Skip to content

fix(sandbox): allow spec-guard reads in rootfs#6

Merged
rschlaefli merged 1 commit into
mainfrom
fix/spec-guard-readable
Jun 29, 2026
Merged

fix(sandbox): allow spec-guard reads in rootfs#6
rschlaefli merged 1 commit into
mainfrom
fix/spec-guard-readable

Conversation

@rschlaefli

@rschlaefli rschlaefli commented Jun 29, 2026

Copy link
Copy Markdown
Member

What This Fixes

This PR changes the spec-guard binary mode from execute-only (0111) to readable/executable (0555) in the sandbox image build paths.

Why: staging KVM/nsjail execution failed before user code with execve('/usr/local/bin/spec-guard') failed: Permission denied. A live pod-local chmod to 0555 made the same API e2e suite pass across Python, NumPy, Node, Bun JavaScript, Bun TypeScript, and Bash.

How It Works

  • Updates api/Dockerfile, the image path used by the codeapi-sandbox-runner GitHub image workflow.
  • Mirrors the mode change in docker/Dockerfile.worker-sandbox and launcher/Dockerfile so the older/local sandbox image paths stay consistent.
  • Updates the CI spec-guard smoke to execute the binary after applying chmod 0555, matching the image mode.

Branch Coverage

  • Base: main
  • Head: e66f44f
  • Reviewed: 1 commit, 4 files changed, 7 insertions, 3 deletions.
  • Covered: sandbox image mode change, mirrored Dockerfile paths, CI smoke mode.

Review Focus

  • Confirm 0555 is acceptable for spec-guard in hardened KVM/nsjail mode.
  • Confirm keeping all Dockerfile copies aligned is preferable to only changing api/Dockerfile.

Verification

Current head:

  • git diff --check -> passed.
  • rg -n "chmod 0?111 /usr/local/bin/spec-guard|chmod 0?555 /usr/local/bin/spec-guard|chmod 0555 /tmp/spec-guard" .github/workflows/ci.yml docker/Dockerfile.worker-sandbox api/Dockerfile launcher/Dockerfile -> only 0555 matches in the changed paths.
  • GitHub CI: API Unit Tests -> passed (job).
  • GitHub CI: Service Unit Tests -> passed (job).

Earlier staging evidence:

  • Live API e2e suite initially passed auth/routing checks but every language execution returned sandbox code 255.
  • Sandbox-runner logs showed execve('/usr/local/bin/spec-guard') failed: Permission denied.
  • Temporary pod-local chmod 0555 /sandbox-rootfs/usr/local/bin/spec-guard on staging runner, then /tmp/codeapi-e2e.mjs -> 11/11 passed.

Not run:

  • Local gcc -O2 -static -Wall -Wextra -Werror -o /tmp/spec-guard api/src/spec-guard.c on macOS host -> failed because Linux header sys/prctl.h is unavailable. GitHub Linux CI should cover this.

Security / Privacy

  • Review: manual security-sensitive review only; this touches sandbox execution permissions.
  • Result: no secrets or private payloads included. The change makes the guard binary readable inside the image/rootfs, but keeps it non-writable and executable by all users.

Blocking Before Merge

None.

Follow-Up After Merge

  • Let Build CodeAPI Images publish the updated codeapi-sandbox-runner image from main.
  • Update df-cloud/helm image tag to the new commit SHA.
  • Sync staging and rerun /tmp/codeapi-e2e.mjs without the live pod chmod.

@rschlaefli rschlaefli marked this pull request as ready for review June 29, 2026 18:55
@rschlaefli rschlaefli merged commit 73292bd into main Jun 29, 2026
2 checks passed
@rschlaefli rschlaefli deleted the fix/spec-guard-readable branch June 29, 2026 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant