.content,
+                });
+                return { resultForAssistant: JSON.stringify(result) };
+            },
+        },
+        {
+            name: "skill_execute",
+            label: "Execute Skill",
+            description: "Execute an enabled skill. Credentials are injected automatically by the platform.",
+            parameters: {
+                type: "object",
+                properties: {
+                    skillId: { type: "string" },
+                    params: { type: "object" },
+                },
+                required: ["skillId"],
+            },
+            async execute(_toolCallId, params, _signal, _onUpdate, _ctx) {
+                const result = await peer.call("skill.execute", {
+                    skillId: params.skillId,
+                    params: params.params,
+                });
+                return { resultForAssistant: JSON.stringify(result) };
+            },
+        },
+    ];
+}
+//# sourceMappingURL=proxy-tools.js.map

package/dist/sandbox/proxy-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-tools.js","sourceRoot":"","sources":["../../src/sandbox/proxy-tools.ts"],"names":[],"mappings":"AAoBA,MAAM,UAAU,gBAAgB,CAAC,IAAa;IAC5C,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,KAAK,EAAE,eAAe;YACtB,WAAW,EACT,6FAA6F;YAC/F,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAC/B;gBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;aACpB;YACD,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI;gBACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;oBAC/C,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC;iBACnC,CAAC,CAAC;gBACH,OAAO,EAAE,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;YAClE,CAAC;SACF;QACD;YACE,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE,cAAc;YACrB,WAAW,EACT,8FAA8F;YAChG,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAC5B;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;YACD,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI;gBACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;oBAC7C,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB,CAAC,CAAC;gBACH,OAAO,EAAE,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,CAAC;SACF;QACD;YACE,IAAI,EAAE,eAAe;YACrB,KAAK,EAAE,eAAe;YACtB,WAAW,EACT,mFAAmF;YACrF,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC3B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAC3B;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;YACD,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI;gBACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;oBAC9C,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;iBACtB,CAAC,CAAC;gBACH,OAAO,EAAE,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/sandbox/rootfs.d.ts

@@ -0,0 +1,20 @@
+import type { MountBind } from "./types.js";
+export interface RootfsOptions {
+    sandboxId: string;
+    workspaceDir: string;
+    nodeExecutable?: string;
+    /** Directory containing the worker script (src/ or dist/) */
+    projectDir?: string;
+    additionalBinds?: MountBind[];
+}
+export interface PreparedRootfs {
+    rootDir: string;
+    mounts: MountBind[];
+    cleanup(): void;
+}
+export declare function prepareRootfs(options: RootfsOptions): PreparedRootfs;
+export interface MountScriptOptions {
+    hasPidNamespace?: boolean;
+}
+export declare function buildMountScript(rootDir: string, mounts: MountBind[], options?: MountScriptOptions): string;
+//# sourceMappingURL=rootfs.d.ts.map

package/dist/sandbox/rootfs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rootfs.d.ts","sourceRoot":"","sources":["../../src/sandbox/rootfs.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAG5C,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,SAAS,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,SAAS,EAAE,CAAC;IACpB,OAAO,IAAI,IAAI,CAAC;CACjB;AAkBD,wBAAgB,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CA2IpE;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,SAAS,EAAE,EACnB,OAAO,CAAC,EAAE,kBAAkB,GAC3B,MAAM,CAoDR"}

package/dist/sandbox/rootfs.js

@@ -0,0 +1,247 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+import * as url from "node:url";
+import { escapeShellArg } from "../shared/index.js";
+const SYSTEM_READONLY_PATHS = [
+    "/usr",
+    "/lib",
+    "/lib64",
+    "/bin",
+    "/sbin",
+    "/etc/alternatives",
+    "/etc/ssl",
+    "/etc/ca-certificates",
+    "/etc/resolv.conf",
+    "/etc/hosts",
+    "/etc/nsswitch.conf",
+    "/etc/passwd",
+    "/etc/group",
+];
+export function prepareRootfs(options) {
+    const resolvedWorkspace = path.resolve(options.workspaceDir);
+    if (isSensitiveHostPath(resolvedWorkspace)) {
+        throw new Error(`workspaceDir "${options.workspaceDir}" references a sensitive host path`);
+    }
+    const rootDir = path.join(os.tmpdir(), "cloison-runtime-rootfs", options.sandboxId);
+    fs.mkdirSync(rootDir, { recursive: true });
+    const mounts = [];
+    for (const sysPath of SYSTEM_READONLY_PATHS) {
+        const stat = safeStat(sysPath);
+        if (!stat)
+            continue;
+        const targetInRoot = path.join(rootDir, sysPath);
+        if (stat?.isDirectory()) {
+            fs.mkdirSync(targetInRoot, { recursive: true });
+        }
+        else {
+            fs.mkdirSync(path.dirname(targetInRoot), { recursive: true });
+            safeTouch(targetInRoot);
+        }
+        mounts.push({ source: sysPath, target: targetInRoot, readonly: true });
+    }
+    const nodeExec = options.nodeExecutable ?? process.execPath;
+    const nodeDir = path.dirname(nodeExec);
+    const resolvedNodeDir = path.resolve(nodeDir);
+    if (isSensitiveHostPath(resolvedNodeDir)) {
+        throw new Error(`nodeExecutable directory "${nodeDir}" references a sensitive host path`);
+    }
+    const nodeDirInRoot = path.join(rootDir, nodeDir);
+    fs.mkdirSync(nodeDirInRoot, { recursive: true });
+    mounts.push({ source: nodeDir, target: nodeDirInRoot, readonly: true });
+    const nodeModulesPath = findNodeModules();
+    if (nodeModulesPath) {
+        const nmInRoot = path.join(rootDir, nodeModulesPath);
+        fs.mkdirSync(nmInRoot, { recursive: true });
+        mounts.push({ source: nodeModulesPath, target: nmInRoot, readonly: true });
+    }
+    if (options.projectDir) {
+        const resolvedProjectDir = path.resolve(options.projectDir);
+        if (isSensitiveHostPath(resolvedProjectDir)) {
+            throw new Error(`projectDir "${options.projectDir}" references a sensitive host path`);
+        }
+        const projInRoot = path.join(rootDir, options.projectDir);
+        fs.mkdirSync(projInRoot, { recursive: true });
+        mounts.push({ source: options.projectDir, target: projInRoot, readonly: true });
+    }
+    const wsInRoot = path.join(rootDir, options.workspaceDir);
+    fs.mkdirSync(wsInRoot, { recursive: true });
+    mounts.push({
+        source: options.workspaceDir,
+        target: wsInRoot,
+        readonly: false,
+    });
+    const tmpInRoot = path.join(rootDir, "tmp");
+    fs.mkdirSync(tmpInRoot, { recursive: true });
+    const devDir = path.join(rootDir, "dev");
+    fs.mkdirSync(devDir, { recursive: true });
+    for (const dev of ["null", "zero", "urandom", "random"]) {
+        const devPath = `/dev/${dev}`;
+        if (fs.existsSync(devPath)) {
+            const devInRoot = path.join(rootDir, "dev", dev);
+            safeTouch(devInRoot);
+            mounts.push({ source: devPath, target: devInRoot, readonly: true });
+        }
+    }
+    const procDir = path.join(rootDir, "proc");
+    fs.mkdirSync(procDir, { recursive: true });
+    const oldRootDir = path.join(rootDir, ".old-root");
+    fs.mkdirSync(oldRootDir, { recursive: true });
+    if (options.additionalBinds) {
+        const resolvedRoot = path.resolve(rootDir);
+        for (const bind of options.additionalBinds) {
+            const resolvedSource = path.resolve(bind.source);
+            if (isSensitiveHostPath(resolvedSource)) {
+                throw new Error(`additionalBind source "${bind.source}" references a sensitive host path`);
+            }
+            const targetInRoot = path.join(rootDir, bind.target);
+            const resolvedTarget = path.resolve(targetInRoot);
+            if (!resolvedTarget.startsWith(resolvedRoot + path.sep) && resolvedTarget !== resolvedRoot) {
+                throw new Error(`additionalBind target "${bind.target}" resolves outside rootDir`);
+            }
+            const srcStat2 = safeStat(resolvedSource);
+            if (!srcStat2) {
+                throw new Error(`additionalBind source "${bind.source}" does not exist`);
+            }
+            if (srcStat2.isSymbolicLink()) {
+                throw new Error(`additionalBind source "${bind.source}" is a symbolic link (not allowed)`);
+            }
+            if (srcStat2.isDirectory()) {
+                fs.mkdirSync(targetInRoot, { recursive: true });
+            }
+            else {
+                fs.mkdirSync(path.dirname(targetInRoot), { recursive: true });
+                safeTouch(targetInRoot);
+            }
+            mounts.push({ source: resolvedSource, target: targetInRoot, readonly: bind.readonly });
+        }
+    }
+    return {
+        rootDir,
+        mounts,
+        cleanup() {
+            try {
+                fs.rmSync(rootDir, { recursive: true, force: true });
+            }
+            catch {
+                // best effort
+            }
+        },
+    };
+}
+export function buildMountScript(rootDir, mounts, options) {
+    const esc = escapeShellArg;
+    const lines = [
+        "#!/bin/sh",
+        "set -e",
+        "",
+        `ROOTDIR=${esc(rootDir)}`,
+        "",
+        "# Make rootDir a mount point for pivot_root",
+        'mount --bind "$ROOTDIR" "$ROOTDIR"',
+        "",
+    ];
+    for (const mount of mounts) {
+        if (mount.readonly) {
+            lines.push(`mount --bind ${esc(mount.source)} ${esc(mount.target)}`);
+            lines.push(`mount -o remount,ro,bind ${esc(mount.target)}`);
+        }
+        else {
+            lines.push(`mount --bind ${esc(mount.source)} ${esc(mount.target)}`);
+        }
+    }
+    lines.push("");
+    if (options?.hasPidNamespace) {
+        lines.push("# Mount proc (PID namespace active)");
+        lines.push('mount -t proc proc "$ROOTDIR/proc" || { echo "WARNING: proc mount failed" >&2; }');
+    }
+    else {
+        lines.push("# No PID namespace: skip proc mount to prevent host process exposure");
+    }
+    lines.push("");
+    lines.push("# pivot_root: swap root filesystem");
+    lines.push('cd "$ROOTDIR"');
+    lines.push("pivot_root . .old-root");
+    lines.push("");
+    lines.push("# Unmount old root - fail-closed: abort if either unmount fails");
+    lines.push("umount /.old-root 2>/dev/null || umount -l /.old-root || { echo 'FATAL: cannot unmount old root' >&2; exit 1; }");
+    lines.push("# Verify old root is no longer a mount point");
+    lines.push('if mountpoint -q /.old-root 2>/dev/null; then');
+    lines.push('  echo "FATAL: old root still mounted after unmount" >&2');
+    lines.push("  exit 1");
+    lines.push("fi");
+    lines.push("# Verify old root directory is empty (fail-closed: ls errors also trigger abort)");
+    lines.push('if [ -d "/.old-root" ] && [ -n "$(ls -A /.old-root 2>&1)" ]; then');
+    lines.push('  echo "FATAL: old root still accessible after unmount" >&2');
+    lines.push("  exit 1");
+    lines.push("fi");
+    lines.push("rmdir /.old-root 2>/dev/null || true");
+    lines.push("");
+    return lines.join("\n");
+}
+function findNodeModules() {
+    const searchRoots = [
+        path.dirname(url.fileURLToPath(import.meta.url)),
+        process.cwd(),
+    ];
+    for (const start of searchRoots) {
+        let dir = start;
+        for (let i = 0; i < 10; i++) {
+            const nmPath = path.join(dir, "node_modules");
+            const stat = safeStat(nmPath);
+            if (stat && stat.isDirectory() && !stat.isSymbolicLink())
+                return nmPath;
+            const parent = path.dirname(dir);
+            if (parent === dir)
+                break;
+            dir = parent;
+        }
+    }
+    return null;
+}
+const SENSITIVE_HOST_PATHS = new Set([
+    "/",
+    "/root",
+    "/proc",
+    "/sys",
+    "/dev",
+    "/boot",
+    "/run",
+    "/var/run/docker.sock",
+    "/run/docker.sock",
+]);
+const SENSITIVE_HOST_PREFIXES = [
+    "/root/",
+    "/proc/",
+    "/sys/",
+    "/home/",
+    "/run/",
+    "/etc/shadow",
+    "/etc/sudoers",
+    "/etc/gshadow",
+    "/etc/master.passwd",
+    "/var/run/docker.sock",
+    "/run/docker.sock",
+];
+function isSensitiveHostPath(resolved) {
+    if (SENSITIVE_HOST_PATHS.has(resolved))
+        return true;
+    return SENSITIVE_HOST_PREFIXES.some((prefix) => resolved.startsWith(prefix));
+}
+function safeStat(p) {
+    try {
+        return fs.lstatSync(p);
+    }
+    catch {
+        return null;
+    }
+}
+function safeTouch(p) {
+    try {
+        fs.writeFileSync(p, "", { flag: "a" });
+    }
+    catch {
+        // best effort
+    }
+}
+//# sourceMappingURL=rootfs.js.map

package/dist/sandbox/rootfs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rootfs.js","sourceRoot":"","sources":["../../src/sandbox/rootfs.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAEhC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAiBpD,MAAM,qBAAqB,GAAG;IAC5B,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,OAAO;IACP,mBAAmB;IACnB,UAAU;IACV,sBAAsB;IACtB,kBAAkB;IAClB,YAAY;IACZ,oBAAoB;IACpB,aAAa;IACb,YAAY;CACb,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,OAAsB;IAClD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC7D,IAAI,mBAAmB,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CACb,iBAAiB,OAAO,CAAC,YAAY,oCAAoC,CAC1E,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CACvB,EAAE,CAAC,MAAM,EAAE,EACX,wBAAwB,EACxB,OAAO,CAAC,SAAS,CAClB,CAAC;IAEF,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC;YACxB,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9D,SAAS,CAAC,YAAY,CAAC,CAAC;QAC1B,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,QAAQ,CAAC;IAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9C,IAAI,mBAAmB,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CACb,6BAA6B,OAAO,oCAAoC,CACzE,CAAC;IACJ,CAAC;IACD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,EAAE,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAExE,MAAM,eAAe,GAAG,eAAe,EAAE,CAAC;IAC1C,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACrD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC5D,IAAI,mBAAmB,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb,eAAe,OAAO,CAAC,UAAU,oCAAoC,CACtE,CAAC;QACJ,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1D,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1D,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,MAAM,CAAC,IAAI,CAAC;QACV,MAAM,EAAE,OAAO,CAAC,YAAY;QAC5B,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC5C,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,KAAK,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,CAAC;QACxD,MAAM,OAAO,GAAG,QAAQ,GAAG,EAAE,CAAC;QAC9B,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;YACjD,SAAS,CAAC,SAAS,CAAC,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3C,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE3C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACnD,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9C,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,mBAAmB,CAAC,cAAc,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CACb,0BAA0B,IAAI,CAAC,MAAM,oCAAoC,CAC1E,CAAC;YACJ,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAClD,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,cAAc,KAAK,YAAY,EAAE,CAAC;gBAC3F,MAAM,IAAI,KAAK,CACb,0BAA0B,IAAI,CAAC,MAAM,4BAA4B,CAClE,CAAC;YACJ,CAAC;YAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,cAAc,CAAC,CAAC;YAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CACb,0BAA0B,IAAI,CAAC,MAAM,kBAAkB,CACxD,CAAC;YACJ,CAAC;YACD,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CACb,0BAA0B,IAAI,CAAC,MAAM,oCAAoC,CAC1E,CAAC;YACJ,CAAC;YACD,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC3B,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC9D,SAAS,CAAC,YAAY,CAAC,CAAC;YAC1B,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO;QACP,MAAM;QACN,OAAO;YACL,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,cAAc;YAChB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAMD,MAAM,UAAU,gBAAgB,CAC9B,OAAe,EACf,MAAmB,EACnB,OAA4B;IAE5B,MAAM,GAAG,GAAG,cAAc,CAAC;IAC3B,MAAM,KAAK,GAAa;QACtB,WAAW;QACX,QAAQ;QACR,EAAE;QACF,WAAW,GAAG,CAAC,OAAO,CAAC,EAAE;QACzB,EAAE;QACF,6CAA6C;QAC7C,oCAAoC;QACpC,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,gBAAgB,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACrE,KAAK,CAAC,IAAI,CAAC,4BAA4B,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,gBAAgB,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAClD,KAAK,CAAC,IAAI,CAAC,kFAAkF,CAAC,CAAC;IACjG,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACjD,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5B,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACrC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CAAC,iHAAiH,CAAC,CAAC;IAC9H,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IAC3D,KAAK,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,KAAK,CAAC,IAAI,CAAC,kFAAkF,CAAC,CAAC;IAC/F,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;IACnD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,WAAW,GAAG;QAClB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,EAAE;KACd,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,GAAG,GAAG,KAAK,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;YAC9C,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC9B,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;gBAAE,OAAO,MAAM,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,MAAM,KAAK,GAAG;gBAAE,MAAM;YAC1B,GAAG,GAAG,MAAM,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,GAAG;IACH,OAAO;IACP,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,sBAAsB;IACtB,kBAAkB;CACnB,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAG;IAC9B,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,OAAO;IACP,aAAa;IACb,cAAc;IACd,cAAc;IACd,oBAAoB;IACpB,sBAAsB;IACtB,kBAAkB;CACnB,CAAC;AAEF,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,IAAI,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS;IACzB,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,IAAI,CAAC;QACH,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC"}

package/dist/sandbox/seccomp-apply.d.ts

@@ -0,0 +1,9 @@
+import { type SeccompProfile } from "./seccomp.js";
+export declare function ensureSeccompLoader(): string | null;
+export declare function buildSeccompWrapperArgs(profile: SeccompProfile, sandboxId: string, command: string, args: string[]): {
+    command: string;
+    args: string[];
+    profilePath: string;
+} | null;
+export declare function isSeccompAvailable(): boolean;
+//# sourceMappingURL=seccomp-apply.d.ts.map

package/dist/sandbox/seccomp-apply.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seccomp-apply.d.ts","sourceRoot":"","sources":["../../src/sandbox/seccomp-apply.ts"],"names":[],"mappings":"AAKA,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,cAAc,CAAC;AA6MxE,wBAAgB,mBAAmB,IAAI,MAAM,GAAG,IAAI,CAMnD;AAED,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,cAAc,EACvB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,GACb;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAUjE;AAED,wBAAgB,kBAAkB,IAAI,OAAO,CAG5C"}

package/dist/sandbox/seccomp-apply.js

@@ -0,0 +1,227 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+import { execSync } from "node:child_process";
+import { createSubsystemLogger } from "../logging/subsystem.js";
+import { writeSeccompProfile } from "./seccomp.js";
+const log = createSubsystemLogger("seccomp-apply");
+// Real seccomp-BPF loader: applies PR_SET_NO_NEW_PRIVS + a BPF filter
+// that blocks dangerous syscalls (ptrace, mount, unshare, bpf, etc.)
+// with EPERM. Falls back to no-new-privs only if seccomp() syscall fails.
+const SECCOMP_LOADER_SOURCE = `
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stddef.h>
+#include <sys/prctl.h>
+#include <sys/syscall.h>
+#include <linux/seccomp.h>
+#include <linux/filter.h>
+#include <linux/audit.h>
+
+#ifndef SECCOMP_SET_MODE_FILTER
+#define SECCOMP_SET_MODE_FILTER 1
+#endif
+
+#if defined(__x86_64__)
+#define AUDIT_ARCH_CURRENT AUDIT_ARCH_X86_64
+#elif defined(__aarch64__)
+#define AUDIT_ARCH_CURRENT AUDIT_ARCH_AARCH64
+#else
+#error "Unsupported architecture for seccomp-BPF"
+#endif
+
+/* Blocked syscalls matching BLOCKED_SYSCALLS in seccomp.ts */
+static const int BLOCKED[] = {
+#ifdef __NR_ptrace
+    __NR_ptrace,
+#endif
+#ifdef __NR_mount
+    __NR_mount,
+#endif
+#ifdef __NR_umount2
+    __NR_umount2,
+#endif
+#ifdef __NR_pivot_root
+    __NR_pivot_root,
+#endif
+#ifdef __NR_chroot
+    __NR_chroot,
+#endif
+#ifdef __NR_reboot
+    __NR_reboot,
+#endif
+#ifdef __NR_kexec_load
+    __NR_kexec_load,
+#endif
+#ifdef __NR_init_module
+    __NR_init_module,
+#endif
+#ifdef __NR_finit_module
+    __NR_finit_module,
+#endif
+#ifdef __NR_delete_module
+    __NR_delete_module,
+#endif
+#ifdef __NR_acct
+    __NR_acct,
+#endif
+#ifdef __NR_swapon
+    __NR_swapon,
+#endif
+#ifdef __NR_swapoff
+    __NR_swapoff,
+#endif
+#ifdef __NR_bpf
+    __NR_bpf,
+#endif
+#ifdef __NR_userfaultfd
+    __NR_userfaultfd,
+#endif
+#ifdef __NR_perf_event_open
+    __NR_perf_event_open,
+#endif
+#ifdef __NR_unshare
+    __NR_unshare,
+#endif
+#ifdef __NR_setns
+    __NR_setns,
+#endif
+#ifdef __NR_keyctl
+    __NR_keyctl,
+#endif
+#ifdef __NR_request_key
+    __NR_request_key,
+#endif
+#ifdef __NR_add_key
+    __NR_add_key,
+#endif
+#ifdef __NR_process_vm_readv
+    __NR_process_vm_readv,
+#endif
+#ifdef __NR_process_vm_writev
+    __NR_process_vm_writev,
+#endif
+#ifdef __NR_personality
+    __NR_personality,
+#endif
+};
+
+#define N (sizeof(BLOCKED)/sizeof(BLOCKED[0]))
+
+static int apply_filter(void) {
+    /* BPF program: check arch, load nr, for each blocked: jeq->errno, default allow */
+    unsigned int len = 4 + N + 2;
+    struct sock_filter *f = calloc(len, sizeof(struct sock_filter));
+    if (!f) return -1;
+    unsigned int i = 0;
+    /* [0] load arch */
+    f[i++] = (struct sock_filter)BPF_STMT(BPF_LD|BPF_W|BPF_ABS, offsetof(struct seccomp_data, arch));
+    /* [1] check arch */
+    f[i++] = (struct sock_filter)BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, AUDIT_ARCH_CURRENT, 1, 0);
+    /* [2] kill on wrong arch */
+    f[i++] = (struct sock_filter)BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_KILL_PROCESS);
+    /* [3] load syscall nr */
+    f[i++] = (struct sock_filter)BPF_STMT(BPF_LD|BPF_W|BPF_ABS, offsetof(struct seccomp_data, nr));
+    /* [4..4+N-1] check each blocked: jt jumps to errno return at [4+N+1] */
+    for (unsigned int j = 0; j < N; j++) {
+        unsigned int jt = (unsigned int)(N - j); /* distance to errno instr */
+        f[i++] = (struct sock_filter)BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, (unsigned int)BLOCKED[j], jt, 0);
+    }
+    /* [4+N] allow */
+    f[i++] = (struct sock_filter)BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW);
+    /* [4+N+1] errno EPERM */
+    f[i++] = (struct sock_filter)BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|(EPERM & SECCOMP_RET_DATA));
+
+    struct sock_fprog prog = { .len = (unsigned short)i, .filter = f };
+    int ret = (int)syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, 0, &prog);
+    free(f);
+    return ret;
+}
+
+int main(int argc, char *argv[]) {
+    if (argc < 3) {
+        fprintf(stderr, "Usage: seccomp-loader <profile.json> <command> [args...]\\n");
+        return 1;
+    }
+    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
+        perror("prctl(PR_SET_NO_NEW_PRIVS)");
+        return 1;
+    }
+    if (apply_filter() < 0) {
+        fprintf(stderr, "seccomp-loader: BPF filter failed (errno=%d); continuing with no-new-privs only\\n", errno);
+    }
+    execvp(argv[2], &argv[2]);
+    perror("execvp");
+    return 1;
+}
+`;
+let loaderBinaryPath = null;
+function getLoaderDir() {
+    return path.join(os.tmpdir(), "cloison-runtime-seccomp");
+}
+function compileLoader() {
+    const dir = getLoaderDir();
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    const binaryPath = path.join(dir, "seccomp-loader");
+    const sourcePath = path.join(dir, "seccomp-loader.c");
+    if (fs.existsSync(binaryPath)) {
+        try {
+            const stat = fs.statSync(binaryPath);
+            if (stat.isFile() && (stat.mode & 0o100)) {
+                return binaryPath;
+            }
+        }
+        catch {
+            // recompile
+        }
+    }
+    fs.writeFileSync(sourcePath, SECCOMP_LOADER_SOURCE, { mode: 0o600 });
+    try {
+        execSync(`cc -o ${binaryPath} ${sourcePath} -static 2>/dev/null || cc -o ${binaryPath} ${sourcePath}`, {
+            timeout: 30_000,
+            stdio: "pipe",
+        });
+        fs.chmodSync(binaryPath, 0o700);
+        log.info("seccomp-loader compiled successfully (BPF filter enabled)");
+        return binaryPath;
+    }
+    catch (err) {
+        log.warn("failed to compile seccomp-loader (cc not available?)", {
+            error: String(err),
+        });
+        try {
+            fs.unlinkSync(sourcePath);
+        }
+        catch {
+            // best effort
+        }
+        return null;
+    }
+}
+export function ensureSeccompLoader() {
+    if (loaderBinaryPath && fs.existsSync(loaderBinaryPath)) {
+        return loaderBinaryPath;
+    }
+    loaderBinaryPath = compileLoader();
+    return loaderBinaryPath;
+}
+export function buildSeccompWrapperArgs(profile, sandboxId, command, args) {
+    const loader = ensureSeccompLoader();
+    if (!loader)
+        return null;
+    const profilePath = writeSeccompProfile(profile, sandboxId);
+    return {
+        command: loader,
+        args: [profilePath, command, ...args],
+        profilePath,
+    };
+}
+export function isSeccompAvailable() {
+    if (process.platform !== "linux")
+        return false;
+    return ensureSeccompLoader() !== null;
+}
+//# sourceMappingURL=seccomp-apply.js.map

package/dist/sandbox/seccomp-apply.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seccomp-apply.js","sourceRoot":"","sources":["../../src/sandbox/seccomp-apply.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAuB,MAAM,cAAc,CAAC;AAExE,MAAM,GAAG,GAAG,qBAAqB,CAAC,eAAe,CAAC,CAAC;AAEnD,sEAAsE;AACtE,qEAAqE;AACrE,0EAA0E;AAC1E,MAAM,qBAAqB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqJ7B,CAAC;AAEF,IAAI,gBAAgB,GAAkB,IAAI,CAAC;AAE3C,SAAS,YAAY;IACnB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IAEtD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACrC,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC;gBACzC,OAAO,UAAU,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;IAED,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,qBAAqB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAErE,IAAI,CAAC;QACH,QAAQ,CAAC,SAAS,UAAU,IAAI,UAAU,iCAAiC,UAAU,IAAI,UAAU,EAAE,EAAE;YACrG,OAAO,EAAE,MAAM;YACf,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAChC,GAAG,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QACtE,OAAO,UAAU,CAAC;IACpB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,sDAAsD,EAAE;YAC/D,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;SACnB,CAAC,CAAC;QACH,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,IAAI,gBAAgB,IAAI,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACxD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,gBAAgB,GAAG,aAAa,EAAE,CAAC;IACnC,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,OAAuB,EACvB,SAAiB,EACjB,OAAe,EACf,IAAc;IAEd,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;IACrC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC5D,OAAO;QACL,OAAO,EAAE,MAAM;QACf,IAAI,EAAE,CAAC,WAAW,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QACrC,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IAC/C,OAAO,mBAAmB,EAAE,KAAK,IAAI,CAAC;AACxC,CAAC"}

package/dist/sandbox/seccomp.d.ts

@@ -0,0 +1,13 @@
+export interface SeccompProfile {
+    defaultAction: "SCMP_ACT_ALLOW" | "SCMP_ACT_ERRNO" | "SCMP_ACT_KILL";
+    syscalls: SeccompRule[];
+}
+export interface SeccompRule {
+    names: string[];
+    action: "SCMP_ACT_ALLOW" | "SCMP_ACT_ERRNO" | "SCMP_ACT_KILL";
+}
+export declare function buildDefaultProfile(): SeccompProfile;
+export declare function buildRestrictedProfile(additionalAllowed?: string[]): SeccompProfile;
+export declare function writeSeccompProfile(profile: SeccompProfile, sandboxId: string): string;
+export declare function cleanupSeccompProfile(profilePath: string): void;
+//# sourceMappingURL=seccomp.d.ts.map

package/dist/sandbox/seccomp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seccomp.d.ts","sourceRoot":"","sources":["../../src/sandbox/seccomp.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,CAAC;IACrE,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,EAAE,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,CAAC;CAC/D;AA8ED,wBAAgB,mBAAmB,IAAI,cAAc,CAcpD;AAED,wBAAgB,sBAAsB,CACpC,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAC3B,cAAc,CAWhB;AAED,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,cAAc,EACvB,SAAS,EAAE,MAAM,GAChB,MAAM,CAMR;AAED,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAM/D"}